US-ROK
Bilateral strategic alliance between the United States and South Korea.
Last refreshed: 8 May 2026
Timeline for US-ROK
CSIS calls for operational US-ROK cyber alliance
Cybersecurity: Threats and Defences- What is the US-ROK alliance?
- The US-ROK alliance is a mutual defence treaty between the United States and South Korea, signed in 1953. The US maintains around 28,500 troops in South Korea and extends nuclear deterrence commitments to defend against North Korean or other external threats.
- What cyber cooperation exists between the US and South Korea?
- The US and South Korea share threat intelligence on North Korean cyber actors and coordinate on attribution. As of 2026 they lack a formalised operational cyber posture — a gap CSIS researchers have urged should be closed by moving to joint offensive and active-defence capabilities.Source:
- Why is US-ROK cyber cooperation important?
- North Korea (DPRK) is the most active state-sponsored cyber threat facing South Korea, responsible for Cryptocurrency theft, espionage, and destructive attacks. The US and ROK share intelligence on DPRK actors, but researchers argue the alliance needs operational cyber-warfighting capability to match the threat.
Background
The US-ROK (United States–Republic of Korea) relationship is a treaty alliance anchored by the 1953 Mutual Defense Treaty, under which the US maintains approximately 28,500 troops on the Korean Peninsula and commits to South Korea's defence against external attack. The alliance encompasses joint military operations, intelligence sharing under the Five Eyes-adjacent framework, combined exercises, extended nuclear deterrence commitments, and interoperability agreements covering ground, air, maritime, and increasingly, cyber and space domains. The relationship is managed through the Security Consultative Meeting (SCM) at ministerial level and the Military Committee Meeting (MCM) at chiefs-of-defence level.
The cyber dimension of the alliance has grown significantly since the 2014 Sony Pictures attack and repeated North Korean cyber operations against South Korean financial and critical infrastructure. The two nations share threat intelligence on DPRK cyber actors through bilateral channels and coordinate on attribution. However, as of 2026, the alliance has not formalised an operational cyber posture — the capability to conduct joint offensive or active-defence cyber operations against shared adversaries — in the manner that Five Eyes nations have moved toward.
In U#3, the Center for Strategic and International Studies (CSIS) published a paper on 7 May 2026 calling for the US and South Korea to move from intelligence sharing to an operational cyber alliance posture , explicitly modelling the recommendation on the Five Eyes operational convergence. The paper reflects a wider debate within alliance management about whether the US-ROK cyber relationship is keeping pace with the shared DPRK and PRC threat environment.