These days, risks of hacking, DDoS attack and other cyber trespass including so called ‘7·7 DDoS’ in 2009 are increasing. In particular, the cyber trespass has disclosed an individual's resident registration number, ID and password, etc to pursue monetary benefit to increase risk more than before, and personal information disclosed has been secretly sold to produce problems. And, cyber trespass against information and communication infrastructure of public organizations is increasing: In particular, hacking against government organization is increasing approximate 300% every year to be likely to paralyze government organizations. For instance, 7·7 DDoS attack in 2009 temporarily paralyzed important web sites of Cheongwadae and financial organizations, and similar cyber attack occurred during same time period this year despite countermeasure. DDoS makes use of zombie PC that has been given malicious codes: So, and effective action cannot be taken.
The government reenacted the Act on Information Promotion to enact the Act on Government Information and to supplement the regulations of government cyber safety control and to check overall legal systems of cyber risk control: And, the Internet Trespass Counteraction Center of the Korea Internet Security Agency(KISA) controlled private areas, and the Government Cyber Safety Center of the National Intelligence Service(NIS) did government and public organizations and the Cyber Headquarters of the Ministry of Defence did defense areas so that general counteraction system of government, military and private area has been established. Even if the government greatly revised legal system against either cyber trespass, it could not prevent crimes nor detected criminals because of physical, technical and systematic limitations: As a result, not only people but also the government felt uneasy continuously.
The purpose of this study was to build up cyber safety system against cyber crisis that was made because of cyber trespass, cyber attacks and associated crisis. The author researched by sharing roles with other researchers and adopted law methodology and investigated types, current status, comparison and empirical status in multi-sided and three dimensional way.
The theoretical investigation was done based on theory of classification: As a result, fighting rules against cyber war were not enough and counteraction against source of enemy's server and infrastructure was not good. So, the study argued that investment and manpower were needed to protect information at private areas. And, the study investigated legal system of cyber safety based on interpretation of criminal law. The cyber trespass expanded concept of cyber terror and cyber war to exceed level at the enactment of criminal law in 1995, so that conventional interpretation of the criminal law concerning civil commotion and foreign invasion had limitation and new interpretation on traffic obstruction and other public safety was needed.
This study investigated status of counteraction system of cyber trespass of government organizations such as National Intelligence Service (NIS), Korea Communications Commission and Police Agency, etc. Based on analysis on counteraction system of NIS, the study examined legal status of organizations and systems that could play an important role at counteraction, and suggested sharing of information between concerned organizations, improvement of legal system of forecast and alarm system, researches from point of view of mid-term and long-term and support of budget, recruitment of experienced professionals, actual international cooperation, and build up of national crisis control system, etc. And, based on analysis on counteraction system of Korea Communications Commission, the study suggested improvement and coordination of information, improvement and adjustment of information protection administration, national security oriented information security policy and electronic government, differentiation of information protection policy of e-commerce and other general areas and build up of general command and supervision system based on the President Team.
On the other hand, based on analysis on counteraction system, the study suggested build up of cooperative model of information exchange between counteraction organization of trespass accident and police agency, preliminary detection of follow-up investigation, conversion into early action cyber investigation system, expansion of organization and functions of policy agency as well as local policy agency that could prevent cyber trespass, recruitment of private IT professionals, improvement of punishment laws and regulations of cyber crimes, revision of digital evidence related laws and regulations of the Criminal Procedure Act, development of the program that could solve phenomenon that civilians were reluctant to report, and build up of public security and cyber governance system that university, citizens and non-government organizations, etc. The study investigated international cooperation of cyber investigation. Based on the analysis result, the study suggested establishment of interpol cyber crime center that could play a role at removal of cyber crime in international society. The study investigated counteraction system against cyber attack in advanced countries such as the United States, the UK, Germany, France and Japan by using comparative method. The study compared counteraction system of the United States that was a model case with that of Korea: Legal system that could support cooperative system between organizations should be made to avoid disturbance of the policy, and R&D policy of national cyber security should be strengthened and local and international anti-terror network should be established and legal system needed to improve it. The empirical analysis investigated national statistics as well as professionals' cognition. The study investigated actual conditions of safety by each type and area based on national statistics: For instance, malicious code hidden of homepage that attempted to attack application programs, threat by malicious code that aimed at obtaining of monetary benefits, distribution of malicious codes by using social issue and events, technology that could prevent high level of analysis, automation tools that could produce large quantity of malicious code, and threat of cyber trespass from foreign countries, etc. And, the study investigated cognition of working staffs of information and security of public organizations to find out problems: for instance, low standards deciding upon either safety or crisis at practical affairs, difficulties at build up of high cost information security system at private sector, environment that could threaten cyber safety in accordance with use of Internet real name identification system and other identification system, and inefficiency of weighted punishment against critical cyber trespass, etc.
Furthermore, degree of cyber risk could be tested to differentiate counteraction system of cyber risks. The study suggested ‘national cyber crisis control’ based on NIS subject to not only 'connection program with national disaster control system' but also cyber crisis environment to build up national cyber risk control system. And, to build up cyber safety environment and expand infrastructure, the study suggested training and recruitment of professionals and experts, research and development, budgeting for information protection, and lessening of collection and storage of unnecessary personal information. The study suggested cyber investigation system based on policy agency's analysis on counteraction system, and raised problem of unification of first investigation on-the-spot that could attain efficiency.
The study examined discussion and alternatives to build up cyber safety system. In the 21st century, cyber safety has been important because of rapid change of scientific technology and communication environment. And, uneasiness and unknown risks exist because of rapid changes of environment. State-of-the-art area was discussed and associated systems and technologies were not equipped enough. The university and practical working groups should research and develop policies to find out intelligent counteractions on exceptional limitation one by one to overcome uneasiness and crisis of both people and the government.