On April 3, LG Uplus in South Korea launched the world’s first nationwide 5G network with Huawei technology. The United States, one of South Korea’s important allies, ad asked its partners to not use Huawei’s equipment in November 2018, due to security issues. Supporting these concerns, the Huawei Cyber Security Evaluation Center Oversight Board, an organization founded by the United Kingdom’s National Cyber Security Center, says Huawei equipment has serious security vulnerabilities. But Seoul decided to ignore Washington’s request, a decision that could negatively impact the U.S.-Korea alliance. Why?
While the issue of Huawei is particularly prominent today, problems between the United States and South Korea related to mobile carriers are not new. In 2013, Washington required LG Uplus Corp, which introduced Huawei’s equipment in Seoul that year, to refrain from using the equipment in U.S. Army Garrison Yongsan. In 2014, the United States expressed concern that Huawei’s telecom equipment could be used to spy on alliance communications. Despite these past issues, LG Uplus argues that its network is safe because it is completely separate from other networks and is managed by the company. Moreover, LG Uplus announced plans to partner with S-1, a major security company in South Korea, for telecom security services in April 2019.
However, security concerns remain. Information – including personal and national security information – that travels through 5G base stations is potentially vulnerable to backdoors hidden in the Huawei base station equipment. (Huawei has denied accusations of the use of backdoor programs.) Though LG Uplus claims its detached 5G network ensures security, information may be susceptible to threats in the base stations.
South Korean companies are ignoring these security concerns because the benefit of using Huawei’s less expensive equipment outweighs the cost in their calculations. South Korean companies have faced few monetary penalties regarding privacy protection. In 2015, the South Korean Supreme Court ruled that eBay Korea was not required to pay compensation after a 2008 hacking incident in which a backdoor was used to leak 10 million people’s personal information. The court said that since the incident was perpetrated with high-level technology, the company did not violate its responsibility to protect privacy. Moreover, the Supreme Court found that building a perfect security system is difficult due to the speed and cost of technological development. Due to this precedent, corporations do not expect major legal penalties from hacking incidents resulting in privacy breaches.
Seoul also is concerned that the Huawei issue could affect relations with China, which has taken retaliatory actions against South Korea in the past. In 2017, the Chinese government denounced South Korea’s deployment of a U.S. missile defense system and started pressuring South Korea both diplomatically and economically. Seoul worries about a repeat if it restricts use of Huawei’s equipment. You Young-min, South Korea’s minister of science and ICT, asked telecommunication service providers to use domestic equipment for the 5G network in January 2018. However, he changed his position in July: “Huawei security issues in 5G should not be discussed because China is sensitive to it. I’m afraid that there would be a dispute.” This hesitance indicates Seoul’s unwillingness to further disrupt the South Korea-China relationship.
On April 3, the National Security Office in the Blue House published the National Cyber Security Strategy report. The document discusses current problems, such as increased cybercrimes against the public, and the South Korean government’s self-evaluations, such as its response capabilities. However, it does not suggest standard security guidelines, and nor does it include a publication date for forthcoming, detailed implementation plans. Moreover, one of the plans is to create a system for ranking levels of cyber crises to enable all sectors to resolve them properly. But the gap between the pace of technological development and security systems will persist and render classifications meaningless. Customers will face the same situation regarding privacy leakages even after the release of the report. Moreover, the 5G network has already launched. The South Korean government’s recognition of the importance of cybersecurity is late compared to other countries such as the United States, which released the Comprehensive National Cybersecurity Initiative in January 2008.
Seoul must weigh the potential security concerns and the United States’ criticism of Huawei against the lower cost of Huawei equipment and preserving the relationship with China. South Korea’s reaction toward Huawei could have negative influences on the U.S.-ROK alliance not only in communications, but also in future attempts for cooperation on advanced technology development. Trust and credibility in the alliance could be damaged if cybersecurity standards are not similar on both sides. The South Korean government should announce concrete cybersecurity strategies in partnership with the United States and other international partners, and should specify which ministry oversees responding to cybercrimes to prevent ministries from shifting around responsibility. Without a proactive and comprehensive approach to cybersecurity, South Koreans will face cyber threats, including and beyond the 5G network.
Nagyung Lee is a research intern with the East Asia Program at the Stimson Center and an Asan Academy young fellow.