사이버위협정보 수집ㆍ공유 관련 법제도적 쟁점과 개선방안 ―민간부문을 중심으로―

In the past, war was the biggest disaster that threatened a country. Korea has already experienced the horrors of war due to the Korean War. But now, a disaster as scary as a physical war is a cyber threat. Cyber threats can bring a country back from the information age to the pre-industrial age at a moment's In other words, cyber threats are not just causing inconvenience in life, but can devastate all of our daily lives. Therefore, it can be said that responding quickly to cyber threats is essential for the existence of the country. However, in order to respond quickly to cyber threats, above all, support from the legal system is required. Therefore, this study sought how to improve the legal system to activate the collection and sharing of cyber threat information in the private sector. As a result, cyber security legal system is specialized law within the realm. Therefore, collisions with other specialized law regions may occur, and internally, a process of differentiating into sub-specialized law continues to occur. Therefore, the legal system should be improved so that cyber security laws avoid conflicts with other specialized law areas and establish an internally consistent legal system. For that, first, the legal system currently divided into the public and private sectors should be integrated into a single legal system. In addition, there is a need to systematize the legal system by enacting the Framework Act on Cyber Security. Secondly, such work requires a lot of time and effort. Therefore, before that, it is necessary to create a connection point so that several specialized law regions do not collide with each other. In order for such work to be carried out systematically, it should be considered to revise the law through Germany's "Artikelgesetz" system. And thirdly, most of the laws on collecting and sharing cyber threat information aim to achieve their purpose through sanctions. However, sanctions can allow information to be collected and shared formally, but there is a limit to actually collecting and sharing information. Therefore, it is necessary to actively utilize the incentive system in order to enable the private sector to collect and share cyber threat information. Of course, there are still some incentive systems in place, but there is a need to improve the incentive system in order to actively collect and share cyber threat information in the private sector. Fourth, it is required to revise the punishment regulations so that criminal punishment in accordance with the ideology of the criminal law is carried out. Through this, the cyber security legal system will be able to maintain consistency with the criminal law system.