사이버안보법의 개념과 공법적 원리 — 능동적 사이버 방어를 중심으로 —

Recently, a hacking incident occurred at SK Telecom, Korea's largest mobile carrier, and it was pointed out that a foreign hacking group was behind the incident. In such cases, understanding the issue from a national security perspective and implementing a national response is more important than simply responding to a civil lawsuit regarding the leak of personal information. Therefore, a legal institutional approach that differs from existing approaches is necessary. Current research trends in cybersecurity focus on so-called proactive, active, and offensive cybersecurity strategies. Accordingly, United States sought to actively transform its cyber strategy in 2018 with concepts such as “Defend Forward” and “Hunt Forward,” and this trend is also impacting Japan and South Korea. This study aims to examine public law issues arising in the field of cybersecurity law, in line with international research trends in cybersecurity. To begin the discussion, we propose separating the concept of cybersecurity law. In other words, the concept of internal cybersecurity is defined as the area where fundamental rights are violated due to state intervention in domestic information, while external cybersecurity is defined as the area related to the nation's own security, addressing external threats. An analysis of the logic behind cyberattack response reveals that domestic legal response logic, based on existing criminal and police laws, faces limitations due to the imminence requirement and the constraints of the rule of law. Conversely, discussions are underway in international law regarding the relaxation of the imminence requirement in the exercise of self-defense and the implementation of countermeasures. Accordingly, from a public law perspective, various measures are flexibly considered in a proportional relationship based on the circumstances and severity of a cyberattack. While traditional public law theory has neglected the temporal element, the new discussion of cyber defense reveals that the situational context of the attack and its temporal imminence are crucial factors. This study comparatively examined the active cyber defense systems of the United States and Japan. The study concluded that Korea's legal framework for cybersecurity is incomplete. Furthermore, it identifies practical challenges arising in South Korea and suggests the need for legislative improvements, including reforming Protection of Communications Secrets Act, enacting cybersecurity-related laws, and amending the espionage provision. In conclusion, it argues that responding to cyberattacks is difficult to completely prevent through domestic security measures alone, and thus, it is necessary to shift attention to international cybersecurity issues.