사이버테러의 거버넌스 구축에관한 연구 (A Study on Building a Governance of Cyberterroism)

이 연구는 국내 사이버 보안 전문가(국정원, 경찰청, 민간보안 업체, 화이트 해커 및 정보보안 학계)를 대상으로 전문가 그룹 인터뷰(Focus Group Interview)를 실시하여 사이버테러 관련 효율적 대응방안을 ‘거버넌스’ 관점에서 파악하였다. 이를 위해, 거버넌스 구성 원리(주체, 목표, 핵심자원, 운영방식)를 중심으로 거버넌스 지표를 발굴하여 여러 거버넌스 유형(정부 중심, 시장 중심, 시민단체 중심)중에서 국내 사이버 보안 전문가들이 바람직하게 생각하는 한국형 사이버테러 거버넌스가 어떠한 것인지를 전문가 그룹 인터뷰를 통해 자료를 수집하고, 이렇게 획득된 자료에 대해 근거이론을 바탕으로 내용분석을 실시하였다. 그 결과, 총 25명의 면담 참가자들중 18명(72%)이 정부 중심 거버넌스 유형을 선호하였고, 나머지 7명(28%)은 시장 중심 거버넌스 유형을 선호하였다. 한편, 참여자(주체)별 잔여 거버넌스 구성요소(목표, 핵심자원, 운영방식)에 대한 내용분석과 교차분석을 실시하여 정부 중심의 참여자를 선택한 전문가들은 목표에 있어서 합법성을 가장 선호하였고, 시장 중심 참여자를 선택한 전문가들은 목표에 있어서 능률성을 선호함을 확인할 수 있었다. 끝으로, 클러스터 분석을 통해 우리나라 사이버 보안 전문가들은 합법적 권한 및 권위를 바탕으로 하는 정부 중심 거버넌스를 선호하면서도 시장의 중요 가치인 ‘능률성’과 ‘경쟁력’을 지지하고 있었으며, 이외 3개 거버넌스 구성 개체들간 구속력이 강한 파트너쉽 보다는 느슨한 정책연대식 운영방식을 선호하고 있어 소위 ‘기업가적 정부’ 또는 ‘굿 거버넌스’를 추구하고 있는 것으로 각각 밝혀졌다.
끝으로, 이 연구는 우리나라 사이버테러 거버넌스 발전을 위해 핵심 참여자로서 정부내 ‘국정원과 경찰청의 공조’ 및 ‘국가 주도 사이버 취약점 정보공유’와 같은 컨트롤타워 정비 그리고 권한 및 권위에 근거한 합법적 거버넌스를 위해 가상화폐 보안 등 사이버 보안 통합법령 정비를 제안하였고, 능률성과 경쟁력 접목을 위한 방편으로 ‘수익자 부담원칙 확대’, ‘사이버 셉테드’, ‘버그 바운티 활용’ 등을 제시하였다. 아울러, 정책연대와 같은 운영방식상 효율화를 위해 시민단체의 사이버 보안평가 등 실질적 역할 증대를 각각 제언하였다.

The thought, the cyber space is the base of IoT as a core grounded technology of the fourth industrial revolution and it is comprised of a lot of stakeholders and its problems are not government alone matters but both public and private ones, is in the middle of spreading out.
In spite of the fact which the cyber terrorism, the infringement of one country's cyber space, should be cross-nationally prevented, responded, rehabilitated because its ripple effect is so serious that there would be enormous damage on both the entire public and civil sections infrastructure, the cyber matter in R.O.K. has not yet been constructed as a national risk management consensus. Therefore, the business duplication and confusion of the public and private are aggravated by standing out control tower ministry's expanded power and then the possibility of infringement of privacy in the conflictory relationship between the public and private. Also, there has been a contradiction which the private sector has been isolated in policy decision and execution despite its technological advantage because the vital infrastructure communication facilities have been installed, operated and managed mainly by public sections in the government-leading industrialization and development dictation. In addition, the responsibility of security is in a state of limbo where the new type business converged with the existing business and IoT business.
In this barren environment of cyber security, as a public-private cooperation facility, the governance which is able to produce a synergy effect by resolving the conflict between a government of policy, the private sector of technological advantage and the NGOs that are the watchdog to government and private stands out.
Thus, this dissertation studied the efficient countermeasures to respond to cyber terrorism in the perspective of governance by interviewing domestic cyber security experts(NIS agents, Police agents, Private cyber security businessmen, White hackers, Scholars of cyber security) on presenting some cyber terrorism examples such as the recent cryptocurrency exchange market hacking and the D-Dos Attack.
For the sake of this, this dissertation collected the data which type of cyber terror governance Korean experts prefer as Korean governance model through the expert interview questioning in the focus of government oriented type or market oriented type or NGO oriented type by creating governance index among the governance organization principles such as subject, objectives, key resource, operation method.
Consequently, 18 experts(72%) chose the government oriented type, remaining 7 experts(28%) preferred market oriented type among total 25 experts. Also, we could confirm that those who chose government oriented type preferred the most legality in objectives, on the other hands, those who chose market oriented type preferred efficiency in the goal through the cross-tap of the participants against remaining governance organization principles such as objectives, key resources, operation method.
Finally through cluster analysis, we could draw the following conclusion: Korean experts preferred the passive government oriented governance based on the legal authority on supporting the market values such as efficiency and competitiveness, in addition, they preferred the loose policy network type over tight partnership type among the three operation methods. That is, Korean experts seem to pursue the Businessman Government or Good Governance.
In conclusion, this dissertation proposed the align of control tower ministry such as a cooperation between police and NIS, and nation leading information sharing for cyber vulnerability data in the government as a core participant for the Korean model of cyberterrorism governance. Also, this suggested cyber combined legislation such as the security statute of cryptocurrency exchange market for the legitimate governance on the basis of authority, and BYOB principle, cyber-CPTED, bug bounty, etc. as a way to implant the efficiency and competitiveness to the government oriented governance. Plus, this proposed policy network for the efficient management such as NGO’s cyber security evaluation on cryptocurrency exchange market in order NGO to increase its role in the governance.