► This article discusses how NATO and the Republic of Korea are cooperating to leverage their strengths and expertise in the area of cyber defence, with both parties recognising their shared interests to defend and maintain a secure and peaceful cyberspace.

At NATO, Allies have agreed that cyberspace is contested at all times. Allies must be able not only to defend themselves adequately against cyber threats, but to support the upholding of international norms relating to responsible state behaviour in cyberspace. This includes calling out malicious activity where they see it. It also requires strengthened cooperation with partners, recognising that the cyber domain has no borders, and that upholding stability in cyberspace requires joint effort from actors with shared interests.

NATO’s cooperation with partners in the cyber domain is based on the principles of shared interests and values, leveraging our strengths as an international community to address crosscutting security issues and global challenges in ways where both parties benefit in terms of strengthened national defence postures. When Secretary-General Jens Stoltenberg visited the Republic of Korea in early 2023, he stressed several common security challenges, highlighting “what happens in Europe matters to the Indo-Pacific, and what happens in Asia matters to NATO.” This follows Allies noting in the NATO 2022 Strategic Concept, for the first time, the importance of the Indo-Pacific and how developments in the region can impact Euro-Atlantic security. In the document, Allies pledged to strengthened dialogue and cooperation with Partners in the Indo-Pacific to address such shared security interests.

NATO and the Republic of Korea have a strong and long-standing partnership on a range of topics that include non-proliferation, cyber defence, counter-terrorism, security-related civil science projects, interoperability, chemical, biological, radiological and nuclear (CBRN) defence, as well as civil preparedness, resilience and disaster relief. For cyber defence, strong cooperation between NATO and the Republic of Korea on cyber to date stems from the fact that both parties share common values, in both committing to promoting peace, preserving the international roles-based order, and upholding norms of responsible state behaviour. Upholding these values enables NATO Allies and the Republic of Korea to strive towards a peaceful and secure cyber environment, recognising that cyber defence is a core part of national and collective defence.

There are several aspects to existing and potential collaboration on cyber defence:

- Strengthening political dialogue: President Yoon Suk Yeol was warmly welcomed to the NATO Summit in July 2023, where he spoke with NATO Secretary General on the importance of international cooperation. This follows attendance at previous NATO Summits, alongside other high-level visits, including where NATO high-level representatives attended the Cyber Working group alongside the Seoul Defence Dialogue. This kind of relationship building reinforces the principles of shared values and commitment to a stable security environment, sending a clear message of unity to potential adversaries. Such commitments may be further strengthened through sustained political dialogue with Allies (through NATO Committees including the North Atlantic Council) and through regular staff-to-staff talks at all levels.

- Information sharing: The Republic of Korea is a leading global expert on regional cyber threat actors in the Indo-Pacific Region. NATO, for its part, has a breadth of Allied experiences, as well as a significant depth relating to lesson’s learned from Russia’s use of cyber as part of their war of aggression in Ukraine. Exchanging lessons learned between our communities helps inform national defenders on what others are seeing, enhancing situational awareness and allowing them to evolve their cyber defences in line with the cyber threat landscape. Today, the Republic of Korea are participants of MISP (Malware Information and Sharing Platform) which is used to share technical information with many NATO Allies and partners. Going beyond this to exchange information more frequently, for example through briefings or reports, can help leverage each party’s expertise to strengthen our resilience and defences, raising the costs to adversaries. It can also reduce duplication in a way that makes effective use of scarce resources.

Sharing best practices: Sharing information such as national best practices (for example, in developing cyber defence strategies, or in improving the training, recruitment, and retention of cyber defenders, allow nations to exchange experiences in a way that enriches their own national policies and procedures. It can also save time, reducing duplicative efforts as Partners can exchange what works. In leveraging the principle of reciprocity, the Republic of Korea and NATO Allies are able to achieve greater resilience against cyber threats.

Training and Exercises: Cyber exercises are an excellent way to test cyber defence processes and decision-making in a safe and controlled environment. They provides a venue for technical experimentation, introducing new concepts, and education as participants practice their cyber defence responses, from the technical level all the way up to simulating national and international policy decisions-making. The Republic of Korea has participated in Locked Shields, the world’s largest live-fire cyber defence exercise, since 2021. It is also participating in Cyber Coalition, NATO’s flagship collective cyber defence exercise, this November, having stepped up from Observer status at two previous iterations. Such international engagements benefit offering national cyber experts from all participating nations’ exposure to each other’s processes and procedures, allowing the Republic of Korea and other nations to exchange best practices, understand each other’s processes and procedures, boost interoperability and shared situational awareness.

Adjacent venues for collaboration (CCDCOE and others): As a NATO accredited organisation, the CCDCOE acts as a hub for research and expertise on cyber defence issues relating to international security. The Republic of Korea was the first nation from Asia to join the Cooperative Cyber Defence Centre of Excellence as a contributing participant in 2022. In so doing, they play an essential role in delivering the excellent research, training and exercising opportunities, and the world-leading annual International Conference of Cyber Conflict – attended repeated by senior Korean government representatives. The NATO CCDCOE is not a part of the NATO Command Structure, and is instead NATO accredited as an independent organisation, which gives flexibility for the Republic of Korea to engage fully with, and shape, the Centre’s initiatives. Other venues also provide valuable exchange of perspectives, and this year NATO attended the Republic of Korea’s International Conference on Building Global Cyberspace Peace Regime (GCPR) Conference, enabling productive discussions on opportunities for future cooperation.

The Strategic View – the Republic of Korea’s growing role in international cyber defence

NATO is committed to promoting a free, open, peaceful and secure cyberspace. In September 2022, in an NATO joint statement condemning the cyber attacks against Albania, Allies sent a clear political signal to adversaries. The statement further highlighted NATO’s aims to enhance stability by ensuring that international law is respected and by supporting the voluntary norms of responsible state behaviour in cyberspace. Likewise, the Republic of Korea has increasingly called out malicious cyber activity. This includes “joint voicing”, calling out North Korean state-sponsored cyber actors in joint advisories with the US. Such releases represent a clear political signal adversaries that malicious cyber attacks will not be tolerated; matching the sentiment in joint NATO statements. Moreover, at the GCPR conference held in September 2023, senior Republic of Korean government officials agreed on the need to do more, prioritising cyber security as a bipartisan and urgent effort. 

This policy shift towards proactive cyber defence, as well as a demonstrated increasing willingness to uphold international norms, highlights the Republic of Korea’s growing role as a regional - and global - actor promoting cyber stability. With the nation’s knowledge and expertise on regional threats, as well as the determination to defend itself and support stability in cyberspace, the Republic of Korea is well placed to work in concert with NATO Allies in adopting a proactive approach to cyber defence. As engagement with the international community already shows, the Republic of Korea has a significant role to play in the Asia-Pacific Region and beyond.

Notably, NATO is entirely defensive in nature, including in the cyber domain. Cooperation therefore focuses on activities to enhance resilience to cyber threats for Republic of Korea, the Alliance, and other likeminded partners. As we face an increasingly tense and unstable geopolitical landscape, deepening our partnerships is crucial not only for increasing our national resilience, but for defending our shared interests in and beyond the cyber domain.