Countermeasures in cyberspace

Amy Min-Jung Paik
The author is an associate research fellow at Korea Institute for Defense Analyses and a 2018 Munich Young Leader, selected by the Koerber Foundation and Munich Security Conference.

Cyberspace is open 24/7. Advanced nations have more places to guard, in other words, they are more vulnerable to cyberattacks than closed societies like North Korea.

The UN Panel of Experts’ Midterm Report from August 2019 and the Final report from March 2020 have been released. According to them, North Korea has conducted at least 35 cyberattacks on 17 countries from December 2015 to May 2019. It has been reported that in this period, South Korea was hit most frequently, at least 10 times, followed by India being hit 3 times and Chile and Bangladesh twice.

The question then naturally follows whether the rules of engagement are ready, at the South Korea-United States level. Is launching a countermeasure against cyberattacks as one alliance possible under the current legal system?

To answer the question directly, the South and the United States operate separately on the cyber battlefield. To satisfy one’s curiosity, here are some comparisons on the preparedness of the South and the United States in cyber defense. According to the National Cyber Security Basic Plan, issued in September 2019, the Joint Chiefs of Staff in South Korea are soon to revise the Joint Cyber Operation Doctrine to include the active cyber operations. However, it needs to be pointed out that the plan mentioned here remains to be conducted solely by Seoul.

It is known that currently the South’s Cyber Command carries out cyber operations at the level of cyber warfare; however, there is no cyber operations component in the implementation of joint operations. Each directorate and operations command (which is larger than a corps) operates a Computer Emergency Response Team and focuses only on defense against cyber-attacks.

The Cyber Operations Department faces a particular challenge in controlling information protection agents in each directorate due to the military administration and command, which also limit the implementation of cyber operations in relation to the information protection departments in each military directorate.

Speaking from the U.S. side, it is also true that the United States has been actively building its cyber forces. In May 2018, the U.S. Cyber Command became a Unified Combatant Command. This action is a symbol, showing the Pentagon’s seriousness in cyber war. It has been reported that among 133 Cyber Command Units, there are 27 Combat Mission Teams that take orders from Combat Commanders.

Regarding the cyber strategy, the concept called, “defending forward” stands strong as a result of the issuance of the National Security Presidential Memorandum 13, and the John S. McCain National Defense Authorization Act from 2018.

On this notion, Prof. Robert Chesney from the University of Texas elaborates as the following, “Defend forward plainly concerns activity outside of U.S. networks. That’s the forward part. Some might say that this makes ‘defending forward’ comparable to the more aggressive and end of the ‘active defense’ spectrum, where one finds out-of-network operation conducted in the name of […] defense,” introducing it almost as an “active” concept.

To sum it up, the South-United States combined cyber unit is missing on the Korean Peninsula despite 70 years of alliance history, while the South-United States cyber cooperation working group meetings are maintained. Although it may not be the mainstream idea, it is still worthy to consider expanding the scope of the application for the Mutual Defense Treaty to include cyberspace as the fifth domain of warfare by amending the treaty. Article 4 of the 1953 South Korea-United States Mutual Defense Treaty states that “The ROK [meaning South Korea] grants and the U.S. accepts, the right to dispose U.S. land, air, and sea forces in and about the territory of the ROK as determined by mutual agreement.” As is clear, cyberspace is not viewed as a joint ground for South Korea-United States military operation, and this is the newly identified problem in the 21st century, since now the alliance is exposed to numerous cyberattacks almost every day.

Perhaps, if South Korea and the United States can agree on expanding the scope of Article 4 of the Mutual Defense Treaty, then the two can jointly conduct operation in cyberspace. This can become a milestone event; with this change in the treaty, launching the “countermeasure” in cyber together as an alliance will not be a dream but a possible scenario. However, more concerns rise, when the discussion on amending the Mutual Defense Treaty takes place.

Some scholars, especially from the South, believe that the United States’ exclusive right to dispose the U.S. military “in and about the territory of ROK” needs to be limited to a certain degree. The right granted in article 4 of the Mutual Defense Treaty is considered almost “too powerful”; comparable powers are not found, for example, in the Agreement between Philippines and the United States concerning Military Bases, the NATO Treaty, or the Sino-North Korean Mutual Aid and Cooperation and Friendship Treaty.

Such an issue on “balancing” the power is a topic to be contemplated, if both allies are interested in adding cyberspace as another war domain for joint operation.

(The views expressed in this article do not represent the Korea Institute for Defense Analyses.)