The South Korean government has established key security strategies in four areas. 

1️⃣ Smooth utilization of AI, new technologies, and public data based on National Network Security Framework (N2SF) 

The 'National Network Security Framework (N2SF)' is a new security system designed to replace the rigid network separation policies of the public sector, allowing new technologies such as AI and cloud to be used safely in support of the government’s core strategy to 'leap to AI 3 big nations.' 

This encourages the active use of generative AI and external cloud services on work PCs, and makes it possible to work conveniently even via wireless LAN (WiFi). 

The guidelines released this time are the official version, supplemented by collecting opinions from various sectors such as the government, industry, and academia after the NIS released a draft in January. 

This document consists of three books, including the main text, Appendix 1 (Security Control Item Commentary), and Appendix 2 (Information Service Model Commentary).

The main text is particularly characterized by detailing 'activity items by application stage' more than the existing drafts, so that each organization can smoothly prepare and proceed with an informatization project applying N2SF, and enhanced detailed concept introductions.

Appendix 1 contains explanations of security control items applied differentially according to the importance of business information owned by the institution (Confidential / Sensitive / Open). It presents about 280 security control items under six areas (authorization/authentication, separation/isolation, control, data, and information asset).

Appendix 2 includes 11 'information service models' to help institutions use wireless LAN, external cloud services, and generative AI through N2SF. Although this content has previously been disclosed only to the public sector, it is fully disclosed to expand the base of N2SF use. 

Furthermore, it standardized forms to clearly understand what outputs are created when applying N2SF. The concept was added by reflecting the concept of Cross-Domain Solution (CDS) defined by the US NSA. 

Especially with the inclusion of CDS, technical and managerial items have been added, and explanations of each security control item have been enhanced. Examples are provided specifically for reference, so institutions can decide on the security product or solution they need to purchase when actually implementing security controls.

Appendix 2’s Information Service Model Commentary concretely shows what information service models can be created when applying N2SF. The previous draft had 8 models, but this has now been expanded to 11, with newly added models for mobile-based services, wireless network utilization, and CDS utilization. 

In summary, N2SF is not merely a replacement for network separation policies, but a shift to a new security system suited to the AI and cloud era. More detailed security controls, alignment with global standards, and the inclusion of next-generation security technologies like CDS are key changes expected to significantly transform the security environment going forward.

2️⃣ Comprehensive Plan for Transition to Post-Quantum Cryptography 

The NIS has revealed a roadmap for transitioning to Post-Quantum Cryptography (PQC) in preparation for the quantum computer era. This represents a fundamental redesign of the national security infrastructure.

Since 2021, the government launched the KPQC Research Group to secure the original technology for post-quantum cryptography. The research system involves 74 experts from academia and industry. They received 16 candidate technologies through a domestic cryptography competition, and from 2022, conducted public verification by evaluating stability, efficiency, and applicability with domestic and foreign experts. As a result, four post-quantum cryptography technologies were finalized in January 2025. These technologies will proceed to the practical use stage through standardization and pilot projects.

Additionally, in July 2023, the Post-Quantum Cryptography Transition Master Plan was established. The plan aims to transition the national cryptography system by 2035 to address the risk of current systems being compromised by quantum technology. It consists of three main stages.

Stage 1: Establish direction for long-term transition of national cryptography systems

Stage 2: Lay the foundation for systematic and multi-faceted cryptography transition

Stage 3: Build integrated infrastructure to counter quantum threats and implement safe cryptography systems

Based on this master plan, a comprehensive plan for transitioning to post-quantum cryptography was formulated in September. The plan consists of a total of 59 tasks, including an annual roadmap and implementation measures.

Strategy 1 (Securing capabilities and refining systems and procedures): 33 tasks

• Secure Korean-style post-quantum cryptography base and create practical conditions by 2030

• Obtain foundational operational technology for safety verification and transition preparedness by 2029

• Establish and distribute guidelines and standards for cryptography technology use by 2030

• Prepare a base for applying post-quantum cryptography to KCMVP (Cryptographic Module Verification Program)

• Establish an implementation management system by 2029, and prepare customized transition plans by institution and sector by 2030

Strategy 2 (Transition support and ecosystem creation): 26 tasks

• PKI (Public Key Infrastructure) enhancement: Establish PKI transition alliance by 2029, with phased verification and stable operation

• Prepare support system: Develop guidelines by 2027, and operate support services from 2028

• Establish human resources and industry base: Design and analyze PQC from 2026, host competitions and hackathons, and strengthen the business and industrial base by 2030

• Public promotion: Strengthen promotion of the need for cryptographic transition from 2025

3️⃣ Establishment of Security System in the Mobility Sector 

The third area is the establishment of a security system in the mobility sector. Since mobility is still in its infancy, it is characterized by security policies centered on utilization. 

Mobility security is divided into two main areas: IT security and supply chain security.

IT security consists of security items tailored to the characteristics of each field, such as autonomous vehicles, connected cars, intelligent robots, drones, and urban air mobility (UAM).

Supply chain security consists of security items that apply universally across all fields.

For example, for autonomous vehicles, it is checked whether domestic standard cryptographic communication is applied when communicating internally within the vehicle or externally. 

For intelligent robots, the ability to remotely or physically stop in an emergency when malfunctioning or exhibiting abnormal behavior is important. 

For drones, the application of standard cryptographic communication to control signals or data exchanged between the controller and the aircraft is included in the items. 

For UAM, it is crucial to check whether communication between the aircraft and the ground control system follows domestic standard cryptographic communication.

The mobility security checklist is scheduled to be distributed initially in 2025. This checklist is not a regulation that hinders technological innovation but serves as a tool that supports safe innovation. It can be described as a policy that acts as a guide to help new mobility services such as autonomous vehicles, drones, and robots grow safely.

4️⃣ Cybersecurity Guidelines for Space Systems 

In June 2024, the Satellite Cybersecurity Council was established. After practical and plenary meetings, guideline drafts were prepared in March 2025, and after gathering opinions, the council's name was changed to the Space Cybersecurity Council in August. Finally, the Cybersecurity Guidelines for Space Systems were released on September 9, 2025. 

These guidelines provide cybersecurity considerations and measures to be considered for each life cycle stage of a space system, from design and development to operation, utilization, and decommissioning. 

Chapter 1 defines the terminology and standard models used by space systems, and Chapter 2 introduces the cybersecurity threats and major attack scenarios for space systems. The security threat analysis especially specifies scenarios such as ground station attacks, satellite network hacking, and satellite control interference. 

Chapter 3 explains the necessary security measures according to the life cycle of space systems for components like ground stations, satellite networks, and satellites. Security measures are based on national information security guidelines, with additional space system-specific measures added.

Additionally, [Appendix] provides a security measure checklist according to the life cycle of space system components. 

Space systems can apply various security measures depending on mission functions and services provided. These guidelines provide practical guidance for institutions involved in the design, development, and operation of space systems to prepare and apply cybersecurity measures. 

Most importantly, it is now a turning point where the paradigm of security fundamentally changes. To respond to extended future threats covering AI, cloud, quantum, and space beyond the traditional network separation model, a completely new security framework is required instead of merely supplementing existing methods.

The attack surface is widening, and threats are becoming more sophisticated. Without a system to immediately identify assets, identify vulnerabilities, and manage continuously, the benefits of technological innovation are exposed to risk.

To protect innovation safely, it is necessary for all of us to prepare and act proactively.