NIS seeks broader authority to probe suspected foreign cyberattacks on firms
· UPIMay 19 (Asia Today) -- South Korea is moving to expand the authority of the National Intelligence Service to investigate suspected cyberattacks targeting private companies, even before links to foreign governments or international hacking groups are conclusively proven.
The push comes as cyber threats against South Korean businesses continue to rise and concerns grow over delayed detection of data breaches that officials say could threaten national economic security.
A revision to the National Intelligence Service Act passed through the National Assembly's Intelligence Committee on May 7 would formally include "economic security" within the agency's scope of duties. The amendment would also allow the agency to respond to cyber incidents that show signs consistent with attacks by foreign states or international hacking organizations.
The measure is expected to provide legal backing for a government-wide cybersecurity strategy announced jointly last year by the Ministry of Science and ICT, the National Security Office and the intelligence agency.
Under the proposed framework, the National Cyber Security Center under the intelligence agency would be allowed to monitor potential data leak risks and conduct investigations involving private-sector targets when foreign-backed cyber activity is suspected.
Previously, the agency could not directly intervene in cases involving private companies unless a North Korean or foreign-state connection had already been clearly established.
The government says the change is needed because many companies fail to detect intrusions quickly enough on their own.
South Korea's Personal Information Protection Commission said private-sector reports of personal data leaks rose to 319 cases last year, up 57% from 203 cases a year earlier.
Cyberattacks targeting companies also increased sharply, from 640 cases in 2021 to 1,887 in 2024, according to government data. Officials said many of the attacks targeted sectors tied to national supply chains and economic security, including information technology, manufacturing and construction.
Security company SK Shieldus estimated that small and midsize South Korean companies took an average of 106 days to detect a cyber intrusion between 2021 and last year, with some attacks remaining undiscovered for as long as 700 days.
Officials warned the reported figures may represent only a fraction of actual cyber intrusions because many attacks may never be identified or disclosed.
Separately, the Personal Information Protection Commission announced plans last week to shift toward a prevention-focused system that would allow proactive government inspections of private-sector data protection practices. Companies that violate information security rules could face punitive fines of up to 10% of revenue under the proposal.
Analysts say stronger intelligence-sharing and overseas cyber threat monitoring capabilities will likely become increasingly important as state-backed hacking groups expand operations.
Kim Hyun-joong, a researcher at the Institute for National Security Strategy, said South Korea's intelligence system should evolve from a traditional military and counterespionage model into one focused more broadly on economic security.
"At the same time, legal clarity regarding the scope of authority, democratic oversight by elected officials and cooperation between the public and private sectors must also be secured," Kim wrote in a recent report.
A source familiar with intelligence agency operations said the new authority should not be interpreted as domestic surveillance of private companies.
"In the past, even if attacks were strongly suspected to involve North Korean or international hacking groups, the intelligence agency was excluded unless responsibility could be definitively established," the source said. "The intent is not intervention in private business activities, but enabling normal investigative authority regarding external threat actors."
-- Reported by Asia Today; translated by UPI
© Asia Today. Unauthorized reproduction or redistribution prohibited.
Original Korean report: https://www.asiatoday.co.kr/kn/view.php?key=20260518010004942