June 26, 2023 | Policy Brief

U.S.-South Korean Cyber Cooperation Can Combat North Korean Threats

June 26, 2023 | Policy Brief

U.S.-South Korean Cyber Cooperation Can Combat North Korean Threats

Washington and Seoul held a high-level cybersecurity meeting over the course of three days last week as a follow-up to a joint pledge in April to increase cyber defense collaboration. This type of dialogue provides an opportunity to strengthen South Korea’s cybersecurity capabilities and undermine North Korea’s ability to fund its nuclear and missile programs through cyberattacks.

While the U.S. and ROK governments released few details about the meeting, it was a tangible step toward implementing their Strategic Cybersecurity Cooperation Framework adopted in April. Under that framework, the two nations pledged to “expand cooperation on deterring cyber adversaries, increase the cybersecurity of critical infrastructure, combat cybercrime, and secure cryptocurrency and blockchain applications.”

South Korea’s National Security Strategy, released in early June, further details Seoul’s plans to enhance its cyber capabilities. South Korea aims to establish clear responsibilities and frameworks within its government, foster cyber workforce development, and increase cooperation with its allies, including the United States.

The strategy’s cybersecurity section frames the challenge in terms of growing cyber threats from North Korea. Earlier this month, the FBI, the ROK’s National Intelligence Service (NIS), and their interagency partners issued an advisory warning that Pyongyang frequently conducts cyber espionage against both South Korean and U.S. targets, including think tanks and academics. North Korean hackers often impersonate journalists to try to trick individuals into providing information.

As Seoul’s new strategy also notes, Pyongyang uses “ransomware to acquire virtual assets” and “generate foreign currency.” North Korean cyber operatives stole more than $1.7 billion in digital assets globally in 2022 by hacking cryptocurrency exchanges, according to cryptocurrency analysis firm Chainalysis.

Pyongyang uses the stolen funds to support its nuclear and missile programs. According to the White House, as much as half of the budget for North Korea’s missile program comes from the proceeds of its malicious cyber activity. Enhancing U.S-ROK cooperation to thwart North Korea’s cyber operations is thus critical to the alliance’s efforts to combat the broader threat posed by the regime of Kim Jong Un.

One of the key challenges impeding effective U.S.-ROK cyber collaboration has been the different ways the two allies organize their bureaucracies to address threats from North Korea, a November 2022 report by the Center for a New American Security concluded. Washington has various law enforcement, intelligence, defense, and civilian agencies responsible for understanding, sharing information about, and responding to North Korean threats. Conversely, South Korea’s NIS handles all North Korea threats, including cyber threats. This makes it difficult for NIS offices to identify the appropriate counterpart with whom to share information.

In their Strategic Cybersecurity Cooperation Framework, however, Washington and Seoul committed to moving past previous challenges and improving intelligence sharing and technical cooperation. The allies will likely seek to build upon the work of the U.S.-ROK working group on North Korean cyber threats, which has already met three times since its inauguration in August 2022.

In addition to improving government-to-government collaboration, Washington and Seoul should encourage parallel cyber dialogues between American and South Korean academics and industry experts. Pyongyang’s cyber-espionage operations targeting these experts highlight the important role the private sector plays in both implementing national cyber resilience and evaluating national cybersecurity and geopolitical strategies.

Seoul has pledged that its soon-to-be-established National Cybersecurity Committee will include private-sector participants. Likewise, Washington’s own National Cybersecurity Strategy called public-private collaboration “essential to securing cyberspace.” Ensuring that the U.S.-ROK cyber dialogues become regularized and are complemented by non-governmental discussions can enhance collaboration both between the two allies and between their respective public and private sectors.

The United States and South Korea face growing threats from North Korea’s malicious cyber operations and nuclear and missile programs. The allies must continue to deepen their cooperation against these common challenges.

Annie Fixler is the director of the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD) and an FDD research fellow. Sae Furukawa is a CCTI intern. For more analysis from the authors and CCTI, please subscribe HERE. Follow Annie on Twitter @afixler. Follow FDD on Twitter @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.


Cyber North Korea