Facing the North Korean Cyber Threat: United States-South Korea Coordination in Cyberspace

South Korea is sounding the alarm on North Korean cybersecurity threats. In line with his “Global Pivotal State” (GPS) agenda, President Yoon Suk-yeol seeks international partners to tackle rising incidences of cybercrime, data theft, and misinformation campaigns coming from its neighbor to the north. 

South Korea’s month-long presidency of the United Nations (UN) Security Council put cybersecurity issues front and center, with Ambassador Hwang Joon-kook emphasizing that “Malicious cyberactivities, including cyberattacks on key infrastructure and thefts of civilian data and virtual assets, have a transnational nature.” The high-level discussions on cybersecurity in June energized the policy debate globally, opening an opportune window to follow up on these talks with new policy initiatives. 

One of the Republic of Korea’s strongest partners in cybersecurity is the United States, with President Yoon and President Biden reaffirming the necessity of expanding the US-ROK alliance to cyberspace 

One of the Republic of Korea’s strongest partners in cybersecurity is the United States, with President Yoon and President Biden reaffirming the necessity of expanding the US-ROK alliance to cyberspace and launching the Strategic Cybersecurity Cooperation Framework during their 2023 bilateral summit. Despite mutual agreement on both sides for closer cybersecurity cooperation and multilateral efforts to strengthen cyber ties, much work remains to be done to not only 1) recognize the existing institutional and strategic challenges to coordinating cybersecurity policy ahead of time but also 2) to implement the necessary steps towards delivering actionable and tangible results.

North Korean Cyber Operations

Over the past ten years, North Korea’s hacking operations have steadily increased as cybercrime becomes one of the regime’s main sources of international funding. According to a report by the UN Sanctions Committee on the DPRK, North Korea may be responsible for up to 58 cyberattacks on cryptocurrency companies between 2017 and 2023, totaling $3 billion in stolen currency. Such cyber activities generate approximately 50% of North Korea’s foreign currency income and could fund up to 40% of the DPRK’s weapons of mass destruction programs. Known hacker groups operating out of the DPRK such as the Lazarus group have launched steady attacks against digital infrastructure across South Korea, targeting satellite launch facilities, court systems, and senior-level Korean defense contractors.

The United States has also suffered security breaches at the hands of complicated North Korean cyber operations, from North Korean agents fraudulently gaining employment in Fortune 500 companies to sustained ransomware campaigns against American hospitals and think tanks. Both South Korea and the United States have a vested interest in deterring and countering these cyber operations to protect infrastructure and information vital to their national security and slow down the North Korean nuclear weapons program.

...the United States and South Korea are taking steps to learn from one another’s national cybersecurity strategies and integrate defensive measures through bilateral and multilateral initiatives.

Given these constant North Korean provocations, the United States and South Korea are taking steps to learn from one another’s national cybersecurity strategies and integrate defensive measures through bilateral and multilateral initiatives. The South Korean military regularly joins US-led cyber defense exercises, and most recently integrated US-ROK collaboration into the trilateral partnership with Japan during the June 2024 Freedom Shield naval exercises. Moreover, the Korean National Intelligence Service partners with the Federal Bureau of Investigation and the US Intelligence Community to raise public awareness of cyber threats through initiatives such as the #StopRansomware social media campaign. Yoon Suk-yeol's updated National Cybersecurity Strategy focuses Korea’s cybersecurity strategy on preemptive and offensive cyber operations to root out North Korean threats prior to cyberattacks.

This puts South Korean strategy in alignment with the US offensive cybersecurity doctrine and its Cyber Kill Chain model, opening the door for closer intelligence sharing between the allies as early intelligence is vital for successfully preempting cyberattacks. These developments in defense cooperation are promising, but in a dynamic digital landscape with a diverse range of stakeholders the two nations should seek other avenues of cyber-coordination beyond the military and intelligence agencies. Examples of such innovations in cybersecurity partnerships are apparent in the US response to another cyber threat.

Lessons from Cybersecurity Cooperation in Ukraine

Interestingly, recent lessons from the United States and allies’ efforts to bolster Ukraine’s cyber defense capabilities in the face of Russian digital warfare may serve as strong examples for future US-ROK joint cybersecurity initiatives vis-a-vis North Korea. In order to swiftly bolster Ukraine’s cybersecurity infrastructure, direct institution-to-institution cooperation and capacity-building was key. While US institutions such as the Department of Energy and Treasury Department easily worked with their Ukrainian counterparts on improving defense and information sharing, the bureaucratic relationship between US and Ukrainian defense organizations prevented smooth cooperation in other areas. The Ukrainian National Guard, for instance, could not cooperate with the US military as it was considered a peace force, a legal obstacle only overcome when the National Guard was subordinated to the Armed Forces through a martial law decree. 

Despite these bureaucratic clashes, the US did achieve success in Ukraine on the public-private cooperative front. Another insight from US efforts to cooperate with Ukraine was the importance of private-public support in bolstering cybersecurity research and capacity building, with American firms coming together to create the Cyber Defense Assistance Collaborative to coordinate their cybersecurity assistance and resource provision to the Ukrainian government. This example shows that creating an environment in which private firms are incentivized to support government cybersecurity projects is a productive avenue for new attempts at international cybersecurity cooperation.

Policy Recommendations

Given the lessons from Ukraine and the present willingness and opportunity to expand cybersecurity policy coordination, The United States and South Korea may consider pursuing two courses of action:

1. Standardizing Operational Organization

Both the United States and South Korea have robust cybersecurity governance structures, with law enforcement, monitoring, and regulatory functions dispersed among government agencies and the armed forces. However, South Korean cybersecurity policy sometimes lacks institutionalization in the face of new threats, with the National Intelligence Service (NIS) pulling together ad-hoc interagency emergency committees and “consultative bodies” in reaction to incidents such as a recent infiltration of a satellite launch site.

South Korean lawmakers are currently discussing legislation to grant the NIS proactive power to investigate cybersecurity breaches of other agencies and inspect their compliance with cybersecurity regulations—a sign that the ROK government recognizes the need to further institutionalize cybersecurity practices and define key roles for NIS and other agencies’ response during cyberattacks. This approach could face opposition due to public mistrust of the NIS on account of its history of illegal activities and human rights violations. However, an alternate cybersecurity governance structures could be explored to address public concerns. Regardless of what structural reforms are pursued, clearer operationalization of cybersecurity governance will serve to smooth potential bumps in direct institution-to-institution collaboration and capacity-building between the relevant Korean and American government agencies.

2. Increasing Public-Private Cooperation

The close relationship between the government and private sector in South Korea comes with its own benefits and challenges for strengthening cybersecurity cooperation with the United States. There are around 531 cybersecurity companies operating in South Korea, and a NATO reporthighlights how the South Korean Ministry of Science and ICT has allocated over $612 million to strengthen R&D efforts and cybersecurity competitiveness through projects with academia and private firms. In the context of such efforts, the United States has an opportunity to assist South Korea’s public-private partnership projects through expanding the Cyberspace and Digital Connectivity fund, which has only received a small $50 million in appropriations for dispersal to any allied nation applying for assistance. 

The US-ROK Joint Private-Public Economic Forum can also serve as an additional avenue to bring together private firms in both nations to share best cybersecurity practices and plan new investments structures in cybersecurity initiatives and research. Trans-Pacific private-public discussions will also have to overcome differences in digital transparency regulations, as current South Korean legislation is more restrictive of how researchers and firms can share data when it comes to designated “national core technologies.” Working-level discussions could address how the allies can allow firms to share and safeguard data in these sensitive industries to strike a fair balance between competition, cooperation, and national security in public-private cybersecurity partnerships.

Cybersecurity cooperation between the United States and South Korea is one of several promising new policy areas that the Biden and Yoon administrations incorporated into the alliance relationship in recent years. It is an area benefiting from deep institutionalization through working-level dialogues and joint defense exercises. In this context, policy discussions to pursue operational standardization and public-private partnerships are likely to bear fruit and encourage a deepening of the US-ROK relationship in other policy realms.

The views expressed are the author's alone, and do not represent the views of the U.S. Government or the Wilson Center. Copyright 2024, Indo-Pacific Program. All rights reserved.

Follow the Indo-Pacific Program on Twitter @IndoPacific. or join us on Facebook.

Follow the Korea Center on Twitter @Korea_Center or on Instagram at @wilsoncenterkorea.