Public anxiety is growing after the personal data leak at Lotte Card following KT. But the government, which should be stepping in to resolve the crisis, is floundering. Because security management and response authority are split among government agencies, coordinated action is faltering, and with no control tower, a pan-government plan has yet to be drawn up, deepening the confusion.
The biggest problem is the "silo" between agencies. Currently, hacking and other breaches and data leaks in the financial sector are handled by the Financial Security Institute, while those at nonfinancial corporations are handled by the Korea Internet & Security Agency (KISA). The Financial Security Institute is under the Financial Services Commission, and KISA is under the Ministry of Science and ICT. Even though damage from hacking incidents mixes financial and nonfinancial elements, this structure means information sharing, cooperation, and initial response between the two agencies and their ministries are not proceeding smoothly.
The social inefficiency is also significant. On the 23rd at 10 a.m., People Power Party lawmakers on the National Assembly's Political Affairs Committee, including Chair Yoon Han-hong, held a meeting on the Lotte Card hacking incident. Lotte Card CEO Cho Jwa-jin and MBK Partners Vice Chairman Yoon Jong-ha attended and reported the circumstances of the incident, measures to protect victims, and plans to prevent a recurrence. The same briefings and reprimands are set to be repeated tomorrow. Along with CEO Cho, MBK Partners Chairman Kim Byung-ju is scheduled to attend a hearing on the 24th convened by the National Assembly Science. ICT. Broadcasting. and Communications Committee to investigate alleged hacking incidents at telecom and financial companies. Because the responsible ministries differ, each standing committee is responding separately, raising concerns that dispersed information could only add to the confusion.
This discord was clearly evident at the "joint briefing by the Ministry of Science and ICT and the Financial Services Commission for hacking response" held on the 19th. Contrary to the name of a joint briefing, the second vice minister of the Ministry of Science and ICT explained the KT hacking incident, while the vice chairman of the Financial Services Commission explained the Lotte Card incident, and they stopped at announcing separate measures. There was no explanation of what comprehensive, pan-government measures were being considered. In the end, the previous day, Prime Minister Kim Min-seok convened an emergency meeting on pending issues and said the National Security Office would establish cross-ministerial measures, adding, "Related ministries should reflect deeply on whether these successive hacking incidents stem from complacent responses and conduct an overall review."
This is bolstering calls to quickly set up a security control tower. Some argue Korea should create a presidentially affiliated "Cybersecurity Agency," modeled on the U.S. Cybersecurity and Infrastructure Security Agency (CISA). People Power Party lawmaker Yoo Yong-won in Jul. introduced the National Cybersecurity Act, with the creation of a Cybersecurity Agency as a key provision. People Power Party lawmaker Choi Su-jin said, "The Ministry of Science and ICT, the Financial Services Commission, the Ministry of the Interior and Safety, and the Korean National Police Agency should be required to share information for hacking responses," and added, "KISA should be designated as the technical analysis and international response channel for all hacking incidents in Korea."