To cooperate with the Ministry of Science and ICT, NIS (National Intelligence Service), and the Ministry of Economy and Finance
To expand infrastructure and strengthen security throughout the supply c
The government will promote the enactment of 'Basic Cybersecurity Act' (tentative) that synthesizes and systematizes the cyber security legal system stipulated by each sector. It will distribute 'data safe' solution that supports data backup, encryption, and recovery of small and medium-sized enterprises, and expand the public and private security information sharing system. This is part of the first government-wide joint response plan prepared against the increasing number of ransomware.
The Ministry of Science and ICT established a 'Ransomware Response Reinforcement Plan' together with the National Intelligence Service, Ministry of Economy and Finance, Ministry of Foreign Affairs, Ministry of National Defense, Ministry of Trade-Industry and Energy, Ministry of Health and Welfare, the Ministry of SMEs and Startups, Financial Services Commission, and the National Police Agency, and announced the plan at the meeting of 42ndEmergency Economy Central Countermeasures Head-quarters Meeting on the 5th. The measures consist of three pillars: Preemptive preventive support for national critical infrastructures, companies, and citizens; Support for entire accident response cycle including information sharing, damage support, and investigations; and the enhancement of core response capabilities against evolving ransomware.
First, the government will arrange procedures for expanding infrastructures. It will review adding an autonomous driving control system with oil refiners to major ICT infrastructures that are obliged to establish and implement information protection measures, which will include the 'establishment of backup system' and 'business continuity plan' to prevent ransomware. The government will expand emergency infrastructure inspection and simulation training, and improve the system to request on-site inspections and improvement of vulnerabilities. In addition, a security check system for SW and system developers installed in infrastructure will be established for supply chain security. The 'SW Development Security Hub' located in Pangyo, Bundang-gu, Seongnam-si, Gyeonggi-do will support security reinforcement for the entire development cycle from SW and solution design to distribution.
To enhance cyber security of research institutes, government-funded research institutes and 4 major science and technology institutes will introduce a self-diagnosis system that constantly checks and analyze servers for R&D and strengthen simulation training.
'Data safes' will be distributed to SMEs to provide systematic support for data backup as well as data encryption and recovery. While strengthening support for security solutions for SMEs, a 'ransomware response package' including mail security software and vaccine, detection, and blocking software will be supplied. Apart from government support, private security companies (11) will also participate in free support for security solutions for small businesses. Anti-ransomware software related to COVID-19 vaccination will be provided free of charge to inoculation clinics.
For the public, the 'My PC Care Service' will be used to remotely check vulnerabilities and support improvement. Also, the private (C-TAS) and public (NCTI) cyber threat information sharing systems will be organically linked with the Information Sharing Analysis Center (ISAC) for each sector, such as medical care and finance. More companies in various fields, such as manufacturing and distribution, will also participate in cyber threat information sharing systems.
Threat information detected from 20,000 websites and collected from abroad will be shared with the private sector, to share ransomware information among countries through major countries’ Internet Security Organizations (CERTs) and cyber security councils. A 'national damage support system' will be built using 10 local information protection centers. No matter where ransomware occurs in any part of the country, personnel and equipment will be quickly dispatched to the site to assist the affected company. Also, monitoring and investigation of hacking organizations will be strengthened to prevent secondary damage. Through dark web monitoring, surveillance of hacking groups will bereinforced, and victims’ personal information exposed on the dark web will be quickly shared with relevant ministries to prevent secondary damage. The Cyber Terror Investigation Team of the National Police Agency and Metropolitan Police Agencies will form an investigation system dedicated to combatting ransomware and expand investment in technology to detect and block various ransomware faster and develop recovery technology. Ransomware crime investigation capabilities will be strengthened by developing technology to trace the source of hacking organizations and the flow of virtual assets.
Furthermore, the government will be promoting the enactment of the Cyber Security Framework Act, which systematizes the cyber security legal system stipulated for each public and private sector. The Basic Act contains measures to systematically manage and operate the cybersecurity field that has spread to all sectors of society, such as establishing a basic plan, strengthening the public-private cooperation system for information sharing, and consolidating infrastructure management. A higher number of Research institutes, local governments, and local SMEs will also engage in 'Ransomware Response Council', which is currently run mainly by security companies in the metropolitan area.
Minister of Science and ICT Hye-sook Lim said, “As a single ransomware attack can cause enormous damage to society as a whole, we will build a digital environment where people and businesses can feel safe by strengthening countermeasures against ransomware without any setbacks and delays.”
Reporter Dain Oh (ohdain@etnews.com)