The United States and South Korea recently established a formal “Strategic Cybersecurity Cooperation Framework,” in which both governments agree to cooperate in the targeting of cyber adversaries such as North Korea.  Per a White House release, the new bilateral emphasizes developing an organizational culture to enhance national-level cybersecurity efforts, increasing defensive capabilities, and collaborating on cybersecurity capacity building.  Additionally, both governments agreed to initiate a “Next Generation Critical and Emerging Technologies Dialogue,” where they would launch an interagency technology dialogue that meets once a year to expand areas of mutual interest in areas of semiconductors and digital and quantum technologies.  A joint statement indicated that the framework also intended to better shore up critical infrastructure cybersecurity protection, and addressing cryptocurrency issues.

The formal agreement appears to be the culmination of various engagements over the years between the two countries.  In 2021, Washington and Seoul pledged to deepen cyber cooperation through the establishment of the Domestic Violence and Cyber Exploitation Working Group  in an effort to increase law enforcement partnership on cybercrime matters.  Then in 2022, South Korea and the United States began exploring possibilities of a cybersecurity trilateral relationship with Japan.  The United States and South Korea have participated in several international cyber exercises to include NATO’s Locked Shields, the largest annual interactive cyber exercise that in 2022 included 2,000 participants from 32 countries.  The relationship has matured and driven by strategic interests and shared threats and an understanding that the partnership of two of the more technologically advanced countries in the world is positive step forward in shoring up their respective cybersecurity postures.

The Strategic Cybersecurity Cooperation Framework is important because it sends a message to the two biggest foreign threats facing both the United States and South Korea – North Korea and China.  North Korea is a perpetual cyber antagonist to South Korea, and although it has focused on cybercrime to aid sanction relief and funding of other programs, it has consistently demonstrated an ability to conduct sophisticated cyber espionage with a global reach.  China’s multifaceted use of cyber attacks to support many of its strategic interests are as significant a concern to both Washington and Seoul, and has been captured as the primary cyber threat in the recent U.S. Intelligence Community worldwide threat assessment. in many reports by the U.S. Intelligence Community.  A recent testimony by the U.S. FBI Director revealed that the bureau’s cyber personnel focused on the China threat were outnumbered “50 to 1” by Chinese hackers.

Robust collaboration has the potential to yield substantial results if it is executed correctly.  One criticism of previous United States-South Korea cyber cooperation has been its failure

to implement their efforts properly.  With respect to North Korea, historically, joint efforts to combat North Korea’s theft and use of cryptocurrency had been largely unsuccessful.  However, there is evidence to suggest that this might be changing with the United States sanctioning three individuals for supporting North Korean cryptocurrency laundering in late April.  This came on the heels of reporting that North Korean cyber actors compromised the supply chain of 3CX, facilitating the theft from cryptocurrency firms, showing that collaboration between the United States with its sanctioning power and South Korea’s understanding of cryptocurrency-related risks can yield tangible results against one of their mutual adversaries.

However, China is a more difficult nut to crack, especially given its role as South Korea’s leading trading partner and the way the two countries are integrated technologically. China is the largest purchaser of South Korea’s medium- and low-end semiconductor products, and some South Korean companies like Samsung and SK Hynix are finding it challenging to increase their commercial interests in China due to Washington restricting China’s ability to acquire advanced chip equipment.  Therefore, it may be trickier for South Korea to crack down on the Chinese cyber threat than it has done with North Korea, despite being victimized by Chinese cyber operations in search of sensitive military and industrial information in addition to intelligence related to North Korea.

Nevertheless, the agreement certainly indicates a willingness on Washington and Seoul cyber containment strategy by establishing formal partnerships with regional allies that have typically fallen in the crosshairs of Chinese cyber espionage.  Washington already has one with the Quad, the four-country security organization that transformed itself from a loose group committed to regional humanitarian relief efforts to one committed to counterbalancing Chinese diplomatic and military interests in the Indo-Pacific.   Now, with South Korea poised to provide the same type of assistance, the United States will have cyber partners around most of China’s geographic perimeter.  With each of these countries having been heavily targeted by suspected Chinese cyber actors, the threat intelligence sharing potential and the potentials for on-site collaboration would be an incredible security opportunity, and an intelligence goldmine. 

While this looks good on paper, the implementation may be harder to achieve.  For example, due to historical issues, South Korea and Japan maintain a complicated relationship that has impacted cybersecurity collaboration in the past, and will need more high-level engagement for one to be productive for both sides.  However, with signs indicating signs that any freeze in their relationship may be thawing, Beijing sees that it must try to exploit existing rifts between nations to sow discord and weaken trust.  Beijing has been aggressively painting the United States as an unreliable ally, particularly in the aftermath of the leaked Pentagon documents, exposing its spying against friendly governments, and painting it as a cyber hegemon to the detriment of the international community.  It remains to be seen if this continuous barrage anti-U.S. articles and reports of U.S. intelligence agency cyber espionage will create the wedge that Beijing so desperately seeks.  Still, the efforts being made in the media and social network platforms suggest Beijing thinks it is a rewarding and necessary endeavor.

A recent opinion piece by a Chinese expert criticized the South Korea-United States April meetings as tools for bloc confrontation, a sentiment that no doubt extends to the Chinese government.  This is a promising indication that a strong and committed cybersecurity partnership is the right track to begin to counter nation state threats in cyberspace.  Washington needs to merge its efforts with the Quad and any of those individual cyber agreements it makes with other nations who likely have been targeted by China if it wants to start to mitigate the expanse and breadth of not only Beijing’s cyber activity, but states like Iran, North Korea, and Russia, as well. 

How effective these partnerships can be rests entirely on how they address the China threat.  That means they must not be in name only, but proactively show all aspects of state collaboration to be relevant.  This may very well ostensibly push China closer to other adversaries, but evidenced by the Ukraine war, when states rush to the aid of other states in times of conflict, they are already picking sides.  China understands this and is carefully watching the missteps Moscow has made, and how the world has reacted.  A visible, successful U.S.-South Korea/Quad cyber partnership may very well be the vehicle that influences China to curb its behavior with respect to its cyber activities.  The cyber spying will likely continue, but the heated rhetoric and its belligerent social media campaigns may dwindle as a result, showing that Beijing could be open for a reset, which would be good for the world before any Taiwan flareup has a chance to occur.