With a series of recent large-scale hacking and personal data leak incidents, legislation is being pursued to strengthen the log management system that serves as the basis for identifying causes and preventing the spread of damage when a cyber incident occurs.

Democratic Party lawmaker Cho In-cheol (조인철) said on March 30 he has introduced an amendment to the Act on Promotion of Information and Communications Network Utilization and Information Protection and related matters. The bill would strengthen information and communications service providers' obligation to retain log records and require immediate preservation of related servers as evidence when a cyber incident occurs.

Current law sets out protective measures to ensure the safety of information and communications networks, but there have been criticisms that it lacks sufficiently explicit and specific standards for retaining logs, which are essential for identifying the cause of incidents and preventing damage from spreading. As a result, cases have occurred in which key logs are not left after an incident or analysis is delayed, and criticisms have been raised that corporate response accountability and the credibility of government investigations also decline.

The amendment focuses on institutionalising log management, described as key infrastructure for responding to cyber incidents, to address these problems. Its main measures include setting a mandatory log retention period for information and communications service providers above certain criteria, immediately preserving the relevant server as evidence when hacking or other incidents are confirmed, and imposing administrative fines for failing to keep log records.

It also requires that when a joint public-private investigation team probes the cause of a cyber incident, it must submit at least 1 interim report on the investigation to the competent standing committee of the National Assembly to increase transparency, and also report the investigation results.

Cho said, "If logs are not left after a hacking incident or evidence is not preserved in time, it is difficult to properly determine the cause and responsibility." He added, "I hope this amendment will serve as an opportunity to raise the cyber security response system by one step."