DistantNews
Support us
๐Ÿ‡ฐ๐Ÿ‡ท South Korea /Technology

South Korea eases financial network security rules to embrace AI

From Hankyoreh · () Korean

Translated from Korean, summarized and contextualized by DistantNews.

At a glance

News Named sources New plan
  • South Korea's Financial Services Commission (FSC) is easing regulations on network segmentation for financial institutions, allowing AI-driven security measures.
  • The current 13-year-old network segmentation rule, designed to isolate internal systems from external networks, is being re-evaluated due to evolving financial and technological landscapes.
  • This regulatory shift aims to enhance security capabilities by enabling the use of advanced technologies like AI, but it also increases financial companies' responsibility for security incidents.

South Korea's Financial Services Commission (FSC) is moving to relax stringent network segmentation regulations for financial institutions, a policy that has been in place for 13 years. The move is driven by the need to adapt to the rapidly changing financial and technological environments, particularly the integration of artificial intelligence (AI) into security protocols.

Now, servers and external services are rapidly increasing, so there are inevitably many exceptions to network segmentation. It's like continuously drilling holes in the box.

โ€” Kim Tae-hoonKim Tae-hoon, director general of the Financial Security Division at the FSC, explaining the challenges of network segmentation.

The current network segmentation rule mandates the separation of internal financial networks from external internet connections to prevent cyber threats. However, the FSC is now piloting a program with 10 selected financial firms to test relaxed regulations, specifically allowing network access for security purposes, including the use of AI for threat detection. The commission plans to expand this trial and potentially remove the segmentation requirement entirely for firms demonstrating high-level security capabilities.

Critics argue that the existing segmentation, while intended to enhance security, has proven insufficient, citing recurring hacking incidents like the Lotte Card data breach. The FSC acknowledges that the "box" of internal systems has developed numerous "holes" or exceptions, such as mail systems, remote access, and research environments, which hackers exploit. The increasing complexity of financial services and the proliferation of external connections make strict segmentation increasingly impractical.

Network segmentation was in place, but a hacking incident occurred.

โ€” Kim Tae-hoonKim Tae-hoon referencing the Lotte Card data breach as an example of the limitations of network segmentation.

The advent of advanced AI, capable of identifying security vulnerabilities, further fuels the need for regulatory change. Existing regulations hinder financial firms from fully leveraging external AI services for security. The FSC's initiative aims to empower firms to utilize these advanced tools, but it also signals a shift towards greater accountability. Experts suggest that South Korean financial firms, having relied heavily on the segmentation rule, may not have fully developed their independent security capabilities compared to their international counterparts. The relaxed regulations are expected to place more responsibility on financial institutions to proactively manage risks and design tailored security systems.

It's a situation where we have to do all the overdue homework at once.

โ€” Kim Seung-jooProfessor Kim Seung-joo of Korea University's Graduate School of Information Security on the preparedness of financial firms for relaxed regulations.
DistantNews Editorial

Originally published by Hankyoreh in Korean. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.

More Stories

From Our Blog