South Korea released its new National Cybersecurity Strategy on Thursday with a focus on strengthening “preemptive” and “offensive” capabilities to counter North Korea’s increasing cyber threats. 

The strategy released by the National Security Office seeks to address the DPRK’s illicit cyber operations, including threats to infrastructure, virtual currency theft to fund nuclear and missile development and disinformation campaigns, the presidential office said in a press release.

Based on the National Security Strategy published last June, the new framework is the Yoon Suk-yeol government’s first cybersecurity strategy brief and emphasizes the protection of “liberal democratic values” in cyberspace.

Notably, the new strategy places a much clearer focus on combating DPRK cyber operations than the 2019 policy adopted by the former Moon Jae-in administration, which eschewed mentions of North Korea amid an inter-Korean detente.

“The revised strategy clearly outlines a national-level active response strategy to address the international and state-sponsored hacking organizations posing threats to South Korea’s cybersecurity and North Korea’s malicious cyber attacks,” Kim So Jeong, director of Emerging Security Studies at the Institute for National Security Strategy (INSS) told NK News.

It also focuses on offensive and preemptive measures, according to Lim Jong-in, a professor of cybersecurity at Korea University and special adviser on cyber to President Yoon.

“In the past, our approach to cybersecurity had been primarily defensive from a security perspective,” he told NK News.

OFFENSIVE STRATEGIES

Lim explained to NK News that the U.S. Cyber Command similarly transitioned “from passive defense to active defense, forward defense and defend forward strategies” in 2017 and Seoul’s new strategy aims to strengthen these capabilities through intelligence. 

He compared the new offensive approach to the U.S. Cyber Kill Chain and stated that “active defense” and “forward defense” strategies will look to gather intelligence, use this to formulate preventive measures, respond to potential intrusions and ensure swift recovery.

In order to enhance offensive cyber capabilities, the new strategy calls for the application of emerging technologies such as artificial intelligence (AI) and increased efforts to identify the sources of cyberattacks, monitor dark web activity and track the flow of virtual assets.

“While the revised strategy aligns with the U.S. direction in securing offensive capabilities and adopting an offensive stance, the specific details of how proactive defense operations are conducted and the conceptual framework remain undisclosed,” Kim of the INSS said.

GLOBAL CYBER COOPERATION

The new strategy emphasizes global cooperation to deter North Korea’s cyber threat, particularly with NATO member states and Asia-Pacific countries, including Australia, Canada and India.

Seoul has been making efforts to strengthen cyber cooperation with the U.S., Japan and the United Kingdom since last year and the strategy particularly emphasizes joint efforts with Washington and Tokyo.

The three sides have already begun coordination on joint sanctions and kicked off a new trilateral cybersecurity working group in December in line with their leaders’ agreement at last year’s Camp David summit.

The strategy said South Korea seeks to ensure its national interests and security considerations are reflected in international standards and agreements related to cybersecurity and to promote discussions between governments and private stakeholders, including Track 1.5 dialogues.

Kim of the INSS emphasized that it is crucial for South Korea to foster collaboration with allied and friendly nations to effectively combat the diversity of cyber attacks from the DPRK. 

“Attempting to address these challenges independently has its limitations. A proactive collaboration with the global community is essential to formulate effective strategies and solutions in response to the evolving challenges presented by North Korea’s cyber activities,” Kim noted. 

Korea University’s Lim also told NK News that collaboration with other nations will aid in developing South Korea’s own capabilities against cyber threats and enhance cooperative measures in utilizing AI for cybersecurity measures. 

Alongside preventing cybercrime, the strategy highlights the danger of North Korean and other foreign “influence operations and disinformation that can cause division of public opinion and social and economic turmoil in cyberspace.”

To counter the threat of “fake news,” the document calls for developing “diplomatic and technical countermeasures” and strengthening cooperation between ministries, industry and other institutions.

Other focus areas of the new strategy include strengthening cyber resilience for critical infrastructure, establishing a national cyber threat response system and developing capabilities in emerging technologies, including AI and quantum computing.

Edited by Alannah Hill