On May 21, South Korean President Moon Jae-in will become only the second world leader to hold an in-person summit with U.S. President Joe Biden. Undoubtedly, much of their conversation will be on the Biden administration’s recently concluded North Korea policy review, as well as immediate global challenges such as the pandemic, securing critical supply chains, and climate change. But both leaders should also engage in an extensive discussion of cybersecurity to address the growing rate and sophistication of cyberattacks since the beginning of the pandemic.
As two of the world’s most technologically advanced economies, the United States and South Korea are at increasing risk of cybercrime. According to NordPVN’s Cyber Risk Index the United States ranks fifth in the world for the risk of cybercrime, while South Korea ranks 20th. With state actors increasingly turning to cyber tools to spread disinformation, steal intellectual property and government secrets, or threaten critical infrastructure, the two allies have a mutual interest in cooperating on cybersecurity and an immediate interest in focusing on North Korea’s cyber activities and the need to develop secure supply chains.
Cyber Should Be Part of an Integrated North Korea Policy
While cooperation on cybersecurity between the United States and South Korea dates back to the Obama administration, issues related to North Korea’s nuclear weapons and ballistic missile programs have understandably dominated the focus of the alliance. However, while North Korea has been building up its nuclear weapons and ballistic missile programs, it has also been developing an active state-based cyber program that engages in commercial disruption, theft, and sanctions evasion.
Despite North Korea’s continued use and development of cyber tactics to advance its agenda, the Trump administration maintained the United States’ focus on the North Korea’s nuclear weapons and missile capabilities. Yet these same programs are supported by North Korea’s use of cyber tactics to gain access to hard currency and move assets outside of the traditional financial system.
For North Korea cyber tactics are an important part of the regime’s tool kit. They provide Pyongyang with an inexpensive means to conduct espionage and evade sanctions, while also providing the regime with an asymmetrical tool to use against its adversaries.
The United States and South Korea have a mutual interest in addressing North Korea’s cyber activities. Both countries have suffered cyberattacks from North Korea and its actions undermine efforts to enforce United Nations sanctions. The allies should place more emphasis on mitigating the threat as an integrated part of the alliance’s strategy for dealing with North Korea’s weapons programs.
Get briefed on the story of the week, and developing stories to watch across the Asia-Pacific.
Get the Newsletter
South Korea is a frequent target of North Korea’s cyberattacks. Its National Intelligence Service estimates that North Korean cyberattacks on South Korea have increased 32 percent over the last year and now average 1.58 million per day. North Korea’s prior targets in South Korea have included cryptocurrency exchanges, financial and media institutions, and other businesses, while also extracting information on nearly 1,000 North Korean defectors.
These cyberattacks on South Korea have implications for the alliance. Prior efforts have gained access to joint U.S.-Korea military plans, designs for South Korean naval ships, and blueprints for the F-15’s wings.
They also undermine efforts to pressure North Korea into dismantling its nuclear weapons and ballistic missile programs by providing an outlet to evade sanctions. The United Nations estimates that North Korea has stolen $2 billion in hard currency and cryptocurrency through cyberattacks, while the regime’s use of cryptocurrency allows it to transfer money internationally despite U.N. and U.S. prohibitions on financial transactions and the use of the U.S. dollar.
The economic damage, however, from Pyongyang’s cyber activities is more extensive than the direct theft of hard currency or cryptocurrency. The WannaCry malware attack, which disrupted the British National Health Service and other systems around the world, is estimated to have resulted in global losses of $4 billion. While smaller, the Sony hack is estimated to have cost the movie studio $15 million.
Less well understood is the economic damage from North Korea’s potential turn to the theft of intellectual property. The most recent 1718 Committee report suggests that North Korea has attempted to gain access to defense firms for military technology and information that could be sold for financial gain. It has also sought to gain access to information related to COVID-19 vaccines. While some intelligence officials believe North Korea is looking to sell its own vaccines, the intellectual property behind the mRNA vaccines is likely much more valuable to firms looking to develop pharmaceutical products using the same processes.
The Vulnerability of Supply Chains and Critical Infrastructure to Cyberattacks
The pandemic has accelerated existing trends toward remote work and digital commerce, but it also highlighted the vulnerabilities in existing supply chains. The just-in-time model of production adopted by many firms left little excess capacity to produce essential supplies in a crisis. Early in the pandemic, items such as personal protection equipment were in short supply, but over time increasing demand for computers, tablets, videogame systems, and other electronic items for workers at home created a shortage of semiconductors that is now forcing other firms to halt production.
The White House has responded to the shortages of semiconductors and other items by initiating a 100 day review into the supply chains for semiconductors, rare earth minerals, active pharmaceutical ingredients, and batteries for electric vehicles. That initial review will also be paralleled by a longer review of six industrial bases and the supply chain for food and agricultural production.
Whatever the conclusion of the review, reshoring all production is not a practical option and the United States will need to work with trusted partners like South Korea to develop secure supply chains.
Despite already being one of the world’s largest manufacturers of syringes, the United States has faced a shortage of needles for distributing COVID-19 vaccines. In this case, a South Korean firm was able to work with Pfizer to help produce syringes that filled a supply need and allowed for extra doses of the vaccine to be extracted.
Semiconductors are more complex to produce and will require continued international cooperation. Even with the expected opening of new fabs by Samsung, Intel, and TSMC in the United States, the majority of the world’s production of memory chips will remain in South Korea. The U.S. will likely remain dependent upon supplies from abroad for critical components for automotive chips from South Korea as well.
Even if the United States succeeded in reshoring all of the production of critical supplies, there is a broader geostrategic imperative for it to ensure that critical partners and allies also have access to secure supply chains.
Firms, however, will increasingly turn to artificial intelligence, smart factories, and other technologies to better manage supply chains in the event of future crises. The move toward increased use of technology to address supply chain disruptions, as well as the transition to a digital economy, will make the U.S. and South Korean economies increasingly vulnerable to cyberattacks – something highlighted by the recent hack into the systems of Colonial Pipeline that forced the company to shut down a major oil pipeline in the United States.
Production can be disrupted along different points of the supply chain and securing them will require increased cybersecurity to protect factories and critical infrastructure. The Colonial Pipeline intrusion was conducted by DarkSide, a criminal hacker group, but North Korea is a concern here as well as the U.S. government has determined that North Korea has the ability to disrupt critical infrastructure.
While the Trump administration was negotiating in Hanoi, North Korea was engaged in a cyber operation designed to infiltrate defense, financial, energy, telecommunications, healthcare, and other firms in the United States. More recently, Pyongyang is believed to have gained access to critical information systems in India’s newest nuclear power plant.
How Should the Alliance Address Cybersecurity?
The United States and South Korea established a mechanism for biannual cybersecurity consultations in 2012, but the threat from North Korea and the need to develop secure supply chains requires deeper cooperation. Supply chains cut across borders and protecting points in one country but not the other is not a feasible strategy. Sharing best practices and threats in close to real-time will be essential.
The U.S. and South Korea should also consider discussing a cyber accord with North Korea. While North Korea will be reluctant to give up one of its key asymmetric advantages, those same concerns have not precluded discussions over Pyongyang’s nuclear weapons and ballistic missile programs. Those latter two programs remain a possible threat to the United States and South Korea, but North Korea and others are actively engaging in cyberattacks against the United States and South Korea.
While the issue of cybersecurity should be discussed at a bilateral level, these challenges are multilateral in nature and an area where cooperation through the Quad would be suboptimal. European and other countries are not exempt from North Korean cybercrime and are critical points in supply chains.
One way to address this challenge is to work through small groupings on areas of mutual interest. In dealing with the threat of ransomware, for example, the two allies should consider working with other countries to implement some of the recommendations from the Institute for Security and Technologies recently released joint taskforce report. The report includes recommendations for developing an international coalition to combat ransomware and to establish a network of investigative hubs for ransomware.
The allies should also work with like-minded countries to encourage cryptocurrency exchanges to adopt Financial Action Task Force’s anti-money laundering and “know your own customer” rules to close one of the routes that cyber criminals – whether state-based or not – use to move their illicit gains.
Similar groupings for critical products should be considered for supply chains.
The risks from cyber will only continue to grow as more of our daily lives become digital and interconnected. As they do the United States and South Korea should continue to look for ways to deepen their cooperation bilaterally and multilateral on cybersecurity.