Standing in the Rose Garden of the White House in late April, U.S. President Joe Biden and South Korean President Yoon Suk-yeol pledged “to get the ball rolling” on expanding the Mutual Defense Treaty into cyberspace. They made a similar commitment last year, but discussions have progressed slowly. This year, things are looking more promising thanks to the two leaders’ commitment to establish a bilateral Strategic Cybersecurity Cooperation Framework.
Cyber cooperation between the United States and South Korea has been stymied over the years by bureaucratic challenges. For instance, discrepancies between how each nation organizes law enforcement to handle cybersecurity incidents, especially North Korean-related threats, create major collaboration hurdles. Furthermore, the allies do not always see eye to eye on the scale of the threat. Until recently, many Western cyber experts viewed North Korean cyber threats as less potent than the ones posed by Russia or China. Yet, defending against Pyongyang’s attacks remains one of Seoul’s major objectives. These pain points could make the collaborative efforts go awry.
Like its predecessor, this year’s joint statement outlines the two allies’ cybersecurity partnership with an emphasis on deterring adversaries, protecting critical infrastructure, combatting cybercrime, and securing digital currency and blockchain applications from adversaries. These objectives also inform the newly proposed U.S.-ROK Strategic Cybersecurity Cooperation Framework, which calls for upholding democratic values in cyberspace, specifically by encouraging responsible state behavior and defending the integrity of the free and open Internet. Furthermore, the framework aspires to achieve two mutually beneficial objectives. For South Korea, the focus is to stop North Korea’s illicit revenue-generating schemes. For the United States, it is to reduce global dependence on China for critical technology supply chains, especially semiconductors.
The joint statement also identifies an organizational structure for coordination at various levels, but should have done more to improve the South Korea-U.S. information sharing system. Addressing differences in how intelligence agencies communicate with one another would greatly facilitate information sharing.
Likewise, the two countries pledged to continue investing in cloud computing and digital infrastructure research and development in the joint statement. Nevertheless, there are ongoing efforts to preserve a free and open Indo-Pacific. For instance, both countries are taking measures to ratchet up semiconductor manufacturing at home. Similar to the CHIPS and Science Act in the United States, South Korea’s K-Chips Act seeks to spur domestic semiconductor investments. However, the CHIPS and Science Act’s strict rules for foreign investment in the U.S. chip sector had a negative impact on Korean chipmakers and stirred up negative sentiments in Seoul. While the details remain undisclosed, the two countries seem to have reached a mutually beneficial arrangement during the presidential summit.
In response to the joint statement, Korean media is buzzing with articles that suggest South Korea’s cybersecurity policies have reached a critical juncture thanks to Yoon’s state visit. As its capabilities improve, Seoul’s cyber agencies will be able to cooperate more effectively with their U.S. counterparts. Moreover, the Biden administration has been ramping up its work with allies and partners. Among various efforts, the U.S. State Department has established a new Bureau for Cyberspace and Digital Policy with its first-ever Senate-confirmed cyber ambassador-at-large, Nathaniel Fick.
In February, Fick traveled to South Korea to meet with his counterparts at the Ministry of Foreign Affairs to discuss cybersecurity cooperation. He also met with South Korea’s major telecommunications providers to discuss their work in 5G Open Radio Access Networks (ORAN). ORAN is a secure and cost-effective alternative to traditional wireless networks. ORAN’s interoperability with hardware sold by differing vendors would allow for greater diversification of regional equipment suppliers to replace hardware from companies like China’s Huawei.
Also in February, law enforcement agencies from both countries issued a joint cybersecurity advisory, a sign of improved collaboration. The advisory warned healthcare networks and other critical infrastructure owners and operators against ransomware attacks. All these joint efforts emphasize the importance of enforcing responsible norms and behaviors and building the cyber capacity of allies and partners.
South Korea is already taking proactive steps, proposing to participate in U.S.-led multinational cyber exercises. Next, the national security advisers from both countries will meet in South Korea for the launch of a Next Generation Critical and Emerging Technologies Dialogue later this year. The agenda is to expand their partnership and discuss areas of cooperation in emerging technologies, like digital technology standards, semiconductors, quantum computing, and artificial intelligence.
Washington and Seoul have a strong foundation upon which to build their cyber partnerships. The Biden administration’s leadership in cybersecurity and the increasingly positive South Korean public sentiments about the South Korea-U.S. security alliance are all good indicators. By implementing the bilateral Strategic Cybersecurity Cooperation Framework, Washington and Seoul can take their partnership to the next level.