Source: Government of South Korea, National Cyber Security Masterplan , August 2, 2011. Unclassified. Date: Aug 2, 2011 Archive: NATO Cooperative Cyber Defense Centre of Excellence Collection: Cyber Vault: First Responders Targeted Sep 13, 2017

Editorial Analysis

Original analysis by the DriftSeas editorial desk. The complete primary-source document, transcribed from the National Security Archive scan, appears in full below.

A Blueprint Born of Shock

The August 2, 2011 National Cyber Security Masterplan emerged less than a year after the 2010 “GhostNet” revelations and the 2011 Sony Pictures hack, both of which exposed South Korea’s vulnerability to state‑sponsored cyber espionage. The document records a rapid, top‑down response: the National Cyber Security Strategy Council green‑lighted the plan on 11 May 2011, drafts were circulated by mid‑July, and by 2 August the government announced fifty concrete deliverables. The speed of this process betrays a sense of urgency that the Korean leadership felt after repeated incursions attributed to North Korea’s Reconnaissance General Bureau and to Chinese cyber crime syndicates. The masterplan is therefore less a routine policy update than a crisis‑driven manifesto, designed to marshal every arm of the state—civilian agencies, the private sector, and the military—into a single, interoperable defense apparatus.

Institutional Fusion and the “Joint Response Team”

A striking feature of the plan is its insistence on a tri‑sector joint response team housed under the newly created National Cyber Security Center (NCSC). By assigning the National Intelligence Service (NIS) overall control in both peace and crisis, while also delineating roles for the Korea Communications Commission (KCC) and the Ministry of Public Administration and Security (MOPAS), the document codifies a hierarchy that had previously been fragmented. The language—terms like “synthetic judgement” and “joint analysis”—signals an attempt to institutionalize real‑time information sharing, something that earlier Korean cyber incidents had shown to be lacking. The plan’s timetable, noting that the team would reach full capacity in January 2012, suggests that the government expected the institutional learning curve to be short, relying on existing bureaucratic networks rather than building new ones from scratch.

From Detection to Deterrence: Five Action Pillars

The masterplan’s five‑point agenda reads like a checklist of the era’s cyber‑security best practices, yet each point reflects a Korean strategic calculus. The first pillar—establishing a joint response system—directly addresses the “siloed” intelligence failures exposed by the 2010 cyber‑espionage wave. The second pillar, strengthening critical‑infrastructure security, mirrors concerns over the 2009 cyber‑attack on the Korean power grid, which, while not catastrophic, demonstrated the plausibility of a physical‑world impact. The third pillar’s emphasis on a three‑tier defense (gateway, ISP, end‑user) reveals an awareness that attacks could bypass perimeter defenses via compromised domestic networks.

Deterrence, the fourth pillar, is perhaps the most politically charged. By pledging “international cooperation” and “private verification schemes” to counter public suspicion, Seoul signals both a desire to align with U.S. and NATO cyber norms and an attempt to domestically legitimize its cyber posture amid accusations of overreach by the NIS. The final pillar—building cyber‑security infrastructure—includes budgetary commitments (doubling R&D from 5 % to 10 % of the information‑protection budget) and a cultural push, such as instituting a “National Information Protection Day.” These symbolic measures aim to embed cyber awareness in the public psyche, a response to the pervasive fear that ordinary citizens’ PCs could become “zombie” bots.

Reading Between the Lines

While the document is overtly technical, its subtext reveals a political balancing act. The explicit inclusion of the military alongside civilian agencies hints at an emerging doctrine that treats cyber‑incursions as a national security threat on par with conventional attacks. Yet the plan stops short of declaring cyber‑warfare a formal domain of the Korean Armed Forces, reflecting internal debates over jurisdiction. Moreover, the emphasis on “exporting information‑protection products” indicates an economic motive: South Korea sought to turn its security investments into exportable technology, positioning itself against rivals like Japan and Israel in the global cyber‑defense market.

Legacy and Contemporary Relevance

The 2011 masterplan laid the groundwork for subsequent Korean cyber‑policy iterations, including the 2013 “Cyber Defense Command” and the 2020 “Cyber‑Security Act.” Its institutional architecture—particularly the NCSC and the joint response team—remains active, having coordinated responses to ransomware attacks on Korean hospitals in 2017 and to the 2020 supply‑chain compromises targeting Korean manufacturers. Internationally, the plan’s call for multilateral cooperation anticipated Korea’s later role in the NATO Cooperative Cyber Defence Centre of Excellence, where Seoul now contributes expertise.

In hindsight, the masterplan illustrates how a nation can translate a series of high‑profile cyber breaches into a comprehensive, cross‑sectoral security strategy. Its blend of technical measures, legal reforms, and public‑awareness campaigns offers a template that other states—especially those facing persistent state‑sponsored threats—continue to study. The document’s endurance in the National Security Archive underscores its significance: it is not merely a snapshot of 2011 policy but a living blueprint that has shaped South Korea’s cyber posture for over a decade.

Page 1

0101101010 0101011011101010 010110101010100110110 0101101010110101010101111010110 101101010101001101101001010100101 010101010101101010010110101111010010 010101101011010110101010100101010010 01010101010110101001110101001001 1110100101

National Cyber Security Masterplan

1. 2

Page 2

National Cyber Security Masterplan(Summary)

► Protecting national cyber space from cyber attacks ◄

I Purpose

The Masterplan is a comprehensive response strategy at the national level in order to effectively deal with national cyber threats which are getting increasingly sophisticated and intelligent.

II Progress

11 May, 2011 The 'National Cyber Security Strategy Council' decided on the establishment of the Masterplan.

13 May~5 July, 2011 A draft was devised jointly by relevant organizations in consultation with experts

6 July~18 July, 2011 The Masterplan was deliberated and resolved at the 'National Cyber Security Countermeasure Council' meeting

2 August, 2011 50 deliverables were drawn and implemented

III Key points

5 action plans

Establishing joint response system of private, public and military sectors
Strengthening the security of critical infrastructure and enhancing secrets protection
Detecting and blocking cyber attacks at the national level
Establish deterrence through international cooperation
Building cyber security infrastructure

1/4 National Cyber Security Master Plan

Page 3

Organizing the response system and establishing roles within the government departments

Establishing 「National cyber threat joint response team」 comprised of Private, Public and military sectors under the National Cyber security center(NCSC) in order to strengthen the cooperative ties such as cyber threat information sharing among participating organizations
- ※ 'Synthetic Judgement' · 'Joint monitoring' · 'Joint analysis' · 'Joint investigation' comprise 「The national cyber threat joint response team」 which started operating at full capacity in Jan. 2012.
Establishing roles among relevant organizations such as the National Intelligence Service(NIS, overall control in times of peace and crisis), Korea Communications Commission(KCC, supervision over broadcasting and communications) and Ministry of Public Administration and Security(MOPAS, e-government service to the public, National Computing and Information Agency(NCIA) operating under MOPAS, and support for cyber security activities of local governments)

Major imperatives

1 Establishing cyber threat early detection and response system

Setting up 3-tier defence system」 connecting international gateway, ISPs and end-users(organizations and consumers) in order to detect and block cyber attacks in advance
Strengthening response system in financial sector by reinforcing security systems in financial institutions and expanding security monitoring services to insurance companies and credit card corporations
Reinforcing cyber restoration system by developing and distributing anti-virus softwares for the exclusive use of Zombie PCs to help rapid recovery and enhancing cooperative relations between the private and the public sectors; expanding the size and number of DDoS Cyber Urgent Shelters

2/4 National Cyber Security Master Plan

Page 4

2 Improving the level of security for critical information and facilities

Expanding secret management system and upgrading encryption system to protectational confidential information
Strengthening security measures for information and communications system in critical infrastructures such as electric power stations and transportation facilities; establishing immediate checking system comprising related organizations
Tightening up security measures and defining clear responsibilities when outsourcing; making it mandatory to establish a system that diagnoses vulnerabilities of government S/W security

3 Developing platform that would enable a stronger cyber security

Strengthening legal framework dealing with cyber threats by amending ‘National Cyber Security Management Regulation’ and promoting enactment of new related laws
Establishing sector-specific circulation systems designed to create arms exclusively for cyber security, reinforce manpower and train technical professionals
Providing support for exporting Information Protection Products and increasing the budget for information protection R&D (5→10%)

4 Establishing deterrence against cyber provocation and strengthening international cooperation

Expanding bilateral or multilateral cooperative relations in cyber security area and establishing information sharing systems with other leading countries and international organizations
Operating private verification scheme」 in order to deal with the public suspicion over a perpetrator and their motivation, and build public confidence

3/4 National Cyber Security Master Plan

Page 5

Fostering and improving joint training between related organizations to help them increase their ability to effectively respond to cyber crisis

5 Elevating the level of security management of critical information and facilities

Establishing 「Information Protection Day」(legal anniversary) at the national level in order to raise public awareness and expanding the base in cyber security area

※ Wednesday of the second week of July is proclaimed to be 'National Information Protection Day'; and the month of July 'the Month of Information Security'. Joint government ceremony was held to celebrate the first 「National Information Portection Day」 on 11 July, 2012.

Promoting 「Clean Internet Campaign」 in the private sector to protect personal information and to prevent personal computers from turning into Zombie PCs;; strengthening the cyber security education in elementary, middle and high schools budget for information protection R&D (5→10%)

National Cyber Security Master Plan

4/4

National Cyber Security Master Plan

Page 6

NATIONAL SECURITY ARCHIVE

National Security Archive, Suite 701, Gelman Library, The George Washington University, 2130 H Street, NW, Washington, D.C., 20037, Phone: 202/994-7000, Fax: 202/994-7005, nsarchiv@gwu.edu

Government of South Korea, National Cyber Security Masterplan , August 2, 2011. Unclassified.