The Dilemma of Software Uniformity and Cybersecurity in South Korea

Abstract

This dissertation examines South Korea’s cyber security dilemma in the context of software uniformity. In doing so, the author ascertains the motives, capabilities, behavior and technical characteristics of actors within the South Korean cyber dynamic. It makes the supposition that continuous public-key policies and strategies have contributed to threats from both state and non-state actors, in the form of security vulnerabilities in Windows and Internet Explorer. In addition, domestic antivirus manufacturers Ahnlab and Esoft, whose programs are V3 and Alyac respectively, share in an oligopoly of the South Korean antivirus market, and also contribute to similar vulnerabilities. It is the author’s contention that the uniformity of operating systems (Windows), browsers (Internet Explorer), and antivirus software (V3 and Alyac) have created an environment that not only negatively impacts cybersecurity in South Korea, but also may motivate hackers, the success of whom is aided by South Korean computer users’ risky online behavior. This can potentially create significant gaps in the integrity of South Korean systems. This research documents major cyber security decisions in South Korea and dissects its main variables (the actors involved, relation to the international structure and regional security paradigm, and power vs. national security dynamic) and finds correlating evidence involving state and non-state actors. The frequency, scope, origins and method of attack of large-scale cyber incursions are investigated to determine the effectiveness of policy against these attacks as they concern online behavior and norms in South Korea. This study is unique for several reasons. First, it uses data collected from relevant yet often ignored non-state actors to infer certain deleterious effects of software uniformity in South Korean cyber security strategy. Extensive surveys on individual end-user behavior and individual hacker motives and capabilities were conducted to determine both how individual computer users in South Korea possibly amend their behavior as a result of national public-key policies, and whether weaknesses in cyber security created by these policies could be exploited by hackers. Most importantly, this dissertation offers an original approach to cyber security in that the evidence presented is examined within a framework of intersectionality, and suggests that some of South Korea’s cyber threats are the intersection of policy, behavior, and technology. The author concludes that past and current cyber strategies in South Korea have effected non-state actors in ways that may put systems at risk. The legislative process is too slow and politically polarized to respond to changes in the cyber environment. As a result, many policies are derived through executive orders and military strategies, which are more proactive and defend well against North Korea. However, they have had the unintended consequences of narrowing the diversity of technology in use and contributing to high-risk online behavior of South Koreans, while potentially attracting a larger range of hacking threats which may go undetected by the nation’s state-centered cybersecurity strategy. These centrally controlled solutions cannot completely or adequately adapt to the entire range of threats and opportunities from non-state actors, and therefore also contribute to vulnerabilities in South Korean cyber defense.