Obstacles & Opportunities for the US-ROK Alliance • Stimson Center | #cybersecurity | #cyberattack


Executive Summary

Motivated by notable advancements displayed during the Democratic People’s Republic of Korea’s (DPRK) October 2020 and January 2021 military parades, as well as the ongoing stalemate in U.S.-DPRK and inter-Korean relations, Stimson’s 38 North program convened a military working group to discuss and provide recommendations for the U.S. and Republic of Korea (ROK) alliance to meet this evolving threat.

Over the summer and early fall of 2021, 38 North, with help from its partner, the Korea Defense Veterans Association, brought together experts, including former U.S. and ROK military officers, civilian defense officials, analysts, and academics. Gen. (Ret.) Vincent K. Brooks, Korea Defense Veterans Association (KDVA) Chairman and former commander of the United Nations Command, U.S.-ROK Combined Forces Command, and U.S. Forces Korea in the Republic of Korea, chaired the working group, which was organized and moderated by 38 North Fellow Dr. Clint Work, with the assistance of 38 North’s Research Associates Natalia Slavney and Iliana Ragnone.

Although North Korea’s rollout of new ballistic missiles during the parades dominated international headlines for weeks, the numerous improvements to conventional military hardware, communications, and weaponry was the bigger story, given the standard narrative that its conventional capabilities are considered a depreciating asset. These developments indicate that North Korea’s defense and military capabilities have grown and evolved despite severe international sanctions and COVID-related restrictions. Simply put, North Korea continues to signal its intention to develop and modernize its nuclear and conventional capabilities, regardless of where U.S.-DPRK or inter-Korean relations stand.

At the outset, the working group considered a range of low-, medium-, and high-risk scenarios of how North Korea’s conventional capabilities may evolve in the near- to mid-term future as a baseline for discussion. However, the group quickly reached a consensus that, in practice, the threat could evolve in a “checkerboard” manner, with some capabilities remaining rather modest while others advance more quickly.

Over the course of several meetings, the group discussed steps the alliance should take now as well as how it might need to evolve based on changing North Korean capabilities and the checkerboard threat. The following recommendations emerged from the group’s discussions:

  • Consider if the alliance is properly organized, equipped, and trained against a North Korean checkerboard threat and how the changing security environment on and around the Korean Peninsula requires the alliance to rethink how it conducts operations.
  • Think of key U.S.-ROK alliance military and civilian infrastructure as strategic infrastructure; reduce reliance on fixed infrastructure where possible, and, otherwise, increase the defense and hardening of these sites.
  • Take a whole-of-government approach that integrates defense planning with crisis management, running exercises that challenge different sectors of critical infrastructure on a rotating basis.
  • Build greater “combinedness” at levels between the U.S.-ROK infantry division and Combined Forces Command (CFC) Headquarters (HQ), aiming for the alliance to be in a continuous, coordinated, and combined state on a day-to-day basis.
  • Reorient military exercises to “train to failure”—designing scenarios that expose shortcomings—and report on those shortcomings in respective ROK and U.S. systems, as well as up through the CFC’s bilateral national command authorities.
  • Better coordinate and create layers of air and missile defense systems, rather than pushing for full integration of systems, and rehearse how they would operate together.
  • Create a strategic communications plan that informs and educates the press, public and political leaders on key issues—such as, wartime operational control (OPCON) transition—involving U.S. and ROK presidents as well as Cabinet-level officials.
  • Continue to confront barriers to information sharing and integration, as well as differences in authority and jurisdiction between the U.S. and ROK’s respective cyber operations, identifying key differences between South Korea’s national interests and authority and alliance interests and operations.

Scene Setter: North Korea’s Conventional Military Improvements and the “Checkerboard” Threat

In October 2020 and January 2021, the DPRK alarmed many U.S. and ROK government officials and Korea experts with parades showcasing advancements in its conventional weapons and missile systems. These new capabilities, as well as the ongoing stalemate in U.S.-DPRK and inter-Korean relations, brought a Stimson 38 North working group together to consider low-, medium- and high-risk scenarios of how North Korea’s conventional capabilities may evolve in the near- to mid-term future.

In the low-risk scenario, the Korean People’s Army’s (KPA) capabilities remained relatively stagnant, with modest improvements in conventional forces enabling more effective military demonstrations and limited provocations. Under this scenario, the group suggested focusing on the U.S.-ROK alliance’s cyber defense and countering North Korea’s growing nuclear and ballistic missile capabilities.

As part of the medium-risk scenario, select KPA capabilities improved with a qualitative gap growing between its most capable elements and much of the force. The KPA would possess increased lethality and improved capabilities suited to limited offensive operations by select units as well as defensive operations. The group felt consideration should be given to prioritizing the alliance’s theater-level counter-missile and counter-UAV efforts, including detection, active and passive defense, and capacities to disrupt and/or destroy the North’s notably increased conventional strike capabilities.

In the high-risk scenario, the KPA’s conventional capabilities increased significantly across the board. This included the ability to conduct more precise and lethal high-intensity combat operations—at least for limited periods of time—and to inflict serious losses on high-value equipment during defensive operations. Given this scenario, the working group recommended a broader approach to force development in order to enhance deterrence by denying limited attacks and rapidly overcoming North Korea’s defenses in wartime.

Early in its discussions, the working group quickly reached a consensus that, in practice, the alliance will likely encounter a checkerboard threat, where some capabilities will remain low, others will reach a medium threat level, and still others a high level. Accordingly, this report assumes North Korea’s capabilities will advance in a mixed manner, discusses the challenges that poses for the U.S.-ROK alliance, and provides recommendations for how to prepare against an evolving threat.

Rethink Standard Assumptions and Force Culmination

Working group participants avoided simplistic thinking, such as a low scenario is “best” and a high is “worst.” Instead, the group approached scenarios with the mindset that applying counterintuitive logic would be the most useful in that the DPRK can use low-end capabilities to create high-end effects and expose vulnerabilities in alliance defenses. The group noted that in some ways, the DPRK’s lack of modernization and sustainment capabilities could, respectively, enhance its ability to operate under disruptive wartime conditions and incentivize escalating the conflict because these actions cannot be sustained for long.

Working group members felt the checkerboard scenario presented a distinct challenge in that the DPRK could easily exploit the vulnerability of fixed targets throughout the ROK, which can be easily identified using such publicly available tools as Google Earth. Additionally, the DPRK is unfettered by the same values system that supports the alliance regarding precision of attacks and targeting civilian populations. If the alliance is fettered by the civilian population in the North, then it must address a precision weapons and ammunition shortage in order to operate with the same circular error probable (CEP) calculus that it has in other conflicts.

Group participants also observed that DPRK low-to-high conventional forces and U.S.-ROK alliance capabilities are effective in different ways depending on the “fight at hand,” an initial fight or provocation on or around the Demilitarized Zone (DMZ); a forward DPRK attack or mobile fight into ROK territory; or the DPRK’s own defense against an alliance counterattack. For alliance managers, there needs to be a cross section or contextual component when thinking about the checkerboard threat—it cannot be analyzed in a vacuum and has different implications depending on the “fight at hand.” Traditional linear force capability assessments comparing Enemy Order of Battle to Friendly Order of Battle, absent of context, will lead to faulty assumptions about military success, civilian casualties, and the desired strategic outcome.

The working group acknowledged that although the alliance and South Korea have an advantage over North Korea in the air and naval domains and would be able to target DPRK forces in a mobile fight, the North may choose to fight in a way that the alliance has not prepared or trained for.Under such circumstances, defending the greater Seoul metropolitan area becomes much more challenging. For instance, North Korea has the advantage in the cyber domain and could use off-the-shelf unmanned aircraft systems/unmanned aerial vehicles (UAS/UAVs) to add complexity to targeting and air defense, coupled with the deep insertion of special operations forces (SOF) units. In this scenario, the alliance could find itself quickly running out of precision munitions and face difficult questions about where to engage in a dispersed and confusing situation. Some group participants noted that even lower-end tech solutions to the UAV/UAS threat are not widely used, and even more advanced tech capabilities would have a limited effect in addressing a saturated and confusing battlespace.

However, other group members believe that DPRK command and control (C2) capabilities are rigid and inflexible, and North Korea’s ability to sustain itself logistically is very limited. Consequently, the DPRK has to operate on a schedule–beginning operations at a certain time, with specified actions to follow, decided weeks in advance. Yet, under unexpected wartime circumstances, such schedules and planning are easily disrupted. This applies to the DPRK as much as the alliance, and reinforces the need to think through the different ways the North might attack.

That said, one participant questioned whether North Korean forces would necessarily just stop operating effectively if cut off from central command and control or because the original plan did not account for unexpected changes in situation.

Another participant made the important observation that the DPRK’s more brittle C2 capabilities might work to its advantage because it will rely on proven vintage methods and has been working to improve upon them. Others asserted that North Korea cannot simultaneously concentrate artillery fire in support of fielded forces in an offensive attack and asymmetrically against the city of Seoul. They postulated that it is less important to defend against every artillery round coming in and more important to determine how and why North Korea will use its forces.

If the alliance is thinking about North Korean force structure, posture, and C2 decisions that have to be made prior to conflict, it must account for multiple possibilities. For example, another member pointed out that without any forces crossing the DMZ, the North could attack in a manner to create a crisis in governance in the ROK and fissures in the alliance by demonstrating that Seoul is not fully protected. Alternatively, it could force a breakthrough into ROK territory. It could then keep the rest of its artillery for a later time and appeal to world opinion by drawing attention to the death and destruction caused by alliance weapons systems to create international leverage and pressure for a cessation of hostilities.

Recommendations:

  • Consider if the U.S.-ROK alliance is properly organized, equipped, and trained against a checkerboard scenario across the low-to-high matrix and in the different types/phases of the fight.
  • Address the ROK’s limitations in command, control, communications, computers, and intelligence (C4I) capability in order to competently function across the full spectrum of operations, including the proper supply and function of lower-tech capabilities, such as radios at the squad level.
  • Look at Israeli solutions for protecting critical infrastructure sites in a confused battlespace. An Iron Dome system, which South Korea has decided to develop, cannot stop all rounds nor shoot down maneuverable munitions, but it can provide point defense for certain areas and facilities. Counter battery fire artillery can be linked with an Iron Dome system to provide cuing and target location for artillery. In concert with point defense, engineering changes on phalanx weapons systems can help to address low-slow-fliers. Lastly, the ROK needs to improve its ability to disseminate information from its own UAVs and shorten the decision-making process between user and shooter.
  • Assess the nonlinear advancements the DPRK has made, such as the use of off-the-shelf, unmanned UAS/UAVs alongside advanced missile capabilities, and how these capabilities may be coupled with cyber advancements and the use of SOF units in a deep fight. It is also important to consider that the DPRK that does not value and protect civilian life in the same way the U.S. and ROK do and may resort to cyber sabotage of potable water sources, high-speed transit, and/or power grids to create havoc and civilian casualties. South Korean nuclear reactors could also be a target. In sum: “Think like the North Koreans might be thinking.”
  • Given the DPRK’s more inflexible C2 and limited logistical capabilities, focus on forcing the North to culminate its offensive actions and fail logistically as quickly as possible to prevent it from generating momentum. This requires developing a more offensive mindset, including looking for offensive opportunities at the tactical level and thinking offensively at the operational level.

Strategic Transformation and Wartime OPCON

The working group examined in detail how the ongoing wartime operational control (OPCON) transition effort is part of the future-oriented, strategic transformation of the alliance, which includes the Yongsan Relocation Plan (YRP), ROK defense reforms, U.S. force posture review, and theater commitment changes and war-fighting concept developments. The effort toward wartime OPCON transition and strategic transformation has consumed a significant amount of alliance managers’ organizational energy. This reduced time, attention, and energy, along with canceled or scaled-down military exercises, has been to the detriment of the current maintenance of the CFC and current operations and readiness. The OPCON transition effort has also resulted in confusion and disagreement amongst alliance managers on what the Conditions-based OPCON Transition Plan (COTP) is and what it will achieve.

Participants noted that the confusion and disagreement is partly the result of how the effort has evolved over time. The process went from the Strategic Transition Plan (STP) to the Strategic Alliance 2015 Plan (SA-2015 Plan) to COTP, but never did a full reset as the allies evolved their plan; particularly after some very bold concept shifts, such as the change from two separate, parallel commands back to an integrated command. However, the allies have also retained some residual concepts or plans that might not belong anymore.

Working group participants repeatedly observed an alarming divergence surrounding communications about OPCON transition. Communication and conversations at the military and national political level are critical to OPCON transition. Such communication is either not happening or is occurring in a politically charged, out-of-context manner, which depicts OPCON transition in terms of sovereignty or characterizes delays as driven by the U.S. or part of subterfuge to keep the United Nations Command (UNC) in control of the CFC.

In fact, some participants expressed doubts about whether the alliance had made any real progress on OPCON since the early 2000s when they first conceptualized wartime OPCON transition. They pointed out that there must be consistent, national-level leadership and agreement between the two decision-makers at the presidential or near-presidential level on what the alliance is trying to accomplish. Without such consensus at the level of the U.S. and South Korea’s two presidential administrations and the two national security administrations, the alliance will never get beyond the current confusion and disagreements.

Several participants saw the current conditions for wartime OPCON transition as unrealistic or overly subjective; for example, one of the conditions for transfer being that the security environment on and around the Korean Peninsula should be conducive to an OPCON transition. The broad ambiguity of this condition leads to questions about whether it applies to U.S.-China relations or North Korea’s nuclear status. Some might argue that a declaration ending the Korean War creates conditions that are conducive to wartime OPCON transition and are thus eager to accelerate such a declaration. Others may argue that as long as North Korea possesses nuclear capabilities, OPCON transition is not viable, as it would result in a non-nuclear power being the lead against a nuclear-armed state. From the perspective of the latter, North Korea’s denuclearization could also be a precondition for OPCON transition, making it an increasingly difficult condition to meet. Furthermore, the process of evaluating the other conditions and sub-conditions for OPCON transition is subjective, depending on the color-coded grading system and who is conducting the evaluations.

Group members also expressed reservations about the extent to which the ROK military recognizes its responsibilities beyond the Korean Peninsula, as well as skepticism about ROK generals’ ability to lead joint, combined, and coalition operations. Related to that were more explicit discussions about the tensions around having a general from a non-nuclear weapons state commanding forces in a conflict that includes strategic capabilities. Participants argued that the alliance needs to start thinking seriously about how it will need to coordinate and communicate the use of U.S. strategic assets following wartime OPCON transition and how to best prepare both sides for that possibility.

Working group participants cited the need for greater combinedness at levels between the CFC HQ and the combined U.S.-ROK infantry division, along with having a more consistent relationship between the ROK JCS and CFC HQ on a daily basis. Currently, this only exists in times of exercises or in times of war, but it could be the modus operandi for the day-to-day operation of the security apparatus of the Korean Peninsula, which at present belongs to the ROK Joint Chiefs of Staff (JCS) as part of armistice OPCON. Moreover, there is the additional issue of trying to explain to the American public why a Korean four-star general should lead American forces with the potential for the politicization of the same issue on the U.S. side. This problem has already raised critical questions during congressional hearings.

Nevertheless, the working group acknowledged that, at this point, it is too late to abandon OPCON transition, as it is an official, bilaterally agreed-upon alliance policy. Thus, neither dismissing the conditions nor saying OPCON transition is impossible are helpful positions to take.

The group posed several questions: “Can an American lead South Korean and American forces?” to which they answered, “Yes.” “Can a South Korean general lead American and South Korean forces?” their answer being, “Yes, but with support.” The working group acknowledged that the ROK’s capability development would not be the same as the current U.S.-led CFC. However, the group also recognized that whether it is good enough for the ROK to take the lead is a different question. When they asked: “Can South Korea defend itself without the U.S.?” they determined that: “Yes, it can, but the ROK is very likely better off if the Americans are with them.” The group considered that separating the two national militaries, one arrangement previously considered, would have made it easier to say South Korea could defend itself, with the U.S. assisting over the horizon. However, separating the militaries would have likely increased the DPRK’s willingness to test the odds against the ROK military in that arrangement.

Recommendations:

  • Continue corrective actions to simultaneously address current efforts focused on CFC maintenance and current operations and readiness alongside future-oriented efforts related to COTP. This requires keeping the roles and responsibilities clean between the national commands of the USFK and ROK JCS, and the alliance command, CFC.
  • Recognize the YRP separated the majority of U.S. forces from their ROK JCS counterparts, which decreased cross-cultural and military operational understanding. Revisit opportunities to increase liaison and other U.S. footprints in Seoul to reforge those relationships.
  • Create a strategic communications plan that informs and educates the press, public, political leaders, and others. This should include U.S. and ROK presidents as well as Cabinet-level officials discussing what OPCON transition means.
  • Begin to move the aspects of daily operational control (armistice operational control) under the ROK JCS to an operational headquarters and elevate the role of the ROK JCS. Key day-to-day aspects include the operational structure for maintaining security of air and maritime spaces, maintaining air defense and air missile defense, creating the posturing of logistics that is necessary to a transition to war immediately, positioning assets, and setting the priorities for defenses at a given point in time.
  • Enhance leader development. Begin to increase engagement and communication between the ROK deputy commander and the American chain of command, up to and including the U.S. secretary of defense (SecDef) and president. South Korean commanders of the Future-CFC (F-CFC) must be comfortable communicating with the entire American chain of command, including the SecDef and the U.S. president. This type of communication and engagement is not nearly sufficient right now. Such engagement will acclimatize ROK generals with what will be the second chain of command in the F-CFC and broaden their understanding of their responsibilities. It will familiarize U.S. officials with the capabilities of ROK generals and admirals, and will foster recognition of what wartime OPCON is going to look like in the end.
  • Devise a unique Korea-specific course for combined leaders on strategic wargaming as an additional element of leadership development for the transition.
  • Before OPCON transition occurs, assign the initial ROK general to command the CFC first as the deputy commander to sit alongside the current commander as a co-leader. This will increase engagement between the ROK general and the U.S. chain of command and develop routine relationships and processes for national-level command engagement. Having the two generals side-by-side will foster the partnership and preparation for when the ROK takes command.
  • Have both the U.S. and ROK utilize the same C2 systems, with the ROK abandoning its own system for the use of a U.S.-compatible system. Designate English as the standard language for the CFC, and encourage the ROK to move away from a strictly defensive posture.
  • Do everything possible to posture the ROK so it is ready for the joint and combined fight. Exercise the ROK’s familiarity with the control structure, communication structures, and advance the CFC structure where South Koreans are in charge of several joint functions, well before conflict starts. Alternatively, if the aforementioned scenario does not seem plausible, the alliance should posture the ROK so that as a sovereign nation, it has the ability and the C2 it needs to execute and complete a fight.

Link Civil and Military Plans and Policy and Build Day-to-Day “Combinedness”

The consensus among working group participants was that the alliance is not conducting sufficient training throughout the entirety of the battlespace. The fixation on defending Seoul as well as the routing priorities in the ROK government’s (ROKG) crisis plans call for a full mobilization, nationalization, and prioritization of logistics infrastructure that is focused on getting material, equipment, and personnel north. However, this could potentially complicate a focus on soft targets and key infrastructure exposure in the South. In addition, doing so may make it increasingly harder to adjust or rapidly react to a sizable SOF infiltration.

Group participants pointed out how canceled and scaled-down exercises over the last several years will, over time, take a toll on preparedness and institutional knowledge. They also pointed out how there is a longstanding and misplaced optimism about exercises, as successful outcomes do not reflect potential reality or civilian casualties and have instilled a false sense of security. Problems with current exercises and training are partly a result of politics and policy, and military leadership needs to be given permission to acknowledge shortcomings in training and exercises. However, the group determined to rethink exercises and admit shortcomings is a higher-level policy decision.

The working group also observed that the ROK’s crisis management exercises, including support for Noncombatant Evacuation Operations (NEO), have not been conducted for two years, which has resulted in a loss of institutional knowledge. Participants noted that the ROKG often expresses concern regarding the U.S. conducting unilateral actions and that the U.S. cannot start a war without ROK consent, and yet it does not participate in the exercises that would provide them insight into how the decision-making process of the American government and U.S. forces is conducted.

Furthermore, the working group recognized that there has been a greater movement toward combinedness in the alliance. However, while there is the combined U.S.-ROK infantry division, combined special forces, and a combined force headquarters, there is a notable lack of combinedness on different levels and on a day-to-day basis. One participant suggested that a potentially helpful framework for building a new sense of combinedness with both the U.S. and ROK militaries and between civilian and military organizations is the Guidance for Employment of the Force (GEF) and Joint Strategic Capabilities Plan (JSCP). The former provides the what, and the latter provides for the implementation of the what. This could provide a framework for the discussion of shared and differing assumptions and end states.

The group felt that one of the strategic end sets is to train to failure, which means using exercises to expose shortcomings rather than assume success. This may challenge assumptions and lead to innovative changes to the operational plans to defend the peninsula and secure the peace the alliance desires. This change in training and exercise mentality, combined with other lines of effort, would provide the foundation for the alliance to address current challenges to a war plan. The group acknowledged that accomplishing this would require honest and pointed discussions held in private by alliance managers.

Recommendations:

  • Given the vulnerability of infrastructure and concern about deep insertion of SOF, go back to the basics and integrate defense planning with civilian crisis management exercises. The alliance should design exercises that challenge different sectors of critical infrastructure both north and south of the Han River, which can highlight where the alliance needs to focus further training. This may include establishing a combined combat development command to help better familiarize and integrate U.S. and ROK doctrines.
  • Reorient exercises in order to train to failure. Military exercises should focus on critical infrastructure and perhaps a rotating structure where the alliance picks different sectors to defend. Such exercises require and can help build military-to-military, military-to-government, government-to-government, and interagency combinedness.
  • Strengthen ROKG involvement in NEO exercises and other crisis management exercises in order to learn everything it can about the decision-making process of the American government and U.S. forces and better understand that crisis management is about not going to war, but rather managing the situation to maintain the peace.
  • Combine the layers between the combined U.S.-ROK infantry division and CFC HQ much more. Aim for the alliance to be in a continuous, coordinated, and combined state, including at the component level. Diffusing the combined C2 structure into the component level would also help lower the vulnerability risk that fixed locations can create.
  • Redouble bilateral efforts toward greater combined force structure and operation responsibilities across all seven of the joint functions of combat operations. For example: build on the combined ground division and SOF forces to create integrated and combined air operations, more integrated and joint C2 systems. Greater integration and focus on cross-domain capabilities are required for preparedness.
  • Aim for a more coordinated and combined state from the lower level up, which can reduce the vulnerabilities of fixed targets. Among other steps, the alliance should develop a combined combat development command to integrate their different doctrines and look for ways to strengthen integration from strategic to lesser platforms across all aspects of combat operations.

Cyber Threats and Deterrence

The working group discussed how the range of DPRK activities in the cyber domain is hardly monolithic. North Korea presents an array of cyber threats, from cybercrime and cyber espionage to attacks on civilian and military systems, which may result in casualties and the loss of life. Each type of cyber threat presents its own dynamics and potential solutions or countermeasures.

One participant noted that deterrence is often used as a catch-all concept. In practice, though, deterrence is most effective at the highest strategic levels of conflict, particularly in the nuclear realm. At lower levels, including in the cyber domain, deterrence failure is common. Other participants noted that deterrence in the cyber domain is further complicated by its inherent gray zone ambiguity. North Korea has repeatedly demonstrated a willingness to engage in a broad range of malicious cyber activities.

Nonetheless, the group argued that the main cyber threats and attacks that the alliance can attempt to deter and defend against are cyber attacks that could produce strategic effects, for example, by hitting early warning and other command, control, communications, computers intelligence, surveillance, and reconnaissance (C4ISR) systems or damaging critical infrastructure that leads to loss of life. However, to deter at the strategic level in the cyber domain requires both the U.S. and ROK to agree on what the strategic level is and what strategic threats are. Currently, this agreement does not exist in the public domain.

Other participants noted that deterrence in the cyber domain only applies in a select few cases and may not be relevant for the Korean Peninsula, as it requires mutual vulnerability and mutual awareness. At present, North Korea is less reliant on and less vulnerable in cyberspace. The alliance may not be able to deter North Korea’s initial “mistake” or “miscalculation,” but it may be able to deter subsequent ones if it is willing to execute more flexibility in its response to cyber attacks and threaten and take military actions. However, to produce a credible deterrent effect, a second-strike option must hold at risk targets that are valuable to North Korea, which is potentially extremely escalatory. In the face of such risks, deterrence by denial and building greater resiliency offers another avenue for the alliance to confront cyber threats.

However, the working group discussed how gaps between the allies complicate its ability to build resiliency and respond to cyber threats. The allies utilize varying C2 systems with different levels of encryption, which means the networks cannot completely overlap with one another. This creates exploitable seams, which can be potential cyber entry points that can affect military operations. There is also an inherent seam in addressing North Korea’s cyber activities before wartime. When South Korea’s civilian infrastructure or even military targets are subject to cyber attacks, it falls under ROK sovereign national interest and legal jurisdiction. However, in cases where the cyber attack results in a significant loss of life, those same targets may fall under the jurisdiction of the alliance and require consultation to address.

Nevertheless, one working group participant observed that the allies have bifurcated approaches and conduct their own cyber actions and operations. There is a degree of cooperation and coordination, but combined cyber operations do not exist. Another participant noted that in years past, the allies have run exercises in which a DPRK cyber attack resulted in ROK civilian casualties, but such exercises took significant effort to negotiate and run and were stopped for political reasons. The participant noted that if the alliance goes to war, it will wish it had been practicing and exercising such combined operations.

A different participant argued that in the cyber domain in particular and with the concept of integrated deterrence in general, there is no clear differentiation between peacetime and wartime. Instead, the focus is on all domain deterrence and a whole-of-government approach to enhancing security, mitigating risk, and managing escalation across domains. Currently, this does not exist within the alliance, and the U.S. and ROK approach is bifurcated, not only between civilian and military cyber security efforts, but also between their respective operations and actions in the cyber domain.

Recommendations:

  • Continue to confront barriers to information sharing as well as the integration and differences in authority and jurisdiction between the U.S. and the ROK’s respective cyber operations. Although national controls will continue to limit the integration and routinization of cyber operations, the alliance should identify key tipping points or thresholds between South Korea’s national interests and authority along with alliance interests and operations.
  • Design and exercise scenarios where North Korea causes casualties and the loss of life through a cyber attack on civilian infrastructure, even before wartime. Exercising responses will allow the alliance to be more cohesive, effective, and resilient if and when it is time to act. Further exercises against these threats will allow for the exploration of whole-of-government responses that bring together defense planning with civilian agencies.
  • Train personnel in what happens when certain systems go down. However, still run exercises where key network capabilities and communications are randomly blacked out to enhance deterrence by denial and build resiliency in the cyber domain. Personnel should not be informed of which system will go down during the exercise for honest assessment of capabilities and preparedness, helping to identify and work on key vulnerabilities.
  • Bring together civilians, government officials, and possibly private companies during crisis management exercises or traditional military exercises to observe how a crisis might be triggered in the cyber domain. Also, begin developing regulations and standard responses under such circumstances.
  • Examine the infrastructure the ROKG already has in place and how it can be refitted to address shortcomings in the cyber domain. For example, South Korea possesses significant cyber capabilities in its civilian sector and a vast pool of well-educated reservists that return to that sector after their military service. Seoul should think about how to refit its Defense Mobilization Command and reassess the way it looks at its reservists and what it trains them in.
  • Adopt what the United States Cyber Command (USCYBERCOM) calls “persistent engagement” when it comes to taking offensive cyber actions below the threshold of armed conflict. This involves constantly engaging and repeatedly hitting the adversary at lower levels in the cyber domain. This is based on the idea that doing so might raise the cost over time for an adversary and may produce a deterrent effect that will reduce the overall level of malicious cyber activity.
  • Only use offensive cyber tools to achieve a precise effect. Do not use U.S. and alliance cyber activities to shadow box against North Korea in the cyber domain the same way the alliance might do so in the conventional domain, as adversaries can learn from such actions and adapt their methods accordingly.

Address the Vulnerability of Fixed Infrastructure

Given the nature of the battlespace on the Korean Peninsula, the working group determined that key military and civilian infrastructure is strategic infrastructure because it directly relates to alliance interests and the alliance’s ability to respond during a crisis or in wartime. In defending fixed infrastructure, early indication and warning (I&W) is impractical in the context of a larger conflict and is of limited value. Unless the alliance has assets, such as point defense, missile defense, and counter-UAV systems, in some combination, I&W is of limited utility even if it might help get some people out of the area before or early on in an attack. The issue of defending fixed infrastructure will be made worse as the DPRK advances the mobility of its shooters, including solid-fuel technology across systems.

There is a longstanding mentality in the ROK military about defending Seoul and fortifying fixed defensive positions. However, defending Seoul needs to be reimagined—South Korea and the alliance need to be able to fight a more mobile fight, where resiliency and mobility take precedence over static defense. DPRK forces cannot overcome the alliance to the point of clear military victory, but they can confuse and complicate the battlespace. Ballistic missile challenges cannot be ignored, but the alliance must also focus on direct action by SOF units, advanced electronic warfare techniques (i.e., micro UAVs with blip enhancers), electromagnetic pulse (EMP) attacks, and cyber threats. Communications and civilian infrastructure (i.e., water, sewage, etc.) are all on the net now, so firebreaks are needed to build resiliency and reinforce such areas.

Recommendations:

  • To the extent possible, reduce the alliance’s reliance on fixed infrastructure.
  • Reduce the vulnerability of fixed targets and build resiliency into softer civilian targets by, for example, building strategic reserves of key infrastructure supply chain items such as electric grid transformers and water stations. There should not be any system where one node does not have a backup.
  • Make more robust plans for how to defend infrastructure, including: missile defense, maneuvering missiles down to less sophisticated priorities such as counter SOF defense, defending against UAVs, updating point defense systems (such as an Iron Dome and additional C-RAM capabilities) along with using a naval approach to shoot down cruise missiles and rotary barrel cannons.
  • Harden physical infrastructure and facilities. Currently, much of South Korea’s infrastructure is civilian-grade and very vulnerable above ground. Also, enhance resiliency by having the necessary assets and backup systems to replace key components that may get knocked out.
  • Rehearse the defense of critical infrastructure deep within the ROK to include a counter SOF fight. The responsibility of the rear battlespace is the least trained arm of the South Korean military, which is where civilian critical infrastructure will face the most direct threat from the DPRK.

Integration of Air and Missile Defense Systems

Working group participants agreed that when it comes to the integration of air and missile defense systems, it is easier said than done, and the U.S. itself is not where it needs to be. Over the last decade, there has been a realization that integration is necessary. While the U.S. Army has developed an open architecture for a plug-and-play-style system, it has yet to permeate all the services or joint operations.Alliance air and missile defense integration faces technical and policy questions: “Do the allies have the same technical architecture and systems?” “Even if the systems can talk to each other, do the allies have a policy that allows them to share data on the same network?” “Do they have functional interoperability?” The working group determined that none of this can be assumed, all must be validated, exercised, and codified in policy to ensure future procurements retain interoperability.

However, one participant suggested that given the discrepancies between U.S. and ROK systems and capabilities, full integration is unlikely. While the alliance can strive to get as close as possible, focusing on coordination and defensive design, as well as creating layers of systems and sharing early warning data may be more viable options given the discrepancies in systems.

The group also brought up that although many view air and missile defense integration as a military question, it cannot be separated from contentions about sovereignty. Such contentions may include, for example, ROK concerns about losing control of the kill chain in their own defensive architecture. The ROK is making significant investments in military modernization but limits the advanced application of those investments due to political or sovereignty considerations. For instance, keeping ROK Patriot missiles outside a truly integrated alliance air and missile defense system limits their effectiveness. The group grappled with the fact that there is a thin line between U.S. leadership on the issue and the question of Korean sovereignty, with the Terminal High Altitude Area Defense (THAAD) experience having raised concerns about U.S. meddling.

Recommendations:

  • Better coordinate, create layers of systems, and rehearse how they would operate together, rather than pushing for full integration of air and missile defense systems. Given North Korea’s ability to complicate the airspace, layering, thickening, and causing sensors to be able to queue different types of weapons systems is essential. To ensure that the very best systems do not get wasted on what they do not need to engage, rehearsal is needed to make sure the layers can talk to one another.
  • Deliberately and continually address questions and concerns regarding sovereignty before developing layers of air and missile defense integration. However, when American lives are at stake, the U.S. should be more forceful, but should focus on such efforts in private. Not addressing this head-on allows a false dichotomy to grow between defending American lives versus defending South Korea.

Regional and Geopolitical Considerations

The working group discussed that addressing shortcomings and bolstering preparedness against a checkerboard threat also requires a broader perspective. Equilibrium must be achieved on the Korean Peninsula and in a regional context. Regional dynamics and roles are an imperative component of approaching North Korea’s advancing capabilities.

DPRK capabilities at any stage of development could interact with conflict in the wider region in several ways. First, the DPRK could organically leverage confrontation elsewhere to engage in provocations or aggressions on the peninsula to gain concessions. In the same vein, it could also attack or expose weak links in the alliance system. Second, the DPRK may act singly or together in concert with those engaged in a broader conflict (i.e., Russia or China) to fix in place ROK or U.S. forces on the peninsula and prevent their deployment elsewhere in the Indo-Pacific. Lastly, China could take advantage of a crisis situation on the Korean Peninsula to move against Taiwan, thereby exploiting the U.S. focus on Korea.

The working group also examined how strategic flexibility in regard to the use of U.S. forces in Korea in regional contingencies or crises outside the Korean Peninsula that are not expressly focused on ROK national interests is not a new issue. Although the ROK and U.S. agreed on the strategic flexibility of U.S. forces back in 2002-2003, it remains a delicate and unresolved issue that is subject to change and interpretation, and U.S. policymakers may not adequately appreciate the destabilizing effect it could have.

However, strategic flexibility may become more salient given developments with the U.S. defense budget, changes in global U.S. commitments, a growing threat posed by the PRC to the U.S. and its allies, along with shifts in relative balance between Chinese and U.S. military capabilities in the region. Currently, though, U.S. combat power on the peninsula only has some limited value in regional contingencies. Working group participants also remarked that developing strategic flexibility reinforces the need to strengthen South Korean capabilities in that a greater burden would fall on the ROK were U.S. forces to deploy to another regional contingency.

In other words, the DPRK’s development of conventional capabilities across a low-to-high matrix has tactical implications for contingencies or war on the peninsula. This also carries implications for strategic flexibility in that there are no guarantees forces could be flowed back to the peninsula once deployed elsewhere, or that the ports and airfields would be immediately operational following DPRK actions to allow rapid redeployment. However, consideration of U.S. and ROK capabilities aside, there remains significant disagreement between the allies on strategic flexibility. Group participants commented that this issue poses one of the biggest strategic challenges to the alliance.

Recommendations:

  • Put far greater effort into public diplomacy surrounding the issue of strategic flexibility so that allies and adversaries can better understand what it means.
  • If the peninsula is to be used as a base for forces with broader strategic objectives, then reconsider the size and composition of the current U.S. force structure and its logistical capability to flow forces in support of operations both on and off the peninsula.
  • Address the vulnerabilities of fixed infrastructure related to force flows both off and back onto the peninsula, which the DPRK can significantly degrade without the use of nuclear weapons. Doing so will ensure strategic flexibility and support the traditional mission to defend the ROK.
  • Enhance the ROK’s ability to counter DPRK conventional capabilities across the low-to-high checkerboard matrix in order to mitigate the degree to which Pyongyang could opportunistically destabilize the alliance or exploit U.S. deployments off the peninsula.

Closing Thoughts

Stimson’s 38 North Military Working Group was originally motivated by notable advancements displayed during the DPRK’s military parades in 2020 and 2021, as well as the ongoing stalemate in U.S.-DPRK and inter-Korean relations, especially at a time of rapid changes in the strategic environment on and around the Korean Peninsula. The group initially considered a range of low-, medium- and high-risk scenarios of North Korea’s conventional developments as a baseline for discussion, yet quickly reached a consensus that reality would not be so clear cut. North Korea’s ability to translate new equipment into improved capabilities is constrained by a range of interrelated factors, including limitations on: design; production capacity; resources and procurements; integration; logistics; policies; training; and command, control, and communications.

Despite such limitations, the working group concluded that the alliance faces various tactical, operational, and strategic obstacles and shortcomings vis-à-vis the checkerboard threat—all of which could weaken crises management, leave the alliance underprepared for defense and conflict in a confused battlespace and undermine deterrence. The group also concluded that there is an alarming divergence surrounding communications on key issues, where communication is either not happening or is occurring in a politically charged, out-of-context manner.

Nevertheless, the working group saw these same shortcomings and obstacles as opportunities and offered concrete and actionable recommendations. It concluded the alliance possesses the wherewithal to address the various issues identified in this report, provided ROK and U.S. military leaders take stock of how some standard assumptions are no longer applicable. Moving forward, military leaders must report to national-level leadership on existing shortcomings in respective ROK and U.S. systems, training, and policies, as well as together up through bilateral consultative mechanisms. Many key decisions require national-level leadership to push the alliance to better meet North Korea’s evolving threat capabilities.

Acknowledgements

Gen. (Ret.) Vincent K. Brooks, Korea Defense Veterans Association (KDVA) Chairman and former commander of the United Nations Command, U.S.-ROK Combined Forces Command, and U.S. Forces Korea in the Republic of Korea, chaired the working group, which was organized and moderated by 38 North Fellow Dr. Clint Work, with the assistance of 38 North’s Research Associates Natalia Slavney and Iliana Ragnone. 38 North Director Jenny Town and Col. (Ret.) Steve Lee, Senior Vice President of Operations at KDVA, edited the report, which was designed by 38 North Deputy Director Michelle Kae.

Annex: Recommendations

Rethink Standard Assumptions and Force Culmination

Recommendations:

  • Consider if the U.S.-ROK alliance is properly organized, equipped, and trained against a checkerboard scenario across the low-to-high matrix and in the different types/phases of the fight.
  • Address the ROK’s limitations in command, control, communications, computers, and intelligence (C4I) capability in order to competently function across the full spectrum of operations, including the proper supply and function of lower-tech capabilities, such as radios at the squad level.
  • Look at Israeli solutions for protecting critical infrastructure sites in a confused battlespace. An Iron Dome system, which South Korea has decided to develop, cannot stop all rounds nor shoot down maneuverable munitions, but it can provide point defense for certain areas and facilities. Counter battery fire artillery can be linked with an Iron Dome system to provide cuing and target location for artillery. In concert with point defense, engineering changes on phalanx weapons systems can help to address low-slow-fliers. Lastly, the ROK needs to improve its ability to disseminate information from its own UAVs and shorten the decision-making process between user and shooter.
  • Assess the nonlinear advancements the DPRK has made, such as the use of off-the-shelf, unmanned UAS/UAVs alongside advanced missile capabilities, and how these capabilities may be coupled with cyber advancements and the use of SOF units in a deep fight. It is also important to consider that the DPRK does not value and protect civilian life in the same way the U.S. and ROK do and may resort to cyber sabotage of potable water sources, high-speed transit, and/or power grids to create havoc and civilian casualties. South Korean nuclear reactors could also be a target. In sum: “Think like the North Koreans might be thinking.”
  • Given the DPRK’s more inflexible C2 and limited logistical capabilities, focus on forcing the North to culminate its offensive actions and fail logistically as quickly as possible to prevent it from generating momentum. This requires developing a more offensive mindset, including looking for offensive opportunities at the tactical level and thinking offensively at the operational level.

Strategic Transformation and Wartime OPCON

Recommendations:

  • Continue corrective actions to simultaneously address current efforts focused on CFC maintenance and current operations and readiness alongside future-oriented efforts related to COTP. This requires keeping the roles and responsibilities clean between the national commands of the USFK and ROK JCS, and the alliance command, CFC.
  • Recognize the YRP separated the majority of U.S. forces from their ROK JCS counterparts, which decreased cross-cultural and military operational understanding. Revisit opportunities to increase liaison and other U.S. footprints in Seoul to reforge those relationships.
  • Create a strategic communications plan that informs and educates the press, public, political leaders, and others. This should include U.S. and ROK presidents as well as Cabinet-level officials discussing what OPCON transition means.
  • Begin to move the aspects of daily operational control (armistice operational control) under the ROK JCS to an operational headquarters and elevate the role of the ROK JCS. Key day-to-day aspects include the operational structure for maintaining security of air and maritime spaces, maintaining air defense and air missile defense, creating the posturing of logistics that is necessary to a transition to war immediately, positioning assets, and setting the priorities for defenses at a given point in time.
  • Enhance leader development. Begin to increase engagement and communication between the ROK deputy commander and the American chain of command, up to and including the U.S. secretary of defense (SecDef) and president. South Korean commanders of the Future-CFC (F-CFC) must be comfortable communicating with the entire American chain of command, including the SecDef and the U.S. president. This type of communication and engagement is not nearly sufficient right now. Such engagement will acclimatize ROK generals with what will be the second chain of command in the F-CFC and broaden their understanding of their responsibilities. It will familiarize U.S. officials with the capabilities of ROK generals and admirals, and will foster recognition of what wartime OPCON is going to look like in the end.
  • Devise a unique Korea-specific course for combined leaders on strategic wargaming as an additional element of leadership development for the transition.
  • Before OPCON transition occurs, assign the initial ROK general to command the CFC first as the deputy commander to sit alongside the current commander as a co-leader. This will increase engagement between the ROK general and the U.S. chain of command and develop routine relationships and processes for national-level command engagement. Having the two generals side-by-side will foster the partnership and preparation for when the ROK takes command.
  • Have both the U.S. and ROK utilize the same C2 systems, with the ROK abandoning its own system for the use of a U.S.-compatible system. Designate English as the standard language for the CFC, and encourage the ROK to move away from a strictly defensive posture.
  • Do everything possible to posture the ROK so it is ready for the joint and combined fight. Exercise the ROK’s familiarity with the control structure, communication structures, and advance the CFC structure where South Koreans are in charge of several joint functions, well before conflict starts. Alternatively, if the aforementioned scenario does not seem plausible, the alliance should posture the ROK so that as a sovereign nation, it has the ability and the C2 it needs to execute and complete a fight.

Link Civil and Military Plans and Policy and Build Day-to-Day “Combinedness”

Recommendations:

  • Given the vulnerability of infrastructure and concern about deep insertion of SOF, go back to the basics and integrate defense planning with civilian crisis management exercises. The alliance should design exercises that challenge different sectors of critical infrastructure both north and south of the Han River, which can highlight where the alliance needs to focus further training. This may include establishing a combined combat development command to help better familiarize and integrate U.S. and ROK doctrines.
  • Reorient exercises in order to train to failure. Military exercises should focus on critical infrastructure and perhaps a rotating structure where the alliance picks different sectors to defend. Such exercises require and can help build military-to-military, military-to-government, government-to-government, and interagency combinedness.
  • Strengthen ROKG involvement in NEO exercises and other crisis management exercises in order to learn everything it can about the decision-making process of the American government and U.S. forces and better understand that crisis management is about not going to war, but rather managing the situation to maintain the peace.
  • Combine the layers between the combined U.S.-ROK infantry division and CFC HQ much more. Aim for the alliance to be in a continuous, coordinated, and combined state, including at the component level. Diffusing the combined C2 structure into the component level would also help lower the vulnerability risk that fixed locations can create.
  • Redouble bilateral efforts toward greater combined force structure and operation responsibilities across all seven of the joint functions of combat operations. For example: build on the combined ground division and SOF forces to create integrated and combined air operations, more integrated and joint C2 systems. Greater integration and focus on cross-domain capabilities are required for preparedness.
  • Aim for a more coordinated and combined state from the lower level up, which can reduce the vulnerabilities of fixed targets. Among other steps, the alliance should develop a combined combat development command to integrate their different doctrines and look for ways to strengthen integration from strategic to lesser platforms across all aspects of combat operations.

Cyber Threats and Deterrence

Recommendations:

  • Continue to confront barriers to information sharing as well as the integration and differences in authority and jurisdiction between the U.S. and the ROK’s respective cyber operations. Although national controls will continue to limit the integration and routinization of cyber operations, the alliance should identify key tipping points or thresholds between South Korea’s national interests and authority along with alliance interests and operations.
  • Design and exercise scenarios where North Korea causes casualties and the loss of life through a cyber attack on civilian infrastructure, even before wartime. Exercising responses will allow the alliance to be more cohesive, effective, and resilient if and when it is time to act. Further exercises against these threats will allow for the exploration of whole-of-government responses that bring together defense planning with civilian agencies.
  • Train personnel in what happens when certain systems go down. However, still run exercises where key network capabilities and communications are randomly blacked out to enhance deterrence by denial and build resiliency in the cyber domain. Personnel should not be informed of which system will go down during the exercise for honest assessment of capabilities and preparedness, helping to identify and work on key vulnerabilities.
  • Bring together civilians, government officials, and possibly private companies during crisis management exercises or traditional military exercises to observe how a crisis might be triggered in the cyber domain. Also, begin developing regulations and standard responses under such circumstances.
  • Examine the infrastructure the ROKG already has in place and how it can be refitted to address shortcomings in the cyber domain. For example, South Korea possesses significant cyber capabilities in its civilian sector and a vast pool of well-educated reservists that return to that sector after their military service. Seoul should think about how to refit its Defense Mobilization Command and reassess the way it looks at its reservists and what it trains them in.
  • Adopt what the United States Cyber Command (USCYBERCOM) calls “persistent engagement” when it comes to taking offensive cyber actions below the threshold of armed conflict. This involves constantly engaging and repeatedly hitting the adversary at lower levels in the cyber domain. This is based on the idea that doing so might raise the cost over time for an adversary and may produce a deterrent effect that will reduce the overall level of malicious cyber activity.
  • Only use offensive cyber tools to achieve a precise effect. Do not use U.S. and alliance cyber activities to shadow box against North Korea in the cyber domain the same way the alliance might do so in the conventional domain, as adversaries can learn from such actions and adapt their methods accordingly.

Address the Vulnerability of Fixed Infrastructure

Recommendations:

  • To the extent possible, reduce the alliance’s reliance on fixed infrastructure.
  • Reduce the vulnerability of fixed targets and build resiliency into softer civilian targets by, for example, building strategic reserves of key infrastructure supply chain items such as electric grid transformers and water stations. There should not be any system where one node does not have a backup.
  • Make more robust plans for how to defend infrastructure, including: missile defense, maneuvering missiles down to less sophisticated priorities such as counter SOF defense, defending against UAVs, updating point defense systems (such as an Iron Dome and additional C-RAM capabilities) along with using a naval approach to shoot down cruise missiles and rotary barrel cannons.
  • Harden physical infrastructure and facilities. Currently, much of South Korea’s infrastructure is civilian-grade and very vulnerable above ground. Also, enhance resiliency by having the necessary assets and backup systems to replace key components that may get knocked out.
  • Rehearse the defense of critical infrastructure deep within the ROK to include a counter SOF fight. The responsibility of the rear battlespace is the least trained arm of the South Korean military, which is where civilian critical infrastructure will face the most direct threat from the DPRK.

Integration of Air and Missile Defense Systems

Recommendations:

  • Better coordinate, create layers of systems, and rehearse how they would operate together, rather than pushing for full integration of air and missile defense systems. Given North Korea’s ability to complicate the airspace, layering, thickening, and causing sensors to be able to queue different types of weapons systems is essential. To ensure that the very best systems do not get wasted on what they do not need to engage, rehearsal is needed to make sure the layers can talk to one another.
  • Deliberately and continually address questions and concerns regarding sovereignty before developing layers of air and missile defense integration. However, when American lives are at stake, the U.S. should be more forceful, but should focus on such efforts in private. Not addressing this head-on allows a false dichotomy to grow between defending American lives versus defending South Korea.

Regional and Geopolitical Considerations

Recommendations:

  • Put far greater effort into public diplomacy surrounding the issue of strategic flexibility so that allies and adversaries can better understand what it means.
  • If the peninsula is to be used as a base for forces with broader strategic objectives, then reconsider the size and composition of the current U.S. force structure and its logistical capability to flow forces in support of operations both on and off the peninsula.
  • Address the vulnerabilities of fixed infrastructure related to force flows both off and back onto the peninsula, which the DPRK can significantly degrade without the use of nuclear weapons. Doing so will ensure strategic flexibility and support the traditional mission to defend the ROK.
  • Enhance the ROK’s ability to counter DPRK conventional capabilities across the low-to-high checkerboard matrix in order to mitigate the degree to which Pyongyang could opportunistically destabilize the alliance or exploit U.S. deployments off the peninsula.



Original Source link

Leave a Reply

Your email address will not be published.

eighty eight + = ninety eight