South Korea’s 2024 Cyber Strategy: A Primer

The Republic of Korea (ROK)’s National Cybersecurity Strategy released in February 2024 is an effort to transition from a defensive posture, as outlined in the previous 2019 National Cybersecurity Strategy, to an offensive posture. This primer provides an overview of the five ‘strategic tasks’ of the 2024 framework: offensive posture, infrastructure resilience, emerging technologies, industry-government coordination, and global collaboration. 

Offensive Posture  

The first strategic task in ROK’s updated cybersecurity strategy is a switch from a defensive to an offensive posture. The document states that “reinforcing our defense capabilities has its limits. Therefore, we must change our paradigm to respond offensively to North Korea and other threats, and thus upgrade the level of our cybersecurity.” This defensive-to-offensive shift mirrors the adoption of “defend forward” in the U.S. cyber strategy, which was introduced in the 2018 Department of Defense Cyber Strategy and expanded on in the 2023 Cyber Strategy.  

Another important feature of ROK’s new strategy is that it openly names North Korea as the biggest threat to ROK cybersecurity and proposes specific measures to counter the threat. In 2023, North Korea launched an estimated 1.3 million cyberattacks per day on ROK public institutions alone. While North Korea has long been the biggest threat to ROK’s cybersecurity, ROK’s 2019 cybersecurity strategy never explicitly mentioned North Korea and was emblematic of then-President Moon Jae-In’s more reconciliatory approach toward the aggressor state. 

While the 2024 strategy emphasizes the importance of attribution, it is relatively silent on proportionality and gives limited detail on how ROK is likely to respond to future cyber incidents. The strategy commits to using scientific evidence to “identify the forces behind cyberattacks against our country and impose responsibility corresponding to their malicious actions.” However, the use of the word “corresponding” provides limited insight into how the country intends to evaluate the severity of an attack, and choose a proportional response.  

One incident that might hold clues as to how ROK will assess proportionality and approach attribution under the 2024 strategy was North Korean cyberattacks on ROK shipbuilding companies in the months preceding the release of the 2024 strategy. Between August and October 2023, North Korea launched several cyberattacks on unnamed ROK shipbuilding companies. The attacks attempted to install malicious code on company devices and were allegedly designed to access proprietary information belonging to ROK shipbuilders in order to improve North Korea’s naval military capacity.  

ROK's National Intelligence Service (NIS) put out a press release shortly after the attempted attacks naming North Korea as the perpetrator but gave limited information on what the government considered to be a proportional response. The NIS said they were conducting an assessment of the security situation for major shipbuilders and ship-parts manufacturers, providing data as needed to the victim company, and issuing warnings to related industries. This response reflects either the challenge of responding to below-the-threshold attacks, the covert nature of ROK’s response, or both.  

Infrastructure Resilience 

The second strategic task of ROK’s 2024 cybersecurity strategy is the commitment to cyber resilience. The framework focuses first on strengthening information system security and calls for the creation of minimum-security requirements for national infrastructure operation systems, and a rapid response team in the case of future information system failures. The strategy also proposes creating a classification system to help assess the type and severity of cyber incidents.  

In addition to protecting information security, this portion of the strategy outlines measures ROK plans to take to protect public data on digital government platforms, including the implementation of a ‘Zero Trust’ security strategy. Finally, the framework iterates the importance of information and communications technology (ICT) supply chain security, and proposes designating trustworthy product and parts suppliers, minimizing security risks in the software development process, and improving workforce training and technical support.  

Emerging Technologies   

The framework’s third strategic task is to secure a competitive advantage in the technologies necessary for ROK’s cyber defense. Specifically, the framework commits to the industrialization of critical technologies and to establish a cyber risk management system to monitor cybersecurity vulnerabilities around the development and application of emerging technologies. The strategy doesn’t list the new technologies most consequential for ROK cyber defense – instead, it tasks a joint coalition of government, industry, and academia to identify a list, and review the relevant industrial policy. The framework does, however, identify the disruptive potential of AI and quantum technologies for cybersecurity and direct the expansion of research and development into “source technologies.”  

The 2024 strategy also plans to create a cyber risk management system (as well as the previously mentioned classification system for cyber incidents), which reflects a desire to improve and standardize cyber governance. The strategy also identifies a need to improve the exchange of technologies related to cybersecurity between public research institutes and private companies. Finally, the strategy calls for the establishment of a quantum-resistant encryption system and the adoption of new cryptography standards. This reflects a similar focus by the Biden administration, which released a national security memo in May 2022 in an effort to mitigate the risk that quantum computers present to national encryption systems.  

Industry-Government Coordination  

The updated cybersecurity strategy also acknowledges the importance of industry-government coordination. Among other tasks, the framework calls for the creation of a public-private data-sharing platform that would unify the national response to cyberattacks, including by mobilizing the private-sector workforce to respond to domestic and international threats if necessary. The strategy also calls on the federal government to improve the cybersecurity workforce by growing specialized education programs that will train experts for both private and public sector cybersecurity jobs. This portion of the strategy remains largely unchanged from the 2019 national cybersecurity strategy, which also emphasized the importance of building cybersecurity workforce expertise.   

Global Cooperation  

Finally, a core tenant of ROK’s 2024 strategy is building global cooperation mechanisms, particularly with the United States. Shortly before the release of the strategy, the United States hosted the seventh U.S.-ROK Cyber Policy Consultation, at which both parties provided updates on their cyber policies and committed to bilateral cooperation. Among other issues, the meeting focused on the importance of ASEAN for regional cyber resilience, and North Korea’s ongoing efforts to use cybercrime to fund the development of ballistic missiles and weapons of mass destruction.  

Another milestone in the U.S.-ROK partnership was the 70th anniversary of the alliance in 2023, and the release of the Strategic Cybersecurity Cooperation Framework. Released in commemoration of the anniversary, the framework is a roadmap for U.S.-ROK cyber cooperation and outlines areas of focus, principles for cooperation, and mechanisms. The areas of focus include developing defensive and threat mitigation tools to deny and deter cyber criminals, sharing information, coordinating in international forums, and collaborating on institutional reforms in both the U.S. and ROK, including workforce training. Mechanisms for cooperation cited in the framework include diplomatic mechanisms like the U.S.-ROK Cyber Dialogue, and technical mechanisms like the Cybersecurity and Infrastructure Security Agency’s Joint Cyber Defense Collaborative (JCDC).  

Looking forward, a challenge that the U.S.-ROK alliance will face is applying the Mutual Defense Treaty to cyber defense. The Mutual Defense Treaty was signed in 1953 between the U.S. and ROK shortly after fighting stopped in the Korean War and commits both parties to come to each other's aid in the event of an armed attack. The Department of State has affirmed that commitments made to ROK in the Mutual Defense Treaty apply to both a kinetic and cyber-attacks. As the security challenges ROK faces grow increasingly more hybrid than kinetic, regular reinterpretation of and commitment to the Mutual Defense Treaty will remain a cornerstone of the U.S.-ROK defense relationship.  

Ultimately, the strategic tasks outlined in ROK’s 2024 national cybersecurity strategy – an offensive posture to North Korea, commitment to infrastructure resilience, development of emerging technologies, industry-government coordination, and global cooperation – reflect both the evolving cyber threat environment ROK faces, and security policy priorities of the Yoon Suk Yeol administration.