Field Report, South Korea: Elemendar and the Department of International Trade Mission

Elemendar recently made our first official visit to the Republic of Korea (South Korea). We were part of the UK’s Department of International Trade mission, run during Cyber Week by the British Embassy in Seoul.

South Korea has long been somewhat of a ‘promised land’ for Cyber Threat Intelligence (CTI). That’s largely owing to the aggressive hacking activities of the Democratic People’s Republic of North Korea (North Korea), and the South Korean people’s resistance to their bellicose neighbours.  

It’s difficult to compress a whole trip into a soundbite of fewer than a thousand words. So, below, we offer key observations that may interest cyber-security firms looking to develop into the South Korean market. 

North Korea Looms Large 

In the South Korean security landscape, the shadow of the North Korean threat looms large. If Kim Jong-un and his lackey are your nearest neighbours, there’s bound to be an effect. North Korea has acted aggressively over the past few decades, and recently acquired a nuclear-weapons capability. 

The most obvious result of this behaviour is a combination of physical and cyber security threats – at least, as perceived by many decision-makers working in South Korean security. It is not wrong to view cyber and physical threats as part of the same continuum; in this case, both threat types can be attributed directly to the North Korean leadership. But to closely associate physical threats with cyber threats can be problematic. 

Specifically, CTI relies heavily on openly available intelligence or intelligence sourced from private vendors. Typically, neither kind carries any security marking and both can be handled with the standard security architecture you’d find in any reasonable multinational. The challenge that South Korea’s researchers face is that any intelligence on North Korean activity is typically viewed as classified, due to the subject matter rather than the source. 

This not only complicates intelligence procurement and sharing, but also the technical deployment of any solution, as there’s a need to deploy on-premises solutions. With the move from ‘need to know’ to ‘need to share’, and the prevalence of the cloud over on-premises deployments, this security model could frustrate hopeful new entrants to the South Korean CTI market.

Ever-connected South Korea

Given the prominent North Korean threat, what’s maybe most surprising is that South Korea is not more of a militarised state. With such a high threat level, the tempting response would be to create a police state. Instead, South Korea has created a highly connected society. 

4G is nearly omnipresent, even on the high-speed train from Soul to Busan. In fact, our visit to SK Telecom revealed that this level of connectivity is the backbone supporting much of the South Korean tech sector. 

On visits to the Seoul Digital Foundation and Busan’s Eco Delta Smart City, it was clear just how many services integral to modern life in South Korea rest on this Wi-Fi backbone, from established, trivial delivery-style services to developmental, safety-critical medical services. 

Data Privacy As A Low Priority 

Despite South Korea’s staunch commitment to living normally across the border from a tinderbox, the country’s approach to data privacy is apparently quite loose. Attitudes about surveillance and personal freedoms seem very different to those in Europe. Of course, we didn’t have an insider’s ear in conversations about data privacy in South Korea, but there does seem to be a far greater cultural tolerance of technology intruding into personal life. 

One of our South Korean hosts told us that when she was in school, children in her class were referred to by numbers rather than names, because class sizes were so large. She might have been joking, but if it’s true, it’s a good example of how cultural expectations for identity and privacy can develop differently. 

Present And Future Threats

Our lasting impression of South Korea? From a security perspective, if you’re looking for the intersection of technology, cyber threat and physical threat South Korea is where to find it. Although the North Korean cyber threat is towering, the sheer volume and centrality of data within South Korean society offer an appealing environment for cyber-threat actors from anywhere in the world. We predict that, faced with global threats playing out locally, CTI in South Korea is going to be a huge area for the discipline.