[PRO]NIS plays an important role

The ruling party is pushing to establish a law about managing cyberattacks, and the debate has become a hot topic in Korean society. After the massive cyberattacks on July 7, 2009, lawmakers once tried to create a similar law, but the attempt failed because concerns grew that the National Intelligence Service (NIS) could become “Big Brother.” Since then, we have seen diversified cyberattacks such as the network paralysis of NH Bank in 2011 and massive hacking of the JoongAng Ilbo in 2012. The public now sees crimes and terrorism in cyberspace as a tangible threat amounting to a serious provocation.

In order to establish a law governing a national cybercrisis, we need to consider a few things. First, we cannot deny that a comprehensive and effective solution is needed to counter a cybercrisis. Cyberattacks take place recklessly against not only the military but also the economy and society, and they can all take place at the same time. The recent attacks on major broadcasters and some banks showed that such attacks are possible in other areas as well. Therefore, the government must respond comprehensively and effectively to a cybercrisis.

Second, no one can deny that the government’s responses to cyberattacks must be grounded in law. The legal basis for cybersecurity management currently exists in guidelines for national crisis management, but there is nothing but a mere presidential instruction. Typically, these instructions are used to stipulate the powers of a low-level authority, but it is not law. Saluting the national flag during the Pledge of Allegiance is a good example of a presidential instruction.

It is embarrassing as a law-governed country to respond to a cybercrisis based on presidential instruction, not law. Korea will host the Conference on Cyberspace this year after the previous meetings in London and Budapest. We must quickly establish a law to counter cyberattacks. The sincerity of the National Assembly and the government will be questioned if the legal measures against cyberattacks remain extremely weak.

Third, the more important problem is determining who will lead government countermeasures against a cybercrisis under the new law. Protests against creating the law are focused on the role of the NIS. The protesters worry that the NIS will control all information and become “Big Brother.”

Any government organ that will primarily implement the law will face the same criticism, but such power comes with the nature of the job. Someone has to take a leading role. The Ministry of National Defense, the Korea Communications Commission and the police must perform their duties against cyberattacks or threats, and the NIS also needs to play a role. The concerns that the NIS will abuse its power and become “Big Brother” must be resolved by creating a proper law.

We are already living under the everyday threat of a cyberattack. Everyone expects that a new attack will take place, and the government must create a response system to counter the possibility.

The key to the response system will be establishing a law. The National Assembly and the government must introduce a law for the sake of the people so that the country can counter a cybercrisis properly.

Translation by the Korea JoongAng Daily staff.

*The author is a professor at the graduate school of law of Korea University.

by Park No-hyoung