Asia Defense

How Should South Korea’s Next President Approach Cybersecurity?

Recent Features

Asia Defense | Security | East Asia

How Should South Korea’s Next President Approach Cybersecurity?

North Korean cyberattacks are not a future threat, but already a fact of life.

How Should South Korea’s Next President Approach Cybersecurity?
Credit: Illustration by Catherine Putz

The candidates for the upcoming presidential election in South Korea have not presented any clear vision of military and security issues facing the country. In my view, the new president, and the Combined Force Command (CFC) between the Republic of Korea and the United States, will face two major issues: OPCON transfer to the South Korean military, and how ROK forces can best cooperate with USFK to deter North Korean cyberattacks.

This two-part series examines each of those issues, and the questions they pose for the next South Korean president. Part one looked at OPCON transfer. In part two, I turn to the issue of how to deter North Korean cyberattacks. Whole-of-government solutions are required, for which three questions arise.

What are the main cyberthreats and cyberattacks against which South Korea and the alliance need to defend?

Insofar as North Korea is economically capable of deploying advanced technologies, the most obvious threat is from cyberwarfare, for which the main targets are not military, but civil facilities and organizations. South Korean domestic media have reported an increase in the number of cyberattacks on defense-related South Korean institutes, companies, and governmental organizations, from 3,986 in 2017 to 12,696 in 2020. Power stations, energy facilities, traffic control centers, and major governmental offices are all targeted.

How can South Korea and the alliance best deter North Korean cyberattacks?

Looking at the CFC, military cybersecurity appears to be strong enough to repel North Korean cyberattacks. But it is a different story for civilian organizations, where financial considerations, or just a dearth of cyber awareness, mean that cybersecurity is often not taken seriously enough. All civilian organizations in South Korea should make use of standardized best-practice methodology, as informed by those with long experience in cybersecurity. This needs to be strictly regulated, because North Korean cyberattacks and state-sponsored disinformation directly threaten democratic governance.

The South Korean military and U.S. Forces Korean (USFK) are also targeted, but USFK is now starting to apply basic standards of cybersecurity to its command and control (C2) system. These defenses need to be tightened and extended to the ROK armed forces. The South Korean government should set policy priorities modeled on USFK’s regulatory guidance for cybersecurity. A cooperative approach between South Korea and the United States is important if damaging leaks are to be prevented. To that end, the newly established ROK-U.S. Information, Communications and Technology cooperation committee recently held its first meeting to identify cyberweaknesses.

The worst-case scenario would be a successful cyberattack upon military facilities and/or the CFC, and it is important that friendly cyberattack capabilities are developed to forestall this possibility. This kind of proactive approach is often used by the most vulnerable civilian organizations, such as financial institutions.

It is my observation that South Korean military leaders have little understanding of cyberwarfare, whether defensive or offensive, so establishing a combined capability between the ROK and USFK will take time and considerable determination. At present the South Korean military is simply paying lip service to the idea of cyberthreats as an integral component of the combined force defense posture. In formulating combined cyberoperations between the South Korea military and USFK, however, it is essential that Seoul does not simply rely upon USFK. South Korea needs to be fully capable of mounting its own cyberdefenses.

Cybersecurity cooperation between South Korea and the United States should include inviting civilians and government officers to join cooperative exercises to counter North Korean cyberwarfare during annual combined exercises and recruiting professional cyberwarfare leadership for the South Korea military. In addition, the South Korea military should adopt the U.S.-based C2 system, abandoning the incompatible indigenous C2 systems being developed.

What are the security implications of North Korea’s cyberattacks?

Cyberwarfare is a peacetime, not a wartime, operation. Degradation of C2 facilities during wartime would very likely render cyberwarfare less effective. Cyberwarfare is not just a technical issue, but also often depends upon the exploitation of human errors and weaknesses. The human factor is therefore crucial to cybersecurity, and spies and collaborators in South Korea may seek to prevent or limit the effectiveness of combined cybersecurity between the ROK and USFK. Detailed information about ROK military bases and USFK facilities could be leaked by such infiltrators, furnishing major cyberattack targets for North Korea.

However, North Korean cyberattacks would likely escalate in advance of a more conventional attack, whether a provocation or an all-out war. The ROK armed forces and USFK therefore need to establish a shared awareness of the cyberdomain, to identify indications that North Korea is planning military action. For this purpose, it would be useful to compile a database to analyze patterns of North Korean cyberattacks against military, governmental, and other civilian organizations, and also to correlate these data with other salient indicators.

Similarly, information collected and collated by U.S. Cyber Command is also crucial for South Korean cyberdefense efforts, especially for the alternative perspective it offers with respect to politically motivated interventions, for example during election campaigns.

South Korea and the United States should work better and more closely together to enhance cybersecurity through cooperation on innovation and critical technologies. Both countries need to counter cyberattacks, to build infrastructure to combat disinformation intended to undermine popular support for the South Korea-U.S. alliance, and to extend more effective cybersecurity across all fields of civil society, including governmental, industrial, and academic institutions.


North Korean cyberattacks are not a future threat, but already a fact of life. The disparate cyberwarfare capabilities of the ROK armed forces and USFK need to be bridged, and urgently. Cyberwarfare interoperability between South Korea and the United States requires high quality data, good documentation and traceability, clear transparency, reliable human oversight, and robust accuracy. Cyberwarfare depends on technical skills by operators in the theater, but also on informed leadership at the command post level. Unfortunately, South Korea is deficient in the latter.

Some progress is underway. In accordance with Biden-Moon summit agenda, the ROK and U.S. militaries recently conducted their first working-level seminar on deterring and countering ransomware and similar cyberattacks, from North Korea and others.