Last month, I gave lectures on cybersecurity in South Korea shortly after Secretary of State John Kerry delivered remarks in Seoul on "An Open and Secure Internet." This experience provided an opportunity to consider the challenges South Korea faces in cyber policy. I was particularly interested in how South Korea’s desire to influence world affairs as a "middle power" plays out in the cyber realm. Although South Korea engages in active cyber diplomacy, numerous factors limit its ability to affect international cyber politics in a significant manner.
South Korea as a Middle Power and Cyber Diplomacy
Since approximately 2008, South Korean officials have described South Korea’s role in world politics as that of a middle power: a medium-sized country with resources, capabilities, networks, and willingness to advance strategies that improve international cooperation. According to the East Asia Institute’s Middle Power Diplomacy Initiative, "[m]iddle power diplomacy generally involves the adoption of an internationalist perspective and policy, actively participating in multilateral forums, leading in specific niche areas, and acting as a bridge among nations." Middle power status has traditionally been associated with countries such as Australia and Canada, but, as explored in a forthcoming book by CFR’s Scott A. Snyder on Middle Power Korea: Contributions to the Global Agenda, South Korea has pursued middle power diplomacy in international development, financial stability, nuclear security, and climate change. South Korea’s middle power efforts also have included cyberspace policy.
In cyber, South Korea’s middle power diplomacy has included hosting the 2013 Seoul Conference on Cyberspace (an iteration of the London Process) and the 2014 plenipotentiary of the International Telecommunication Union. South Korea has engaged cyber issues diplomatically in the UN as a participant in the Governmental Group of Experts process, in Asian regional cooperation (e.g., through the ASEAN Regional Forum), in the middle power MITKA initiative (involving Mexico, Indonesia, Turkey, Korea, and Australia), as a founding member of the Global Forum on Cyber Expertise, and bilaterally with, among others, China, India, Japan, and the United States.
Despite the diplomatic activity, identifying South Korea’s middle power contributions to international cyber relations proves difficult. During the time South Korea has tried to exert middle power influence, international cyber politics have become more contentious and dangerous, which undermines, for example, the Ministry of Foreign Affairs’ claim that "the success of the Seoul Conference on Cyberspace 2013 reinforced Korea’s stature as an agenda-setter on global issues." The deteriorating trajectory in international cyber politics is not South Korea’s fault, but a middle power’s ambition and function is to provide leadership when cooperation falters, especially when great powers disagree.
Factors Weakening South Korea’s Middle-Power Potential in Cyber Policy
South Korea is one of the world’s most wired countries, which demonstrates the country’s embrace of cyber technologies. However, this commitment renders South Korea vulnerable to malicious cyber activities. As has happened in many countries, South Korea has scaled up its domestic cybersecurity efforts to address cyber threats, including the appointment in 2015 of a presidential adviser on cybersecurity. Despite increased attention on cyber defense and resilience, South Korea has not developed approaches that obviously stand out from equivalent efforts by other countries. South Korea struggles with the same problems as other nations, which means its domestic cybersecurity activities do not necessarily boost its middle power ambitions.
These ambitions also suffer because South Korea faces threats from North Korea that dominate South Korea’s cybersecurity agenda. Although North Korea is a cyber menace beyond the Korean peninsula, no other country bears the cyber burden Pyongyang imposes on South Korea. Indeed, in no other country is cybersecurity so interwoven as part of an existential security threat. This burden damages South Korea’s middle power aspirations in cyber affairs by highlighting South Korea’s vulnerabilities, forcing Seoul to prioritize North Korean cyber threats, and undermining the idea South Korea has effective strategies other countries can use.
South Korea’s close political, economic, and security relationship with the United States also affects its desire to be a middle power on cyber issues. A function of middle powers is to find ways to navigate international cooperation through the shoals of great-power competition. Middle powers should be—or perceived to be—sufficiently independent to be able to broker such cooperation. South Korea remains dependent on the United States in defending against North Korea, which colors perceptions of how autonomous South Korea can be on security issues.
South Korea has not followed the U.S. position on all cyber issues. It has not ratified the U.S.-supported Budapest Convention on Cybercrime, nor did it join the United States in rejecting the revised International Telecommunication Regulations negotiated in 2012. However, such differences have not strengthened South Korea’s middle-power status, especially with countries most at odds with the United States on cyber issues, namely China, Iran, North Korea, and Russia.
Rather than exerting influence in global cyber affairs, South Korea’s cyber diplomacy confronts problems that shrink its ability to affect global cyber relations. Mounting pressures from its domestic online vulnerabilities, the unrelenting threat from North Korea, the close alliance with the United States, and deteriorating cyber relations among major powers jeopardize South Korea’s desire to shape international cyber politics as a middle power.