The U.S. and South Korea have a long history of security cooperation and share a common enemy in North Korea. However, existing measures do not adequately address cybersecurity threats from North Korea.
- Gain a better strategic understanding of North Korean cyber strategy.
- Create a standing cybersecurity organization for ROK and US cooperation.
- Build up cooperative strategies with China for tackling North Korea cyber threats.
North Korea’s cyber capabilities have been regarded as a major threat to the United States since the 2014 Sony Pictures Entertainment hack, which rendered thousands of Sony computers inoperable and breached Sony’s confidential business and personnel information databases.
In the wake of the attack, the 2015 U.S. Department of Defense (DoD) Cyber Strategy emphasized the importance of defending its country and allies against cyber threats with the following remark: “From 2013-2015, the Director of National Intelligence named the cyber threat as the number one strategic threat to the United States, placing it ahead of terrorism for the first time since the attacks of September 11, 2001.” Moreover, in the report the U.S. DoD specifically cited the North Korean cyberattacks on Sony as one of the most destructive cyberattacks on a U.S. entity, making North Korea central to the already ongoing national discussion about the nature of cyber threats and the need for improved cybersecurity.
The emerging North Korean challenge means that the longstanding, mutual alliance between the U.S. and the Republic of Korea (ROK) sits at a turning point. The alliance’s previous emphasis was on conventional threats, including nuclear war. But, the changing security environment means that the U.S. and ROK must now turn their attention to cyber threats.
The U.S. – ROK Mutual Defense Agreement was signed in 1953, immediately after the end of the Korean War, and was meant to defend democratic societies, especially the U.S. and its allies, against expanding communism by the Soviet Union, China, and North Korea. As allies, the U.S. and ROK have effectively counteracted a variety of North Korean threats ranging from small armed provocations to the development of nuclear weapons and intercontinental ballistic missiles (ICBM). This work has its foundation in the Mutual Defense Agreement, which is operationalized in the U.S.-ROK Combined Forces Command (CFC) and two annual high-level military talks: the Security Consultative Meeting (SCM) and the Military Committee Meeting (MCM).
However, the Mutual Defense Agreement has recently been challenged by the increase in North Korean cyberattacks on U.S. and ROK critical infrastructure. The challenge has been intensified because we are still in the early stages in terms of counteracting North Korean cyber threats. Specifically, because the U.S. and ROK have viewed cyber threats as another type of conventional threat, they have overlooked the necessity of establishing a combined, standing cyber threat response system.
Since the 43rd Security Consultative Meeting in 2011, the issue of North Korean cyber threats has entered into the U.S.-ROK Joint Communiques of the annual Security Consultative Meetings—something that usually consists of around 15 clauses. But, two problems remain: (1) not only do space and cyberspace issues share one clause, but also, (2) cybersecurity is only mentioned as a secondary issue after outer space in the clause. Furthermore, although the two countries have launched biannual working-level talks, called the U.S.-ROK Cyber Cooperation Working Group (CCWG), the CCWG has no practical capability to respond to North Korean cyber threats. Despite joint cyber defense training, exercise, and education recently driven by the CCWG, preparations are mainly limited to addressing North Korean cyberattacks during wartime without a standing organization for cybersecurity.
Recommendation 1: Gain a better strategic understanding of North Korean cyber strategy
To address the current security environment, it is essential that the U.S. and ROK deeply understand North Korean cyber strategy as the first step to addressing this issue. It is unquestionable that cyberattacks are a powerful tool for North Korea, which traditionally focuses on asymmetric strategy. Having nuclear weapons as a bargaining chip is a double-edged sword for Pyongyang, which has attracted the international community’s attention and retribution in the form of economic sanctions.
In contrast, Pyongyang has benefited from developing cyber capabilities. North Korea does not need to consider any potential sanctions from the international community when it develops cyber weapons and attacks other’s networks, especially the U.S. and ROK. It can improve its cyber capabilities at a low cost without the monitoring of the international community. Furthermore, using cyber weapons is not limited to wartime. In other words, North Korea can achieve all types of interests – tactical, operational, and strategic – through the use of cyber capabilities during peacetime. In short, these three advantages can be summarized as the increase in strategic flexibility of North Korea, something that only can be countered through complete understanding.
Recommendation 2: Create a standing cybersecurity organization for ROK and US cooperation
The U.S. and ROK governments need to establish a new combined, standing cybersecurity organization for mutual cyber interests by emphasizing North Korean cyber threats as a primary issue of two countries. Existing mutual organizations that cover conventional threats cannot tackle cyber threats due to their lack of knowledge about cyberspace and ICT. Thus, both should focus on establishing a new standing organization.
The standing command could integrate the efforts of two countries to mitigate North Korean threats that have occurred during peacetime. Also, this command could be easily and quickly expanded to deal with massive cyberattacks from North Korea. Moreover, it would be cost-effective because this command could be established in an existing building of the U.S.-ROK CFC with several computers and cyber security experts.
Recommendation 3: Build up cooperative strategies with China for tackling North Korea cyber threats
Finally, the U.S. and ROK should approach the issue of North Korean cyber threats with a cooperative strategy. Both U.S. and ROK infrastructure has been attacked by the North Korean cyber warriors who are stationed in China. These attacks mean that without any help from the Chinese government, the U.S. and ROK governments cannot investigate and resolve North Korean illegal activities in cyberspace. Thus, building new cooperative relationships with China based on mutual trust is essential for defending both societies.
 U.S. Department of Defense, The DoD Cyber Strategy (Washington D.C.: U.S. Department of Defense, 2015), p. 9.
 Bureau of East Asian and Pacific Affairs, “Fact Sheet: U.S. Relations with South Korea,” (Washington D.C.: U.S. Department of State, October 17, 2016), http://www.state.gov/r/pa/ei/bgn/2800.htm; U.S. Department of State, “National Security Council Report: Statement of U.S. Policy toward Korea” (Washington D.C.: U.S. Department of State, August 11, 1958), (https://history.state.gov/historicaldocuments/frus1958-60v18/d237).
 U.S. DoD and ROK Ministry of National Defense (MND), “Joint Communique of the 43rd U.S.-ROK Security Consultative Meeting, (Seoul, Korea: ROK MND, August 28, 2011).