사이버보안 법제에 관한 연구

Abstract

Cyber security prevents the integrity and confidentiality of the information that is collected, processed, stored, browsed, transmitted, and received throughout the network from safety threatening actions such as damage, falsification, and leakage. The use of computer has expanded widely and most computers are now interconnected via internet. Accordingly, the act of violating cyber security has become a crime that invades the legally protected social interests such as public safety and public confidentiality rather than simply invading the interests of individuals. Protecting the cyber security has thus become a public mission to safeguard the important legally protected social interests - the public safety and public confidentiality of electronic information. A legislation for the protection of such interests can be studied in two areas: the prevention and the punishment. The preventive legislation is constituted in ① info-communications infrastructure protection law for protecting the info-communications infrastructures, ② information-network law for protecting the information-network and its information, and ③ national cyber safety management standards for protecting the national cyber safety. Currently, the main bodies that operate such legislation are all organized in committee. For example, Info-communications Infrastructure Protection Committee and Communications Commission. However, cyber security tasks require prompt action once the attack occurs or is imminent and it would be difficult for a committee, the meeting-based organization, to operate such tasks on time. Therefore, it would be much efficient if the security tasks were operated by independent offices as of in Germany. The punitive legislation is essential in terms of crime prevention. All types of cyber security violations have been categorized and reviewed and it seems there is not a single type which the penalty does not cover. However, such penalties are distributed into criminal law and several special laws and arise problems by making it harder to understand penalty clauses. The more actual problem linked to punishment is the anonymity of the cyber space. To overcome this problem, distinct IP needs to be assigned to each of all the internet terminals that are based on IPv6. Also, in order to overcome spatial limitlessness of the cyber space, international investigative cooperation system has to be devised. On the other hand, these solutions require some time and are not even actively promoted at the time being. Therefore, before legislative and technical complementary measures for specifying an offender is developed, more investment should be made on the prevention.