March 22, 2022
SEOUL – The South Korean government has issued a cybersecurity alert against North Korea’s growing cyber threat, hacking attempts during the presidential transitional period, and escalating cyberwarfare after Russia’s invasion of Ukraine.
South Korea’s Defense Ministry announced that it has increased the Cyber Protection Condition or CPCON level by one notch higher as of 9:00 a.m. on Monday as part of widespread government-level efforts.
Under the raised warning, the South Korean military will shore up cybersecurity readiness and defenses against potential cyberattacks.
It comes as there are mounting concerns that the North Korean threat, which has heightened in the wake of a recent spate of ballistic missile launches, “can be expanded into cyberspace,” according to the Defense Ministry. The “ongoing conflict in cyberspace in relation to the war between Russia and Ukraine” is assessed as another key threat factor.
The state of CPCON has been raised from Level 4 (attention) to 3 (caution) for the first time since last August to “take a readiness posture preemptively against cyber threats.”
In August 2021, the South Korean military elevated CPCON from Level 5 to 4 to prepare for North Korean cyberattacks, including potential hacking targeting the country’s defense contractors.
CPCON, which was formerly known as information operations condition or INFOCON, is divided into five levels, with the lowest tier being normal readiness procedures.
INFOCON was previously raised multiple times mainly against the North Korean cyber threat in the aftermath of cyberattacks believed to be conducted by Pyongyang such as the WannaCry ransomware attack in 2017.
A South Korean military official, who wished to remain anonymous, on Monday said Seoul sees a need to take a “proactive measure” given that “cybersecurity risks are expected to considerably grow.” But the official added that the military has not yet seen “any rapid surge” in cyberattacks.
“With the state of CPCON raised, the Defense Ministry will further strengthen cooperation between the private, public and military, including sharing information on cyber threats,” the statement read.
“We will maintain a state of full readiness by preemptively and actively monitoring and inspecting the military’s cyber assets.”
Cyber threat rising in transition period
The military’s announcement was in line with the South Korean spy agency’s decision to “raise the cyber crisis alert for the public sector” from Level 4 (attention) to 3 (caution), which is the second-lowest in the four-tier system, as of 9:00 a.m. Monday.
A director of the National Intelligence Service has the authority to issue a cybersecurity alert in view of the “ripple effects and the scale of damage to systematically respond to and prepare for cyberattacks and threats against central administrative agencies” and others, according to the relevant presidential decree.
The South Korean spy agency notably pointed out that it is imperative to boost cyber defense during the presidential transition period.
The NIS elucidated that the “preemptive measures have been taken as cybersecurity threats have been on the rise, including concerns about hacking attempts with the intent to obtain the new government’s policy materials in the government transition period.”
Other significant cybersecurity risk factors include the “escalation of cyberwarfare in relation to the Russia-Ukraine war and concerns about cyber retaliation against countries which have imposed sanctions on Russia.”
As the NIS has raised the country’s cyber threat warning level, government ministries, local governments and public institutions are required to “strengthen their cyber readiness,” including putting together an emergency response team and implementation of technical and administrative security measures.
South Korea’s Ministry of Science and ICT on the same day issued a “cyber crisis alert for the private sector.”
The cyber threat alert level has been upgraded by one notch to the third highest in the five-level system amid heightened risks of cyberattacks against South Korean companies and unfolding cyberwarfare in the wake of the Russia-Ukraine war.