Korea faces a crucial turning point in cybersecurity reform

Home > Opinion > Columns

Korea faces a crucial turning point in cybersecurity reform

Published: 25 Jun. 2025, 00:04

Audio report: written by reporters, read by AI

Byun Jae-sun

The author, a former cyber operations commander in the military, is a guest professor at Sejong University.

The traditional concept of national security is rapidly evolving, as demonstrated by the ongoing conflict between Israel and Iran and Russia’s war in Ukraine. Cyberspace, once considered a secondary domain, now stands alongside nuclear weapons, missiles and drones as a core component of asymmetric warfare. North Korea already includes cyber capabilities among its three primary strategic assets, alongside nuclear arms and missiles.

SK Telecom's headquarters in Jung District, central Seoul is seen on May 6. [NEWS1]

Despite these changes, South Korea’s progress in cyber defense has stalled. The recent hacking incident involving SK Telecom revealed critical vulnerabilities in the country’s core digital infrastructure. With a new administration in office, this moment presents a decisive opportunity to overhaul Korea’s cyber defense architecture.

The first challenge is to address the growing complexity and sophistication of cyber threats. North Korea continues to launch coordinated attacks against civilian and military targets, combining direct financial theft with disruptive ransomware operations. China pursues hybrid strategies, including information and psychological warfare under the "unrestricted warfare" doctrine and models like the Quebec strategy.

These threats go beyond the military sphere. Civil infrastructure — finance, energy and health care — can all be targeted. States like Iran, Russia and North Korea already use cyber operations as tools of diplomacy and military pressure. Yet, South Korea’s response remains fragmented. Civilian, public and defense sectors operate in silos, lacking a unified response mechanism. As threats increasingly span both civilian and military targets, such divided structures reveal clear limitations.

Kim Young-woon, head of the National Office of Investigation (NOI)'s cyber terrorism investigation unit speaks during a briefing on the North Korean hacking emails case at the NOI headquarters in Seodaemun District, western Seoul, Seoul on April 15. [NEWS1]

Second, South Korea’s cybersecurity governance is structurally weak. The current system remains fragmented, with ministries such as the Ministry of Science and ICT, the Ministry of the Interior and Safety, the Ministry of National Defense and various intelligence agencies each responding within their respective domains. However, there is no functional central authority capable of integrating these efforts. While coordination frameworks exist on paper, in practice, real-time information sharing and joint response during crises are often inadequate.

The intelligence community, which currently leads cyber responses, is strong in technical capabilities and information gathering. However, its central role raises concerns regarding democratic oversight and civilian cooperation. These concerns have contributed to repeated delays in the passage of the so-called Basic Cybersecurity Act. The military faces similar structural gaps. Although cyber warfare is clearly a form of military operation, South Korea has yet to establish a dedicated cyber command or military branch. This makes it difficult to mobilize the expertise and resources needed to counter increasingly sophisticated threats.

Third, what is needed now is not more declarations but structural reform and strategic investment. The creation of a new cybersecurity agency is essential. This organization must function as an integrated control tower with clear authority and responsibility across civilian, public, and military domains. South Korea can look to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as a model — an independent, expert-led institution with a national mandate.

At the same time, the Basic Cybersecurity Act must be enacted. The law should define national cybersecurity principles, clarify the responsibilities and authority of each agency, and provide legal backing for interagency cooperation.

In the defense sector, a dedicated cyber military branch or unit is urgently needed. Russia’s invasion of Ukraine has proven the decisive role of cyber operations in real-world combat. As new technologies such as AI, drones and space-based weapons are integrated into military strategy, corresponding cybersecurity standards must also be established. This requires increased funding and stronger leadership. Senior officials in each ministry must take personal responsibility for cybersecurity. A new governance culture should emerge in which cybersecurity professionals are systematically included in personnel and policy decisions.

Director of National Intelligence Tulsi Gabbard, left, joined by CIA Director John Ratcliffe, testifies as the House Intelligence Committee holds a hearing on worldwide threats, at the Capitol, in Washington, March 26. [AP/YONHAP]

Cybersecurity is not merely a technical or intelligence matter. It is a matter of national survival — of protecting citizens and the platforms upon which the state operates. That is why the issue must be elevated as a top policy agenda for the new administration. Now is the golden hour to create a cybersecurity agency, pass the Basic Cybersecurity Act and establish a military cyber force.

South Korea must shift from a reactive stance to one centered on prevention and control. If we hesitate at this critical juncture, the next major cyberattack may come before we have a chance to respond.

Translated from the JoongAng Ilbo using generative AI and edited by Korea JoongAng Daily staff.