• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.45-52
• /
• 2017

The Cybersecurity Information Sharing Act(CISA) of 2015, enacted in December 2015, is one of the greatest achievements of cybersecurity legislation in the United States. The promotion of cybersecurity information sharing is one of the tasks to improve cybersecurity governance in Korea. So it is an important issue to be addressed in cybersecurity legislation in Korea in the near future. CISA has many implications for cybersecurity legislation in Korea. Nevertheless, it is difficult to find preceding research that explain the content of CISA and study its normative meaning in Korea. Therefore, in this paper, the contents of the CISA is identified and its normative meaning and implication is found in five categories: definition of terms, establishment of information sharing procedures and conditions, promotion of voluntary information sharing by the private sector, checks on the executive branch and report to the Congress, and other matters. CISA facilitates information sharing based on willingness, while eliminating the side effects that may arise in the information sharing process. It is necessary to appropriately apply the good points of CISA to the cybersecurity legal system in Korea.

• Journal of Legislation Research
• /
• no.54
• /
• pp.155-192
• /
• 2018

As the 'hyper-connected society' has emerged through the 'Fourth Industrial Revolution, public interests as well as social dangers have increased. Above all, the risk of infringement of information, including confidential personal information, is dramatically increasing. As the hyper-connected society has been realized, even if only one of the internet devices is hacked, there would be a danger that the ripple effect of such a hacking spreads to the whole network. Therefore, the necessity and importance of information security, including cybersecurity, has been increasing. In other words, the stability of cyberspace and internet space is becoming more important. As a result, the Korean government is seeking to build a legal system related to information security, which would be able to cope with the information infringement problem in the hyper-connected society. However, it seems that the government is still struggling with the direction of building such a legal system. In this context, a comparative review examining the legal systems of advanced foreign countries will provide meaningful implications as to what kinds of legal policies we should devise and implement for information security. In particular, the U.S. legislative act that actively responds to the cybersecurity violations is worthy of reference. For this reason, this article systematically analyzes the current status of the U.S. cybersecurity laws. Especially, this article focuses on the "Cybersecurity Information Sharing Act of 2015"(hereinafter "CISA"), that was recently enacted by the U.S. congress. The CISA prescribes the systemic and detailed information-sharing between national and private entities. The CISA, that actively promotes information-sharing, is full of suggestions for us, in that information-sharing is an effective way to properly realize information security in today's hyper-connected society.