Executive Summary 1

Introduction 3

Part I: Common Criteria for U.S.-ROK Cyber Situational Awareness 6

Common Criteria for U.S.-ROK Cyber Situational Awareness 7

By Julia Brock and James Andrew Lewis

A Cyberattack Severity Classification Framework for the Republic of Korea 12

By Sunha Bae

Part II: Building Korea’s Active Cyber Defense Strategy 31

Mutual Defense in Cyberspace: Joint Action on Attribution 32

By Julia Brock and James Andrew Lewis

Forging Forward: South Korea’s Proactive Cyber Defense

and Strategic Cooperation with the United States 45

By Joohui Park and Donghee Kim

Part III: Identifying and Assessing Tools for an Integrated Response 56

Active Cyber Defense in the Korean Context 57

By James Andrew Lewis

South Korea’s Integrated Cyber Defense Framework 69

By Sunha Bae

Cross-Border Law Enforcement Collaboration for

Countering North Korea’s Crypto Plunder 94

By Joohui Park

Responding to the Evolution and Global Expansion of the DPRK IT Worker Threat 106

By Yena Kim and Donghee Kim

Part IV: Recommendations for a Joint U.S.-ROK Cyber Resilience Strategy 115

Recommendations and Next Steps 116

About CSIS 120