U.S.-South Korea Forge Strategic Cybersecurity Framework

The United States and South Korea have crafted a “Strategic Cybersecurity Cooperation Framework.” The framework is part of recent bilateral accords intended to signal mutual adversaries and reaffirm the “ironclad commitment to what has become a global alliance focused on deepening defense and security ties.”

North Korea’s cyberthreat shenanigans are one area of concern, as highlighted in the ODNI’s Annual Threat Assessment of the U.S. Intelligence Community released in February 2023 that opined, “Beyond Pyongyang’s cybercrime efforts, cyber actors linked to North Korea have conducted espionage efforts against a range of organizations, including media, academia, defense companies and governments in multiple countries.”

Mikko Hyppönen, chief research officer at WithSecure, observed, “This framework is important, mostly because of the message it sends to North Korea and China. North Korea is dangerous and unpredictable, and the only nation-state in the world that is doing cyberattacks in order to create income for the state. China does more online espionage than any other country. This is why this initiative is important.”

Just how active are the cyberthreats targeting South Korea? The Trellix Advanced Research Center (ARC) team offered (as of May 11) the largest groups targeting South Korea were:

  • Russian-backed Gamaredon;
  • North Korea-backed Kimsuky;
  • China-backed Mustang Panda;
  • Iranian-backed MuddyWater.

The Trellix ARC also noted that these attacks were focused on software companies and the energy, oil and gas sector, which are “arguably attacks against critical infrastructure.”

This framework agreement follows on the heels of the Supply Chain and Commercial Dialogue (“SCCD”) from May 2022, which focused on the semiconductor industry, robotics, additive manufacturing and other matters of mutual interest with an emphasis on dual-use technologies which could affect national security.

Framework

A quick review of the framework makes clear that this is not simply a policy document but a path for mutual investment in both defensive and offensive cybersecurity technologies, as well as the coordination and collaboration between governments against recognized adversaries (though none were called out by name). The framework says the U.S. and South Korea will:

  • Develop and implement tools and threat mitigation to deter malicious actors.
  • Participate in information-sharing and cooperation to detect, deter and disrupt malicious activities in cyberspace.
  • Collaborate in international forums and promote the framework for responsible peacetime state behavior in cyberspace and hold accountable irresponsible states that destabilize activity in cyberspace.
  • Participate in joint cyberexercises between the United States and the ROK and cooperate in the research and development of core technologies to protect critical national infrastructure.
  • Cooperate in policy and institutional improvements for personnel training, e.g., cybersecurity expert exchanges and educational support and enhancing the cooperation between private sectors.
  • To enhance the public-private partnership within academia and sharing of cyberthreat information in real-time
  • Enhance cooperation in cybercapacity.

The framework goes on to highlight that the level of cooperation includes the use of “available capabilities to deter, deny, defend and respond to the full range of cyberthreats, including through political, diplomatic, economic, law enforcement, military and technical means.” The U.S. and ROK will continue sharing information to counter malicious cyberactivities and to “carry out coordinated action and/or parallel response measures, as appropriate, through close bilateral consultation and information sharing in the event of a significant cyberincident affecting the national interests, or critical infrastructure of the United States and/or the ROK,” the framework stated.

Cybersecurity Hyperbole or Reality?

An extract from the recent Armis report, “The New World Order,” highlighted that cyberwarfare is a reality and that “China and others continue to heavily invest in cyberwarfare capabilities.” The authors explained why everyone should be concerned by saying, “In this kind of warfare, everyone is on the front line. Every company, every person. There are no borders. That’s what makes this such an effective form of warfare. It’s not just governments and militaries that need to be vigilant. Every business and individual has a role to play in protecting themselves and their assets from potential cyberattacks.”

Immanuel Chavoya, SonicWall emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”‌

Similarly, Pat Flynn, head of advanced programs group, Trellix Advanced Research Center, said, “Right now there are 13 known malicious campaigns simultaneously targeting the government [of South Korea]. This framework will only raise the tension of the problem to one with a more prominent role, adding to the already existing activity in the threat environment.”

In summary, the United States and South Korea are attaching themselves at the proverbial hip in several strategic areas via initiatives such as this framework and may be expected to continue to do so. The 70-plus-year relationship is resilient and growing.

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 186 posts and counting.See all posts by burgesschristopher