South Korea—boasting cutting-edge digital technology, efficient computer networks, and the world’s top high-speed Internet penetration rate—has earned global renown as a “strong Internet nation.” Behind these impressive feats, however, lies an unpleasant reality: its vulnerability to cyber threats, particularly to those allegedly originating from North Korea. Beginning with a series of distributed denial-of-service (DDoS) attacks in July 7, 2009, North Korean hackers have repeatedly infiltrated and paralyzed South Korean government, finance, and critical infrastructure websites. Recently, a more sophisticated approach has increased rapidly and effectively; a particularly worrisome change has been the rise of Advanced Persistent Threats (APTs).
While it is widely known that North Korea has capitalized on some 6,000 cyber warriors to exploit South Korean network systems, a growing concern addresses the likelihood of these online incidents being coupled with offline offenses, especially in the form of nuclear attack. Those concerns grew markedly in December 2014, when perpetrators, allegedly linked to North Korea ,threatened to leak information regarding nuclear power plants unless the South Korean government shut down the reactors operated by Korea Hydro & Nuclear Power (KHNP).
In the wake of a series of such North Korean cyber-attacks, safeguarding and securing cyberspace has rapidly emerged as a major priority for South Korean national security. The nation has taken significant measures to strengthen its cyber capabilities, including developing firewalls, hiring cyber specialists, establishing a cyber warfare command, advancing educational organizations, and pushing forward legal frameworks advocating cyber protection.
After falling victim to several attacks, South Korea responded by establishing a national “control tower,” a special overarching governance integrating and coordinating cyber security efforts across governmental organizations. The government also created a new presidential post to deal exclusively with cyber security issues and nominated a civilian expert as a security advisor to the president. Currently, the ruling party and the National Intelligence Service (NIS) are pushing for the passage of an anti-terrorism bill in the National Assembly, which has provoked objection from opposition parties as well as public protests. South Koreans are wary about this potential legal move due to the general sense of distrust toward the NIS, which is expected to acquire more monitoring authority over the cyber domain.
As sophisticated as a system design may be, it will have bugs and holes— inevitable by-products of technological complexity—that make it as vulnerable to penetration and change as it is advanced. In this respect, those seeking to penetrate a computer system are at a significantly more advantageous position relative to the defender. Moreover, the complex nature of the Internet makes it difficult to identify the offenders in cyber-attacks. Even when a culprit is identified, the complex nature of cyberspace often makes it quite controversial, and even futile, to single out any one actor; in this way, the network itself could even be to blame. Indeed, the complexity often makes it impossible to identify the subject of offense or the object of retaliation.
In this context, it is critical to recognize that securing cyberspace does not solely depend on fostering material or institutional capabilities at the domestic level; it also requires cooperative solutions among committed actors at the international level. It is crucial for South Korea to collaborate with the United States, a longstanding ally, in sharing information on cyber threats. An instance of such cooperation was South Korea’s response to the November 2014 Sony Pictures hack, in which it provided the United States with critical information regarding North Korea’s hacking routes and techniques.
It is also vital for South Korea to foster cooperation with China, which holds the ability to provide crucial information about North Korea’s cyber-attacks. Because North Korea lacks the critical information infrastructure necessary to effectively execute its cyber-attacks, North Korean hackers are frequently stationed in China. Had China refused to cooperate with South Korea’s in its cyber investigations, the South Korean government would have failed to trace and identify critical North Korean hacking attempts.
In conjunction with bilateral cooperation, South Korea is also actively participating in efforts to establish multilateral frameworks for international norms in the cyber security domain. In the face of increasingly advanced and prevalent hacking technologies, many countries and international organizations are placing a greater focus on devising security measures and enhancing multilateral cooperation to combat cyber threats, which could be as devastating as physical military strikes.
For example, though they have yet to reach consensus, international entities such as the UN, the International Telecommunication Union, the Organization for Economic Cooperation and Development, and the Internet Corporation for Assigned Names and Numbers are taking strides to build a global framework for Internet governance—which includes the contentious subfield of cyber security. In this context, South Korea—an emerging middle power in world politics—has expressed growing concerns regarding its responsibility to play a significant role in establishing cyber security norms. South Korea’s successful experience hosting the Seoul Conference on Cyberspace in October 2013 has increased its expectations in fulfilling such a role.