Driven by a proliferation of cyberthreats originating in the DPRK, Korean diplomats have consistently
maintained that bridging the global gap in cybersecurity capabilities constitutes a central task for states; as such, countries should develop cyber defence capabilities to foster resilience in the global cyber ecosystem.
The South Korean government has
introduced several international cooperation mechanisms, especially through the Korean Internet & Security Agency (KISA) and its Global Cybersecurity Centre for Development (GCCD) project. Through the GCCD, South Korea has worked with the World Bank and a series of partner countries in Latin America to organise workshops and exercises. Another important initiative is the Cybersecurity Alliance for Mutual Progress (CAMP) network, a mechanism launched in 2016 that provides a platform for Korea to share its expertise with a large group of partner countries and help them exchange knowledge and best practices.
Resilience constitutes one of the central objectives of Japan’s
2018 Cybersecurity Strategy, whose core components include international cooperation in sharing expertise and coordination of policies, incidence response, and cyber capacity-building (CCB). Japan has traditionally
argued that global initiatives are required to reduce cybersecurity vulnerabilities and has advocated for a tailor-made approach that takes into account the national situation of recipient countries and the importance of national ownership.
Japan recognises the ‘trickle-up’ effect of national initiatives,
stating that CCB “not only improves the capabilities of the recipient country, but also directly leads to enhanced security and stability in cyberspace as a whole”; in that sense, it disfavours the understanding of CCB as a “common but differentiated responsibility”, believing that such a view “does not fit the context” of international cyber cooperation. As a result, the country has assumed a balanced approach to CCB. On the one hand, it has successfully utilised multilateral fora such as the G7 and G20 summits to promote its own normative standards.
At the G7 Ise-Shina Summit in May 2016, for instance, Japan introduced the
Ise-Shima Principles, which included the enhancement of cooperation on CCB. On the other hand, Japan considers its own security and that of its nationals as intrinsically tied to the cyber capabilities of developing countries, since attacks on the IT infrastructure of regional partners can adversely affect Japanese trade. Japan has thus acted primarily through ASEAN to promote regional capacity-building efforts.
The new Cybersecurity Strategy 2022-2026 aims to improve effective mechanism for responding to cyber incidents and response to cybercrime. The new strategy recognises the establishment of a new body Cyber Security Agency which will be umbrella institution when it comes to cyber security. The CIRT team will be transferred to the new Agency. The 2018-2021
Cybersecurity Strategy explicitly establishes a “reliance” on European and Euro-Atlantic conceptualisations of cybersecurity and resilience. The Strategy points to the EU’s 2016 NIS Directive as the primary source of inspiration, notably in its requirements for the adoption of a national cybersecurity strategy, the definition of relevant authorities, and the creation of a Computer Incident Response Team (CIRT). Indeed, since 2012, the Montenegrin CIRT represents “a central point for coordinating prevention and protection against computer security incidents on the Internet and other IT security risk for the area of Montenegro”. The Strategy also features a dedicated section on cyber defence, highlighting the country’s alignment with NATO targets (E 6202 N). In expanding cyber defence capabilities, the document notes that “special attention will be paid to harmonisation with regard to the standardisation of concepts, methods, policies, and procedures in line with the accepted European and international standards”. It also pledges the country to a set of goals: (1) definition and protection of critical information infrastructure; (2) strengthening the resilience of information systems to incidents; and (3) performing analysis of threats to IT infrastructure. Montenegro completed a bilateral ICT cooperation agreement with Thailand in 2013, while it is also a member of the
CAMP initiative, the platform where members “prepare themselves with collective actions to keep cyberspace safe” through training, joint exercises, and dialogues.