S. Korea banks to segment network, establish data backup

Financial regulator to instruct local banks to separate their network systems into two, for internal and external usage, and is pushing to set up a consolidated backup center, as part of measures to beef up defenses against cyberattacks.
Written by Ellyne Phneah, Contributor on

South Korea's financial regulator will require banks to build a two-pronged network system, and pushing to develop a backup center for data storage, to avert cyberattacks.


The Financial Services Commission (FSC) said on Thursday it plans to have large banks separate their network systems into two partitions with one for internal use and the other for external use by next year, Yonhap News Agency reported.

Under the new measures, banks must split their main operating system first in the next 12 months before gradually splitting the network system at headquarters and branches, which is likely to take a few more years, the FSC explained.

The costs for splitting this network system will be approximately 1 to 4 billion won (US$889,878-US$3,559,512), and may vary depending on each bank's size.

The FSC is also pushing to establish a consolidated backup center for data storage, the FSC said. Even though there is already a secondary place for banks' data retrieval in the event of a cyberattack or natural disaster, this will be a third rescue center for emergency data recovery, it added.

The backup center will most likely be set up as an underground bunker far away from South Korea's capital Seoul for security purposes, the regulator said.

Regulator making efforts to beef up cybersecurity

The move comes as efforts to ensure a safe online network system are one of the top priorities for South Korean finacial firms, after some Web sites including Shinhan Bank were hacked by an unknown malware in late-March this year.

The FSS, and its supervisory agency Financial Services Commission (FSC) had said they were assessing network systems of financial institutions and will introduce measures to strengthen security in April.

Last week the regulator instructed local financial firms to disclose details in the event of a security breach, including the reason it happened, as part of efforts to beef up network security.

Just on Tuesday, a McAfee report said the March cyberattacks which hit banks and news agencies were part of a long term espionage campaign, dubbed "Operation Troy", aimed at stealing military and government data.

Editorial standards