The South Korean government announced the Indo-Pacific Strategy of Freedom, Peace and Prosperity in December last year. This strategy pursues economic cooperation and prosperity in infrastructure, trade and supply chains, and focuses on cooperation and solidarity based on openness and inclusion, not competition. It’s encouraging that the strategy directly refers to supporting cyber capabilities, expanding official development assistance (ODA) and seeking ways to cooperate with major donor countries. The EU and the Republic of Korea can jointly promote trust-building measures and capacity building activities to improve cybersecurity in this region.
The Indo-Pacific region and South Korea have significant interdependence in the economic sense. The Indo-Pacific region accounts for about 78% of Korea’s total exports and about 67% of its imports. A majority of South Korea’s top 20 trading partners are located in the Indo-Pacific region and 66% of Korea‘s foreign direct investment is concentrated in this region. In particular, the South China Sea is a key maritime transportation route, and about 64% of Korea’s crude oil and 35% of its natural gas moves through the region.
The ‘Indo-Pacific Strategy of Freedom, Peace and Prosperity’ was announced in December last year to recognise the strategic importance of the Indo-Pacific region and to contribute to maintaining a stable regional order. It’s one of the Yoon government’s specific implementation strategies in becoming a global pivotal state (GPS). The strategy includes efforts to strengthen rule-based order and resolve conflicts. Both will be achieved by strengthening comprehensive cooperation, including cyber cooperation, by complying with universally accepted international laws and norms.
This strategy pursues economic cooperation and prosperity in infrastructure, trade and supply chains, and focuses on cooperation and solidarity based on openness and inclusion. In addition, through the concept of ‘comprehensive security’, as opposed to security as a military concept, South Korea intends to jointly cope with global issues such as COVID-19 and climate change.
Cyber and Indo-Pacific Strategy of 2022
The strategy mentions cyber several times. It stipulates the development of Korea’s existing alliance with the US in the North Pacific region into a global comprehensive strategic alliance that includes cooperation on cyber issues. The strategy also says that South Korea will actively cooperate with Japan, and that South Korea, the US and Japan will hold trilateral discussions on cybersecurity cooperation, among other issues. In addition, there’s strong potential for cooperation among Korea, the United States and Australia, which share common values. The strategy also deepens cooperation with NATO as a global partner and strengthens cooperation in the high-tech field through participation in the Prague Cyber Security Conference.
Since the complex security challenges of the 21st century demand multidimensional and comprehensive responses, Korea is seeking regional comprehensive security cooperation that encompasses traditional and non-traditional security threats. In particular, the Indo-Pacific Strategy highlights Korea’s cybersecurity norm setting efforts, noting: ‘We are participating in the discussion of international norms of the United Nations to create a safe and secure cyberspace. While conducting bilateral cyber consultations with regional countries, Korea also plans to expand threat information sharing in consideration of gaps in cyber capabilities of each country.’
Cyber capacity building (CCB) is being continuously discussed, both between allies in discussion bodies and at the UN level, as a way to develop international norms of cyberspace and induce responsible state behaviour. The Sustainable Development Goals (SDGs) provide a good example: countries considered ways to contribute to cybersecurity in achieving the UN’s SDGs 2016–2030. The 17 sector-specific development goals provide a specific direction and standard for international cooperation and development, and digital infrastructure and technology development are major means of or support factors for achievement of the SDGs. The UN Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG) continue to address capacity building issues, too.
CCB in Korea
Korea began to elevate its efforts to strengthen cyber capabilities and enhance cooperation after hosting the 2013 Seoul Cyberspace Conference, which defined cyber capacity building as one of its six agendas. The National Cybersecurity Strategy of 2019 states, ‘We will expand overseas cybersecurity capabilities supports by providing cybersecurity technologies and systems for developing countries from a reciprocal perspective.’ At the time, these efforts were recognised as merely a means for international cooperation, not a strategic process.
More recently, South Korea has realised that there is a strategic linkage between CCB and national security. Due to the connectivity of cyberspace, strengthening cybersecurity in Korea is inseparable from improving the level of cybersecurity in developing countries. North Korea is now using its IT personnel to support its nuclear and missile programs by obtaining funds and stealing virtual assets. North Korea’s IT personnel have infiltrated South Korea’s networks using third countries’ infrastructure (vulnerability abuse) and by carrying out malicious attacks such as malware insertion. Countries in the Indo-Pacific region, along with China, are often used by North Korea to transit attacks. Therefore, improving the level of cybersecurity in potential ‘pass through’ countries is a prerequisite for strengthening South Korea’s cybersecurity. With this in mind, CCB has a national security component.
In this environment, it is encouraging that the 2022 Indo-Pacific strategy directly refers to supporting cyber capabilities, expanding official development assistance (ODA) and seeking ways to cooperate with major donor countries. The strategy states: ‘In this region, 14 of Korea’s 27 development cooperation-focused partners are located. The Republic of Korea will expand development cooperation in the Indo-Pacific region with more official development assistance (ODA). … We will seek joint cooperation with major donor countries such as the United States, Australia, New Zealand, the European Union, and the United Kingdom in the marine environment, climate change, health, digital and cyber fields.’
Cooperation with EU
South Korea’s cooperation with the United States has prompted stronger cooperation in responding to cyberattacks from North Korea. In particular, North Korea is seeking to use its IT personnel to generate foreign currency income by stealing virtual assets, which are then used to fund its nuclear and missile programs. The US and South Korea have implemented sanctions as part of their countermeasures against serious cyberattacks, with the US in particular implementing a presidential executive order in response to malicious activities by North Korea. South Korea and the US are also trying to prevent the North Korean regime from indirectly working for companies in major Western countries to earn income. At the same time, a lot of attention is being paid to preventing the North Korean regime from using additional sources of funds that avoided sanctions by preventing the seizure of virtual assets and tracking and blocking their cashing.
Likewise, it’s time for more specific and practical cooperation between the EU and South Korea. This year marks the 60th anniversary of the beginning of formal diplomatic relations between Korea and the EU. Korea and the EU have promised to further boost high-level exchanges to continue to strengthen and develop their strategic partnership that was established in 2010. The two sides agreed that freedom, peace and prosperity in this region are important, and decided to actively seek cooperation by linking their strategies.
The EU is expanding its commitment through the Enhancing Security Cooperation in and with Asia (ESIWA) project, and continues to secure regional safety and strengthen cooperation in the region. The ESIWA project supports a variety of activities to strengthen capabilities in the cyber field in particular. If the EU and Korea jointly promote trust-building measures and capacity building activities to improve cybersecurity in the Indo-Pacific, it will increase security in and generally benefit both regions. In particular, as North Korea has recently launched cyberattacks aimed at every corner of the world, South Korea – with its deep experience and know-how in responding to North Korea’s cyberattacks – will be able to provide best practices for response. Cyber capacity building efforts are a good starting point for more extensive future collaboration.
About the Author
So Jeong Kim
Dr So Jeong Kim is a Senior Research Fellow of the Institute for the National Security Strategy, an Advisor in the science and technology field of the Ministry of Foreign Affairs, and an Advisor to the Korea-U.S. Cyber Security Working Group. She was involved in drafting South Korea’s National Cyber Security Strategy and was also involved in the 4th and 5th UN Information Security Group of Governmental Experts as an adviser.