Financial Institutions Required to Separate Business Intranet, Internet Networks to Ensure Cyberspace Security
FSC, FSS come up with a package of steps to reinforce financial on-line security surveillance
Lee Byung-rae, director general of financial services at
the Financial Services Commission (FSC). (photo: FSC)
From now on, financial companies will be required to separate their companywide business network and internet network. Thirty-six financial institutions with more than 10 trillion won in assets and over 1,500 employees will have to hire a chief information security officer (CISO) for at least a given term. Financial authorities are seeking to inaugurate a joint backup center among financial institutions designed to cope with cyberspace assaults, earthquakes, and terrorist attacks.
The Financial Services Commission (FSC) and the Financial Supervisory Service (FSS) announced a package of steps to reinforce financial on-line security surveillance. Financial regulators, financial companies, and IT business circles have established and operate a financial on-line security task force in the wake of the March 20 disruption of financial institutions, including Nonghyup Bank, Shinhan Bank, and Jeju Bank by hacker attacks.
Financial regulators ordered financial institutions to operate their on-line business network independently of the Internet network on a gradual basis in consideration of the size of assets and the number of employees, said Lee Byung-rae, director general of financial services at the FSC. Financial computation centers will be divided into business intranet networks and those with an internet connection. Headquarters and branch outlets will go into this separation gradually in accordance with guidelines to be worked out in the second half of the year.
The FSC plans to seek a revision of the Act on Electronic Financial Transactions by the end of next year, which would introduce the CISO system and mandate a given enforcement period. Currently, each financial institution has their chief information officer serving concurrently as the CISO, taking responsibility for all on-line accidents. To fix the current situation in which more responsibility is given rather than more authority, the proposed revision would stipulate that the CISOs would be granted immunity, encouraging their morale.
Financial regulators seek to establish a financial institutions¡¯ 3rd on-line backup center on top of the existing 2nd back-up center for recovery after natural disasters, as the United States and Israel do. Those nations have a 3rd on-line backup center in the form of an underground bunker dug under a closed mine. Jun Yo-sup, director of the Electronic Finance Division at the FSC, said a task force will be formed on the issue of establishing a 3rd electronic backup center for financial institutions, and the opening of such on-line backup centers will be expanded to other business sectors.
All financial institutions providing electronic financial services will be connected with the Information Sharing & Analysis Center (ISAC), operated by Korea Financial Telecommunications & Clearings Institute and Koscom to conduct real-time surveillance. Financial regulators have decided to build a system in which information about malignant codes collected by each financial institution can be shared with each other.
Financial authorities plan to stiffen the punishment for failing to take security measures. The FSC plans to work out guidelines for suspending operations of financial institutions found failing to ensure cyberspace safety for up to six months. Financial institutions found to be frequently involved in massive electronic accidents will be subjected to reinforced surveillance.
The FSC plans to clarify the duties and responsibilities of the electronic management of information between financial institutions and their holding companies, between IT companies and sister companies, and between financial institutions and their sister companies. CEOs will be obligated to confirm on-line security plans and sign off on them, making them responsible.
The percentage of on-line financial transactions reached 87.7 percent as of March 2013. Internet banking subscribers, including multiple users, numbered 89.4 million while mobile banking subscribers totaled 40 million. Average daily transactions total as much as 33.08 trillion won.