국문요약 ··············································································1 ❘제1장❘연구의 의의와 방법 ··············································7 제1절 연구의 배경 및 의의 ··········································································9 제2절 연구의 방법 ······················································································11 ❘제2장❘동북아 주요국가의 사이버안전 및 범죄 정책 비교연구 ············································13 제1절 미국 ··································································································15 1. 미국의 사이버정책 동향 일반 ·····································································15 2. 사이버안전정책: 사이버행정명령 중점 분석 ··············································16 가. 사이버행정명령 ·······························································································16 나. 사이버행정명령의 제재 ··················································································18 다. 사이버행정명령의 문제 ··················································································21 3. 사이버범죄 정책 ···························································································23 가. 컴퓨터사기남용법 개요 ··················································································23 나. 사이버범죄의 유형 ·························································································24 다. 컴퓨터 훼손 ····································································································26 라. 컴퓨터 사기 ····································································································28 마. 갈취 위협 ········································································································30 바. 컴퓨터 접속에서의 거래 ················································································31 사. 컴퓨터 첩보 ····································································································32 4. 시사점 ············································································································33 ii 동북아 사이버범죄 및 보안 지역협력방안 제2절 일본 ··································································································35 1. 일본의 사이버정책 동향 일반 ·····································································35 2. 사이버안전 정책 ···························································································36 가. 사이버시큐리티 기본법 ··················································································36 나. 신 사이버시큐리티 전략 ················································································40 3. 사이버범죄 정책 ···························································································46 가. 사이버범죄 관련 법제 ····················································································48 4. 시사점 ············································································································54 제3절 중국 ··································································································55 1. 중국의 사이버정책 동향 일반 ·····································································55 가. 중국 사이버 정책 및 법제도 발전연혁 ························································55 나. 중국 사이버 관련 제도의 특징 ·····································································58 2. 사이버안전 정책 ···························································································60 가. 사이버 안전에 대한 정의 ··············································································60 나. 사이버공간에 대한 주권 주장 ·······································································60 다. 사이버 산업발전과 안전보장의 병행 ····························································61 라. 사이버 안전에 대한 분류 ··············································································61 마. 사이버 안전보장 책임 및 주체의 세분화 ····················································62 바. 사이버 안전점검과 조기경보 및 응급조치 ···················································63 사. 사이버 국제협력 ·····························································································64 3. 사이버범죄 정책 ···························································································65 가. 사이버범죄 대응 정책 ····················································································65 나. 사이버범죄 관련 법제 ····················································································66 4. 시사점 ············································································································73 제4절 러시아 ·······························································································75 1. 러시아의 사이버정책 동향 일반 ·································································76 가. 국가안보전략 나. 국가사이버안전전략 ·······················································································77 2. 사이버안전 정책 ···························································································79 가. 주요 입법 ········································································································79 나. 기타 관련 제도 ······························································································81 3. 사이버범죄 정책 ···························································································83 가. 형법 ·················································································································83 4. 시사점 ············································································································86 제5절 한국 ··································································································88 1. 한국의 사이버정책 동향 일반 ·····································································88 가. 주요 사이버안보 정책 추진 경과 ·································································89 나. 국가사이버안전을 위한 대응 ·········································································97 2. 사이버안전 정책 ·························································································100 가. 사이버안전 대응체계 ···················································································100 나. 사이버안전 주요 기관 ·················································································103 다. 민간부문의 사이버안전 대응체계 ·······························································105 라. 국방부문의 사이버안전 대응체계 ·······························································110 3. 사이버범죄 정책 ·························································································114 가. 개관 ···············································································································114 나. 검찰의 정책 ··································································································118 다. 경찰의 정책 ··································································································122 4. 시사점 ·········································································································126 ❘제3장❘2014년 동북아 평화협력포럼과 사이버범죄 지역협력 논의 동향 ······················129 제1절 2014년 동북아 평화협력포럼 논의사항 분석 ································131 1. 동북아 평화협력포럼 개최 배경 및 의의 ················································131 2. 참여대상 및 의제 ·······················································································132 3. 사이버스페이스 분야 논의사항 ·································································133 가. 개념 정의 ·····································································································133 나. 국제협력 ·······································································································134 다. 정보공유 및 신뢰 구축 ···············································································135 제2절 사이버범죄 ······················································································136 제3절 사이버역량 강화 및 교류 ·······························································137 제4절 동북아 평화협력구상과 사이버안전을 위한 지역협력 구축의 필요성 ·································································138 ❘제4장❘동북아 평화협력을 위한 정책적 제언 ··············141 제1절 지속적 지역협력을 위한 논의 과제 ···············································144 제2절 한국의 정책 방향 및 국제적 대응방안 ··········································146 1. 사이버보안 정책의 방향과 과제 ·······························································146 2. 사이버범죄 및 보안 분야 지역 협력의 시사점 ·······································148 가. 한국－중국－일본의 협력 ············································································148 나. 국제적인 사이버스페이스 관련 의제의 주도 ·············································149 다. 동북아 평화협력과 사이버보안 정책 ··························································149 3. 동북아 지역 사이버보안 협력방안 ····························································150 가. 정부-민간 협력 ····························································································150 나. 양자협력 채널 구축 ·····················································································150 다. 국제 사이버범죄조약 가입검토 ···································································151 라. 전문가 양성 ··································································································151 마. 국민적 인식제고 ···························································································152 바. 국내법제도 정비 ···························································································152 사. 국제협력 역량강화 ·······················································································153 아. 기술역량 강화 ······························································································153 4. 전망과 향후 과제 ·······················································································153 참고문헌 ·········································································155 Abstract ········································································161

1. 본 연구는 2015년도 「국제 범죄방지를 위한 UN･국제협력 및 연구 사업」의세부과제로서, 정부의 동북아평화협력구상 실현을 위한 동북아 지역 형사사법 협력사업의 하나로 기획되었다. 한국형사정책연구원 국제협력사업의 일환으로 중국, 일본,러시아 등 동북아 주요국가와의 형사사법분야 지역협력 연구사업을 본격화하면서,향후 사이버안전분야에서 동북아지역 형사사법 협력방안을 발전적으로 제시하는데목적이 있다.2. 연구의 의의와 방법사이버공간의 문제는 초국경적 성격을 갖기 때문에 사이버안전 및 사이버범죄 문제에 대응하기 위해서는 국가간 협력 대응체계를 마련하는 것이 중요하다. 현재 우리정부는 미국을 포함한 동북아시아 국가들의 대화와 협력을 통한 신뢰 프로세스를추진하고 있으며, 동북아 지역에서 공동 대응에 대한 인식이 공유될 필요가 있다.그러나 동북아에서는 역내 국가간 경제･사회･문화적 상호의존성의 확대 동향에 비하여 정치･안보 협력은 이에 못 미치는 ‘아시아 패러독스’ 현상이 지속되고 있으며,국가간 분쟁을 다룰 다자협력체제도 형성되어 있지 않다.향후 동북아 평화협력에서 한국이 선도적 역할을 하기 위해서는 동북아 협력을위한 사이버안전 및 사이버범죄 대응협력방안에 대한 정책 분석과 대응방안을 모색할필요가 있다. 본 연구에서는 미국, 중국, 러시아, 일본, 한국의 사이버안전 및 사이버범죄에 대한 최근의 정책기조에 대하여 검토하고, 해당 정책이 갖는 시사점을 통하여,한국이 동북아 지역체제에 제시할 수 있는 협력대응방안을 도출하고자 한다.3. 동북아 주요국가의 사이버안전 및 범죄정책 비교 연구－미국미국은 2011년 ‘사이버공간에서의 국제전략’을 통하여 사이버공간에서의 적대행위 에 대응하여 필요한 경우에 국제법에 따라 최후의 수단으로서 군사력을 이용할 수있음을 천명하고, 사이버정책을 발전시켜 왔다.특히 2015년에는 악의적인 사이버 위협에 대한 대응을 구체화하고 국가안보전략,대통령 행정명령, 국방부 사이버전략을 잇달아 발표하였다. 2015년 4월 미국 오바마대통령의 행정명령에서는 국가 또는 민간을 불문하고 미국에 대한 사이버 위협이개시된 출처에 대하여 적극적으로 대응하도록 촉구하였다. 또한 2015년 4월 국방부에서는 2011년 ‘사이버공간에서의 국방부 전략’을 개정･보완하여 새로운 ‘국방부 사이버 전략’을 발표하였다.미국의 사이버행정명령은 사이버위협에 대한 적극적 대응을 강화시키는 정책의일환으로서, 광범위한 용어를 사용하여 재무부장관에게 상당한 해석의 재량을 부여하고, 동 행정명령의 제재를 받는 자의 재산의 동결과 거래를 금지한다. 사이버행정명령은 해외에서 발생하는 유해 사이버－가능 활동과 같은 사이버 위협을 통제하려는국가관행으로서 중요한 시도이다.미국은 연방형법의 흠결을 보완하는 컴퓨터사기남용법을 통하여 인터넷과 컴퓨터시스템에 대한 사이버범죄를 규율하고 있다. 특히 정부 컴퓨터 등 시설에 대한 침입과훼손 행위 및 재범행위를 중하게 처벌하고, 사이버범죄에 대한 미수 또는 모의도금지하여 광범위하게 처벌하고 있다. 또한 경찰뿐만 아니라 국토안보부 산하기관이사이버범죄에 대한 조사권한을 가짐으로써, 관련 기관의 상호 협조 하에 신속한 대응이 이루어지도록 하고 있다.4. 동북아 주요국가의 사이버안전 및 범죄정책 비교 연구－일본일본은 사이버안전 분야의 기본법을 제정하여 국가가 추구하는 기본이념을 제시하고, 이를 바탕으로 범국가적인 사이버시큐리티 시책을 추진하기 위한 법적 근거를마련하였다.2015년 9월에 신 사이버시큐리티 전략에서는 급증하고 있는 인터넷뱅킹을 이용한범죄, 대규모 정보유출사건 등 악의적인 사이버범죄의 실태를 파악하고, 신종 수법에대처하기 위하여 범죄 대처능력과 수사능력 향상의 필요성, 정보수집 강화, 국제협력체제 강화의 추진을 촉구하였다. 그리고 국제사회의 평화와 안정 실현을 위해서는 사이버공간에서의 다양한 가치관을 인정하고 자율성을 존중하며, 언론과 기업행동을법치주의로 보장하여야 함을 강조하였다.사이버범죄 대책을 위하여 경찰청에서는 2001년부터 ‘종합시큐리티대책회의’를매년 개최하고 있다. 동 회의에서는 정보시큐리티에 관한 전문가, 전기통신사업자,컨텐츠사업자, 컴퓨터 제조판매업자, 소프트웨어산업 등 각종 사업 관련자 및 법조계,교육계, 방범단체 등 광범위한 분야에서 의견을 교환하여 추진과제를 제시하고 있다.5. 동북아 주요국가의 사이버안전 및 범죄정책 비교 연구－중국중국은 사이버안전에 대한 관리 강화를 목적으로, 국무원 및 관할 부서의 단독행정관할에서 중국 공산당 중앙위원회와 국무원이 공동으로 관리하는 양자관할체제로 변경하였다. 또한 인터넷 보안정책과 법령의 발전을 함께 도모하여 전국인민대표회의와 중국공산당 대표대회 결의가 법률과 정책으로 추진되고 있다.사이버범죄에 대응하여 형법에서는 사이버안전 운행을 침해하는 행위, 사이버를이용하여 국가안전과 사회안정을 침해하는 행위, 사이버를 이용하여 사회주의 시장경제질서와 사회관리 질서를 파괴하는 행위, 사이버를 이용하여 개인･법인 및 기타조직의 인신, 재산 등 합법적인 권리를 침해하는 행위를 규정하여 사이버범죄에 대응하고 있다.중국이 현재 검토 중인 사이버안전법안은 네트워크 전반을 망라한 규제 법안으로서네트워크에 대한 통제를 강화하는 한편, 사이버 공격을 방어하고, 중국의 이용자에관한 정보를 보호하는 정부의 역량 강화를 목표로 하고 있다.6. 동북아 주요국가의 사이버안전 및 범죄정책 비교 연구－러시아러시아의 사이버 관련 정책은 정보 인프라에 대한 물리적인 보호와 함께 정보의흐름을 관리･통제함으로써 사이버안전을 확보하는 데 초점을 맞추고 있다. 이와 같이러시아가 사이버공간에 대한 공권력의 개입을 통하여 사이버안전을 추구하는 정책은전반적으로 사이버 정보의 자유로운 흐름을 중시하는 서구와 가장 중요한 차이를보여주는 특징이라 할 수 있겠다.사이버범죄와 관련해서 러시아의 가장 두드러지는 특징은 정부당국이 법원의 허가 없이 자신의 재량에 따라 인터넷 자원을 폐쇄시킬 수 있는 권한을 갖고 있다는 점이다.러시아는 국내외적으로 사이버범죄에 대한 기소 압력이 증가함에 따라 최근 들어지적재산권을 침해하는 인터넷 공유자원에 대하여 단속하는 등 점차 처벌을 강화하고있는 실정이다.7. 동북아 주요국가의 사이버안전 및 범죄정책 비교 연구－한국한국은 사이버전은 국방부가, 사이버테러는 국가정보원이, 민간분야의 사이버공격은 미래부가 관리하는 체계를 이루고 있으며, 전체적인 컨트롤타워의 역할은 사실상국정원이 총괄하고 있다. 여기에 청와대에 사이버안보비서관실이 설치되면서 보다실질적인 사이버안보 컨트롤 타워를 구축할 수 있는 조직을 만들었다.법률적인 부분에서 한국은 기본법제가 아직 마련되지 않았고 지침에 의해 업무가수행되고 있는 실정이다. 최근에 ‘국가사이버안보기본법’을 제정하기 위해서 노력하고 있으며, ‘사이버테러방지법’도 국회에 계류 중이다. 사이버안보에 대한 기본적인방향과 사항들을 규정하는 국가사이버안보기본법의 우선 제정이 필요하다.사이버안전에 필수적인 전문인력과 보안장비 면에서 한국은 상대적으로 다른 선진국들에 비해 부족한 실정이다. 사이버보안 전문인력의 경우에도 인력양성에 대한 필요성은 공감하고 있는 반면, 양성 방법 등에 대해서는 아직까지 뚜렷한 결과가 도출되고 있지 않다.8. 2014년 동북아 평화협력포럼과 사이버범죄 지역협력 논의 동향한국은 2014년 10월에 ‘평화와 협력의 동북아시아로 가는 길’이라는 주제 하에‘2014 동북아협력포럼’을 개최하였고, 포 사이버스페이스 분야에 대한 논의사항은크게 개념 정의, 국제협력, 정보 공유 및 신뢰구축, 사이버범죄, 사이버역량 강화 및교류로 나누어볼 수 있다.사이버스페이스 분야의 협력을 위해서는 첫째, 포괄적이고 기능적이며 비배타적인접근, 둘째, 대화와 협의의 다자적 플랫폼과 메커니즘, 셋째, 신뢰 구축과 역량 강화,넷째, 국가적 접근과 함께 초국가적, 국제적, 글로벌 접근, 다섯째, 개인의 권리 보호와보장 및 국가의 투명성, 여섯째, 새로운 법률체계와 인프라 구축을 위한 비국가 행위자 의 선도적 역할, 일곱째, 민관 협력을 통한 공동의 협력과 규제가 필요하다.9. 동북아 평화협력구상과 사이버안전을 위한 지역협력 구축의 필요성사이버스페이스에서의 국제협력을 위해서는 국가 간 합의된 원칙, 국가 간 이해 조정과 신뢰 구축, 역량 강화 및 협력 기반의 마련을 위한 협의체가 요구된다. 또한 상호신뢰 구축을 위해서는, ① 모든 역내 국가가 참여하는 사이버 협력체 수립, ② 공동의행동규범 창출, ③ 역내 국가 간 동질성 및 유사성 발견, ④ 역내 국가의 사이버 역량강화 등이 필수적이다. 이러한 과정에서 동북아 국가들은 사이버 분야에서의 연성이슈에 대해 우선 협력을 도모함으로써, 국가간 상호 신뢰의 기반을 확보해 나갈수 있을 것이다.10. 동북아 평화협력을 위한 정책적 제언첫째, 사이버공간에 기존 국제법의 적용을 위해서는 동북아 협력 차원에서 국제법의 어떠한 내용이 어떻게 적용되어야 할 것인지에 대한 논의가 이루어져야 한다.둘째, 사이버 위협에 대한 예방과 대응 차원에서 동북아 역내 국가간 대응체계에대한 합의가 필요하다.셋째, 군사적 차원에서 사이버무기에 대한 관리 규칙과 통제의 문제에 대해서도지속적인 협력이 필요하다.넷째, 동북아 역내 국가간의 디지털 무역 관련 규범체계에 대한 국가간 협력과논의가 필요하다.다섯째, 거버넌스 차원에서 사이버공간에 대한 제반 문제를 논의하고 협력하는지역협력체 구축 및 관할기관에 대한 지속적인 협의가 필요하다.여섯째, 사이버범죄협약에의 가입에 관한 역내 국가들의 공통의 이해관계에 대한논의가 필요하다.11. 한국의 정책 방향 및 국제적 대응방안첫째, 동북아평화협력포럼은 정부기관간 논의인 Track 1 외교와 민간전문가간 논의인 Track 2 외교의 차원에서 적극 활용될 수 있다. 둘째, 동북아협력포럼은 지역 내 다자간 포럼이므로, 지역협력을 보완하기 위해서는 동북아평화협력포럼 내 양자간 협력 채널의 구축이 필요하다.셋째, 사이버범죄 분야의 기본 국제조약인 유럽평의회의 사이버범죄조약에 대한가입을 적극적으로 검토하여야 한다.넷째, 사이버범죄 및 보안 분야의 국내 전문가 양성이 필요하다.다섯째, 동북아 지역 내 사이버범죄 및 보안과 관련하여, 일반 시민, 기업, 그리고정부를 대상으로 한 사이버범죄 및 보안에 대한 인식 제고가 필요하다.여섯째, 국내적으로 법제도의 확립이 시급하다.일곱째, 한국형사정책연구원 내 국제협력센터의 역량을 강화하여야 한다.여덟째, 사이버보안과 사이버범죄 대응을 위해서는 기술적 우위를 점하여야 한다.사이버보안과 사이버범죄 대응에 있어서 ‘거버먼트’에서 ‘거버넌스’로 옮겨가고 있는국제적인 추세도 반영해야 할 것이다.