South Korea and the United States established the U.S.-ROK alliance in 1953 in response to North Korea’s military threats following the Korean War. For South Korea, this alliance has long served as a cornerstone of its foreign relations, emphasizing its importance in military security, economics, technology, and various other dimensions.    As tensions between the U.S. and China escalate, often referred to as a “new Cold War,” and as the Indo-Pacific region gains strategic security significance, the U.S.-ROK alliance has taken on even greater importance as a global strategic partnership for both nations.

 

In commemoration of the 70th anniversary of the U.S.-ROK alliance in 2023, the leaders of both nations reaffirmed their shared commitment to values such as democracy, economic prosperity, security, and technological innovation during their Washington Summit. They also agreed to expand the military alliance into cyberspace to strengthen the capacity to address the growing global cyber threats. This decision comes amid increasing North Korean cyber threats, as it has been reported that North Korea is using funds acquired from cyberattacks to finance its military development, including nuclear weapons and missile programs. This has elevated cybersecurity from being a mere economic or informational threat to a critical pillar of military security.[1]

 

Current State of U.S.-ROK Cybersecurity Cooperation

  Summits and Strategic Cybersecurity Cooperation Framework

Even prior to the Washington Summit, the U.S. and ROK have addressed cybersecurity as a core agenda. In the May 2022 summit, both nations pledged to enhance cooperation in responding to North Korean cyber threats. They agreed to bolster cooperation in areas such as cyber deterrence, the cybersecurity of critical infrastructure, combating cybercrime and money laundering, protecting cryptocurrency and blockchain applications, capacity building, cyber training, information sharing, and military cyber cooperation.[2]

 

Building on the joint declaration of the 2022 summit, the leaders further declared that at the April 2023 Washington Summit that the U.S.-ROK alliance would extend into cyberspace, committing to begin discussions on how and under what conditions the Mutual Defense Treaty (MDT) could be applied in the cyber domain. To formalize these efforts, they signed the Strategic Cybersecurity Cooperation Framework, aimed at solidifying bilateral cybersecurity cooperation.[3]

 

This framework includes plans to share cyber threat information in real time, implement collaborative measures during significant cyber incidents, promote cybersecurity technology and policy cooperation, jointly respond to malicious cyber activities, hold responsible those states engaged in destructive or unlawful behavior, and conduct joint cyber exercise.

 

 U.S.-ROK Cyber Policy Consultations

The U.S.-ROK Cyber Policy Consultations were first established in 2012, with meetings held in 2013, 2014, 2016, and 2018. However, following the fifth meeting, there was a four-year hiatus until the sixth consultation in December 2022, which took place after the 2022 summit. The consultations have resumed actively, with the seventh meeting scheduled for January 2024.[4] During these consultations, the two sides discussed plans for cooperation in addressing North Korean cyber threats and strengthening the security of critical infrastructure.

 

Furthermore, the Senior Steering Group (SSG) on cybersecurity was established in June 2023, under the auspices of the U.S. National Security Council and South Korea’s National Security Office. This group has been tasked with detailing the cybersecurity cooperation measures agreed upon by both leaders and initiating discussions to enable a swift response to national-level cyber threats.[5] The third meeting of the SSG took place in May 2024, further strengthening the close cooperation between the two nations.

 

Several working-group meetings have been initiated to expand cooperation across various sectors. In August 2022, a U.S.-ROK working group on responding to North Korean cyber threats was formed, with its seventh meeting held in 2024. The group agreed to exchange information on North Korea’s illicit cyber activities and strengthen measures to deter such activities through diplomatic engagement, public-private cooperation, and legal actions.[6] And the U.S.-ROK Defense Cyber Policy Working Group has enhanced collaboration in responding to military cyber threats.[7] Additionally, Memoranda of Understanding (MoUs) have been signed between South Korea’s Cyber Command and the U.S. Cyber Command,[8] South Korea’s National Intelligence Service and the U.S. Cybersecurity and Infrastructure Security Agency (CISA),[9] and South Korea’s Ministry of Foreign Affairs and the U.S. Department of State to strengthen cooperation in cybersecurity.[10]

 

 U.S.-ROK Joint Cyber Exercises

Joint cyber exercises have further strengthened U.S.-ROK cybersecurity cooperation. South Korea’s Cyber Command participated for the first time in “Cyber Flag,” the U.S. Cyber Command’s annual military exercise aimed at enhancing cyber readiness and partnership with allies, in October 2022.[11] Following an agreement at the 2023 Security Consultative Meeting (SCM), South Korea will regularly participate, with the third joint exercise scheduled for May 2024. In January 2024, the first U.S.-ROK joint cyber alliance drill was conducted, focusing on sharing real-time threat information and practicing cyber response procedures to strengthen operational capabilities.[12]

 

Pathways for Progress

Following the agreements reached at the 2022 and 2023 U.S.-ROK summits, both nations have been working to expand their cybersecurity cooperation and develop concrete measures to operationalize these efforts. While significant progress has been made in U.S.-ROK cybersecurity cooperation, continuous expansion and improvement are needed to achieve tangible outcomes.

 

First, there is a need for the continuous expansion of information sharing. Timely information sharing enables the early detection of cyberattack indicators, allowing for rapid response and the prevention of further attacks. This is one of the most effective ways to protect not only national security but also the global economy from the potential damage caused by cyberattacks on critical infrastructure by state-sponsored malicious actors. Additionally, information sharing is crucial for identifying the actors behind such attacks. The U.S. continues to emphasize the importance of joint attribution of malicious cyber activities with its allies and partner nations.[13] Similarly, South Korea plans to actively utilize joint cybersecurity advisories with like-minded countries to expose threat actors and their activities as part of its effort to enhance cyber deterrence.[14]

 

To facilitate smoother e-evidence sharing and information flow, the two nations could consider entering into a Clarifying Lawful Overseas Use of Data Act (CLOUD Act) agreement. While the CLOUD Act primarily focuses on enabling foreign governments to access data held by U.S.-based global service providers for criminal investigations, it indirectly supports broader information-sharing initiatives by streamlining cross-border data-sharing procedures.[15] By providing a clear legal framework, the CLOUD Act reduces delays and uncertainties, ensuring timely access to critical information. Additionally, it encourages collaboration with the private sector by requiring compliance from service providers, thereby fostering a cooperative environment for addressing cyber threats. The Act’s framework can serve as a foundation for building trust and enhancing joint efforts in combating cybercrime and mitigating cybersecurity risks. However, careful coordination is essential to harmonize differences in legal frameworks and address concerns over extraterritorial data access and privacy protection.[16]

 

Second, there is a need to expand the scope of joint cyber exercises. Currently, U.S.-ROK joint cyber exercises are largely limited to military sectors, centered around the two nations’ cyber commands. However, recent cyberattacks often involve multi-sector, simultaneous threats, particularly those targeting critical infrastructure, which can escalate into national crises. Therefore, it is necessary to broaden the scope of joint exercises to include multi-sectoral, multi-threat scenarios. This expansion would allow both nations to enhance their collaboration in responding to cascading attacks and conduct more realistic, scenario-based training exercises. The establishment of a joint U.S.-ROK cyber range could be considered to enable sustained, systematic cyberattack and defense training, not only for the U.S. and South Korea but also in multilateral exercises involving other allies and partners.

 

Third, there is a need to expand the cybersecurity policy dialogue. Following the strategic cybersecurity cooperation framework, high-level intergovernmental dialogues have been established, serving as an effective platform for concrete cooperation and sensitive information exchange. However, public-private cooperation is just as vital for cybersecurity as inter-allied collaboration. To incorporate diverse perspectives and innovative solutions, it is essential to broaden participation through track 1.5 or track 2.0 dialogues, involving both government and private sector experts. This approach would facilitate balanced discussions and improve the effectiveness of policy implementation by increasing long-term engagement in U.S.-ROK cooperation.

 

Above all, ensuring policy consistency and coherence is paramount for the sustained development of U.S.-ROK cybersecurity cooperation. Cybersecurity, as a bipartisan national security and global security issue, should aim for long-term security goals that transcend short-term achievements. Therefore, regardless of changes in government, there must be confidence that the U.S. and South Korea can continue to cooperate over the long term without uncertainty stemming from shifts in policy. As cybersecurity policy is closely tied to diplomatic, military, and economic policy, it is essential to regularly review the interconnectivity of these areas to ensure that the progress made in each domain is preserved, ultimately creating a sustainable structure for long-term cooperation.