Skip to main content

Cybersecurity Spotlight: South Korea

January 12, 2016

Since the end of the Cold War, there has been an ideological confrontation in the Korean Peninsula between communist North Korea and democratic South Korea. As South Korea has embraced the Internet, its networked society has become highly vulnerable to cyber threats, particularly from North Korea.

To secure South Korean society from cyber threats such as those posed by North Korea, South Korea’s military and its national intelligence agency are mainly charged with the country’s cybersecurity. While this may seem straightforward, South Koreans look to this arrangement with concern because these two government entities played critical roles in supporting authoritarian regimes in South Korea’s past.

Therefore, South Korea’s central cybersecurity challenge is twofold. Externally, it faces cyber attacks from North Korea. Internally, cybersecurity initiatives face popular resistance due to the authoritarian history of the main state organizations responsible for protecting the citizenry.

External Pressure: Cyber attacks from North Korea

The first key challenge in relation to South Korean cybersecurity is that South Korea faces an ever-present cyber threat from North Korea. After the end of the Cold War, North Korea lost its allies–the Soviet Union and China–and began to focus on the development of unconventional security strategies, such as cyber capabilities, to compete with South Korea.

The main targets of North Korean cyber attacks are South Korea’s critical infrastructure and its government and civil websites. Nevertheless, the North Korean cyber threat only attracted global attention when North Korea targeted Sony Pictures Entertainment. On November 24, 2014, Sony Pictures Entertainment was hacked and confidential data, including personal information, was released, allegedly by a North Korean hacking organization. The reason for the hack was Sony’s new film, The Interview. The Interview is a satire about an assassination attempt of North Korea’s leader, Kim Jong-un.

While the Sony hack was an important event, rather than just focusing on incidents targeting the U.S., it is imperative for South Korea and global security that we devote critical attention to the main targets of North Korean cyber attacks, namely, those within South Korea. According to the South Korea’s Ministry of National Defense’s 2014 Defense White Paper,

North Korea currently operates about 6,000 cyber warfare troops and conducts cyber warfare, including the interruption of military operations and attacks against major national infrastructure, to cause psychological and physical paralysis in the South.

Beginning with Distributed Denial of Service attacks (DDoS) in July 7, 2009, North Korean cyber warriors have repeatedly attacked and paralyzed South Korean government, financial, and critical infrastructure websites. These attacks led to significant financial losses as well as damage to the reliability of South Korea’s cybersecurity system.

The worst problem is that the South Korean government cannot officially attribute these several critical cyber attacks to North Korea. They cannot do so for two reasons. The first reason is related to the characteristics of cyber attacks: they are easy to deny and extremely difficult to attribute to the attackers. After being attacked, a state cannot easily find decisive evidence or accurate proof, so the state has to rely heavily on circumstantial evidence for attribution. The second reason is the Chinese government has been uncooperative in providing information about the cyber attacks. Due to a lack of critical information infrastructure necessary to execute cyber attacks within North Korea, North Korean hackers are frequently stationed in China. Because China has not cooperated with South Korea’s investigations, the South Korean government has failed to trace and identify North Korean hacking organizations. Thus, South Korea needs to build new partnerships with other countries, especially China, to solve these challenges.

Internal Pressure: Suspicion of state security agencies

The second key challenge to South Korean cybersecurity is that South Korea is struggling to unify its domestic cyber-defense systems. After being attacked several times, South Korea established two main agencies to unify its cybersecurity efforts: the National Cyber Security Center (NCSC) led by the National Intelligence Service (NIS), and the National Cyber Command (NCC) led by the South Korean military. However, in order to address the first challenge (i.e., North Korean cyber attacks), South Korea needs to develop a national consensus regarding its response to cyber attacks. It can do so by increasing the credibility of the two agencies focusing on cyber issues.

The South Korean military and NIS played key roles in supporting authoritarian regimes in South Korea’s past. Consequently, South Koreans are worried about the concentration of authority in the NCSC and NCC. Moreover, a few agents in the NIS and NCC have been suspected and accused of engaging in intervention in domestic politics during the last South Korean presidential race in 2012. Specifically, they have been investigated on suspicion of making political comments using social networking services to help the ruling party of South Korea. Recently, it was also revealed that NIS was one of the customers listed as having brought hacking tools from the Italian companyHacking Team. NIS officially claimed that the purchases were used to study the technology, so that it could be directed against North Korea. Also, NIS argued that the programs have never been used to spy on South Korean residents. Nonetheless, the explanations just led to greater domestic political controversy in South Korea. The controversy was accelerated by South Koreans’ memory of the past when the national intelligence agency monitored innocent civilians under authoritarian regimes.

These two issues, then, have consistently damaged new partnerships between the government and civil society–partnerships that are becoming more important for solving cyber threats. Therefore, given that the NCSC/NIS and NCC are the main government actors defending South Korea’s national cybersecurity, to be effective they will have to be more independent from South Korea’s domestic political issues. Furthermore, the South Korean government has to operate the agencies more transparently in order to gain the trust of the South Korean public, while still protecting these agencies’ critical information.


In conclusion, South Korea needs to build new cooperative relationships with other countries and guarantee the political neutrality and independence of its two agencies, the NCSC and NCC, in order to better counteract threats to its cybersecurity. In the past two years, China has been pushing forward international cooperation in cyberspace on bilateral, regional, and international levels. On the bilateral level, the South Korea-China Internet Roundtable was held in 2012 and 2013 with “Internet Development and Security” as the theme. However, this annual event was limited to mentioning the importance of strengthening cooperation between the two countries in safeguarding cybersecurity, combating cybercrimes, and protecting privacy. Also, the NCSC and NCC are trying to open their missions to South Koreans to gain the citizenry’s trust. However, they still face the limited confidence of the South Korean people and the dilemma between privacy and national security.