The Ministry of Science and ICT is pushing for the establishment of a forensics center that can quickly analyze server access records (logs) in the event of a hacking accident. This is a follow-up measure to the point that SK Telecom's hacking of USIM information is insufficient to secure digital evidence to determine the cause of the accident.
According to related industries on the 19th, the Ministry of Science and ICT will include the establishment of a forensics center in the final results of the SK Telecom hacking incident, which will be announced by the public-private joint investigation team at the end of June. The center is expected to be designed so that the government can directly participate in collection and analysis in addition to the server logs that companies keep on their own in the event of an accident.
This is to improve the current situation in which there is little data left in the event of a hacking accident due to the corporate practice of erasing log records after a certain period of time. It is expected that the forensic center set up by the government will be able to look into the company's log records more and faster when a company hacking accident occurs.
The private joint investigation team of the Ministry of Science and ICT, which is analyzing SK Telecom's server log, said that the company's log records only exist for five months from December 3, 2024, when the second interim investigation was announced on May 19. Since there is no log record from June 15, 2022, when the first malicious code was installed, to December 2, 2024, it is not known whether the data was leaked at this time. If the forensic center is established under the leadership of the government, such incidents are expected to decrease in the future.
According to the current Personal Information Protection Committee's 'Standards for Measures to Ensure the Safety of Personal Information', the personal information controller must store and manage the personal information processing system of the personal information handler for at least one year. However, if personal information about more than 50,000 data subjects is processed, it must be stored for at least two years. In addition, the Information and Communication Network Act and the Personal Information Protection Act also set the number of years for storing log records of companies, which are different.
An industry official explained, "Although there are various types of servers and logs, we keep access records and system access rights logs for two to three years according to related laws such as the Information and Communication Network Act and the Personal Information Protection Act."
The industry is in a welcoming mood for now. Another official said, "There have been many situations where the private sector has played separately when hacking accidents occur," adding, "It can be very helpful if the forensics center is established as a control tower."
However, there are concerns about side effects. "Forensics is a process for post-mortem analysis. If companies are provided with forensics for free, they may lose sense of responsibility," said a professor in charge of security research. "We need to look into the situation more closely before pursuing policies." "The log records are sensitive to companies, but if the government looks into them, it could be a burden on companies," a company source said.
The Ministry of Science and ICT believes that nothing has been decided immediately as a review to strengthen cybersecurity capabilities. An official from the Ministry of Science and ICT said, "It seems to have been mentioned while considering improving laws and regulations after the SK Telecom incident," adding, "It has not been finalized yet."
However, the Ministry of Science and ICT reaffirmed its commitment to build a forensic center by reporting to the State Planning Commission on the previous day as one of the measures to expand the nation's cyber security capabilities in 2026 after the SK Telecom incident. The estimated budget is +15 billion won.
fun3503@chosunbiz.com
- Yes24 'Hacking Concealment and False Explanation'
- SKT's Return Is Winding the Industry's Wits
- ISMS certification to prevent carrier accidents
- Will SKT Pay Biggest Penalty Ever
- A "blind man" who doesn't know if there's an intruder or a leak
- Samsung's foldable phone is released in line with the abolition of the Terminal Distribution Act
- Emphasis on payment of compensation from agents to customers
- “Increase investment in AI and security”
- Korea Communications Commission suspended due to one-man system