Enhancing Strategic Alignment in Cyberspace Within the U.S.-South Korea Alliance

The two allies should align cyber strategies to strengthen combined defense and keep their technological edge.

Enhancing Strategic Alignment in Cyberspace Within the U.S.-South Korea Alliance
An illustration of digital data transfer, May 2025 | Source: Shutterstock

Executive Summary 

The United States and South Korea both began 2026 with announcements that the respective governments would soon release new, comprehensive national cybersecurity strategies. Following a year of rising cyberattacks against both public and private entities and changes in political leadership, the two countries have recognized the need to update their cyberspace policies to better reflect the changing geopolitical security environment and domestic political priorities. 

With the release of the U.S. national cybersecurity strategy in March 2026, the Donald Trump administration aligned its cyberspace posture with the same “America First” principles that guided the formulation of its 2025 National Security Strategy and 2026 National Defense Strategy. This new strategy’s emphasis on enhancing offensive capabilities, deregulating cybersecurity compliance to foster innovation, and ensuring fair cost distributions with allies may give some trepidation to South Korea as it formulates its own strategy. 

On the other hand, opportunities arise from the seeming alignment of the allies on strategic priorities, such as building talent pipelines and sustaining technological superiority in artificial intelligence (AI) and other emerging technologies. A South Korean national cybersecurity strategy that actively aligns with U.S. priorities can serve as a new anchor for alliance cooperation and stability, reinforcing credible U.S. commitments to South Korea’s defense and leveraging both countries’ resources to strengthen private investments in cybersecurity and foster cyber policy innovation. 

Considering these significant shifts in cyber policy at a time of proliferating cyber threats and heightened geopolitical tensions, the United States and South Korea should more proactively align their cybersecurity strategies to avoid points of friction, bolster the alliance’s combined cyber defense posture, and maintain their technological advantage in cyber warfare. 

Background 

President Trump’s Cyber Strategy for America takes a far narrower view of national security priorities in cyberspace than previous iterations of U.S. cybersecurity strategy, as evidenced by its far shorter length. What the new strategy does not mention is just as notable as what it does, as there is no description of state actors that pose significant cyber threats to U.S. interests within the document, including North Korea. However, the strategy makes clear that the United States maintains a robust offensive posture in cyberspace to identify and shut down threats from cybercriminals and other adversaries. Other priorities include modernizing and securing networks and critical infrastructure, unleashing private-sector innovation in cybersecurity and emerging technologies, and constructing a robust U.S. cyber workforce through new talent pipelines. 

The Lee Jae Myung administration is still finalizing its new national cybersecurity strategy, which will be released within the year. Whether the Lee administration’s cybersecurity strategy continues the trend of the previous government’s policy shift toward pursuing more offensive cyber capabilities to detect and neutralize North Korean threats or follows the U.S. example of scaling back its naming and shaming of North Korea remains to be seen. What is certain is that President Lee seeks to expand South Korea’s strategic thinking to encompass his ambitious agenda of establishing South Korea’s status as an “AI Powerhouse” in the cyber domain and tightening private-sector regulations. It is the regulatory pillar of Lee’s cyber agenda that most directly contravenes the U.S. strategic shift toward deregulation and increased public-private partnerships to maintain the U.S. technological advantage in cyberspace. 

As the allies’ cybersecurity strategies undergo considerable changes, the threat posed by North Korea’s cyber operations continues to intensify. Year over year, the pace and scope of North Korean cyberattacks continues to increase, the vectors of attack diversifying from hacking vulnerable software and critical infrastructure to sophisticated fraud schemes where North Koreans gain employment as remote IT workers for foreign firms, generating revenue for the regime and stealing sensitive corporate information from the inside. North Korean officials use stolen cryptocurrency assets and laundered fiat currency to procure military equipment and raw materials like copper, in violation of international sanctions law. A UN Panel of Experts report in 2024 estimated that around 40 percent of North Korea’s ballistic missile and weapons of mass destruction (WMD) program was funded through illicit cyber theft operations, emphasizing the importance of decreasing North Korean cryptocurrency and ransomware heists for U.S.-South Korea deterrence and non-proliferation strategy. 

Watch Mr. Sebastian Garcia in conversation with Ellen Kim, KEI Senior Fellow and Director of Academic Affairs.

Policy Recommendations 

The United States and South Korea can best align their cybersecurity strategies through cooperation in the following key policy areas: 

  1. Quantifying risk, cost, and policy efficacy: The United States and South Korea should collaborate to construct a framework for demonstrating the negative externalities imposed by North Korean and other threat actors’ cybercrime on private-sector profits to align the private sector’s priorities with those of national security-oriented governments. One model to emulate is Singapore’s Cyber Risk Management (CyRiM) project, a joint public-private-academia initiative to facilitate private investment in cybersecurity insurance by quantifying cyber risks and the costs of cyberattacks and creating a calculator for accurate insurance premiums. 
  1. Developing the non-technical cybersecurity workforce: New generations of cybersecurity policy and cyberlaw talent who understand the rapidly advancing corpus of domestic cybersecurity laws and international policy debates will be integral to advancing cyber norms agreed upon by the United States and South Korea. The United States and South Korea may collaborate to develop cybersecurity competition and gaming initiatives to engage student communities as well as foster educational and public-private partnerships that rapidly upskill workers and share talent across different spheres of the cyber policy environment. 
  1. Integrating South Korea into multilateral cybersecurity networks: South Korea’s cybersecurity strategy should continue to prioritize expanding cyber defense cooperation with like-minded liberal democratic allies, especially as its ambitions to become a significant developer of advanced dual-use and AI-enabled weapons systems can expand the country’s market share in the European defense industry. South Korea stepping up to fill the critical gaps in European cyber and AI warfare defenses and develop broader cyber threat intelligence sharing between U.S. allies will cement its status as a model ally committed to burden-sharing and collective defense. 

Conclusion 

Cybersecurity is a field that requires constant adaptation and agility to remain ahead of the latest threat capabilities; tools and strategies considered industry standards and top-of-the-line can become outdated liabilities within the year. Technological disruptions like the emergence of AI and quantum computing, and new geopolitical developments like the strengthening of North Korea-Russia ties, only shorten these time horizons and add to the uncertainty of whether a given cybersecurity strategy is working. However, the U.S.-South Korea alliance has proven resilient and highly adaptive over more than seven decades of geopolitical upheaval and breakthroughs in military capabilities and technology. So long as the allies maintain institutionalized, regularized coordination on cyber policy and cyber defense and accept that their cybersecurity strategies will need to remain flexible frameworks rather than rigid plans, they will successfully safeguard their cyber domains from North Korean and other cyber adversaries. 

George Sebastian Garcia is Program Officer and Internship Coordinator at the Korea Economic Institute of America (KEI). The views expressed are the author’s alone.

This material is distributed by KEI on behalf of the Korea Institute for International Economic Policy. Additional information is available at the Department of Justice, Washington, DC.

Publication Series

Publication Date