Despite deterrence efforts, cyber threats continue to escalate, highlighting the need for greater accountability from and cost imposition on malicious actors. The U.S. 2023 National Cybersecurity Strategy
emphasizes imposing costs on malicious actors and reinforcing alliances; the Republic of Korea’s (ROK) 2024 National Cybersecurity Strategy also prioritizes offensive cyber defense and global cooperation. Since 2018, U.S. Cyber Command’s “Defend Forward” policy has resulted in 40 Hunt Forward operations across 21 countries,
exposing threats from major adversaries. Similarly, the European Union’s updated 2023 Cyber Diplomacy Toolbox stresses situational awareness and the importance of holding persistent threat actors accountable.
Attributing cyberattacks and formulating response strategies are inherently political processes shaped by national security priorities, diplomatic relations, and geopolitical considerations. Governments must balance deterrence with escalation risks,
ensuring proportionality and international legitimacy. It is therefore difficult to establish a single, uniform standard for response. Nevertheless, consistent policy is necessary, as the absence of clear frameworks increases political burdens, delays decisionmaking, and results in inconsistent responses that can confuse allies.
A national framework for classifying cyberattack severity enhances objectivity, guiding policy decisions and facilitating mutual understanding between nations. Although South Korea has shown strong political will to respond to malicious cyber activities,
it lacks a clear legal and policy framework for response procedures. To fill this gap, this paper proposes a Cyberattack Severity Classification Framework (CSCF) to objectively assess and categorize cyberattacks, supporting informed decisionmaking.
No comments:
Post a Comment