Compare
Compare
The United States has historically been a strong partner in cyber diplomacy for the EU based on common values (human rights, rule of law), goals (open, stable and secure cyberspace) and interpretation of international law. Cyber diplomacy with the US has also been operationalised in the form of information-sharing and cooperation to tackle cybercrime, cooperation on cyber defence via NATO and cyber capacity building in third countries. Despite differences over certain foreign policy issues, the EU and the US remain close allies in cyberspace.
South Korea has made significant progress over the last decades when it comes to connectivity and is currently one of the leading states in terms of access and use of ICTs. While in 1995 less than one percent of Koreans used the internet, four years later the country passed the developed nation average and nowadays South Korea is a global leader in the field of connectivity and internet access. Government support for internet access has been instrumental in fostering this progress in connectivity through governmental programs, trainings and low interest loans to companies providing broadband access. Consequently, cyber issues were recognised as important to the bilateral relationship at the EU-South Korea Summit in 2015, and five cyber dialogues have taken place between 2015 and 2020.
As of 2020, 86 % of Uruguayans are active internet users, second in South America, only behind Chile. 9 out of 10 individuals in Uruguay are social media users. This provides a fabric for efficient digital policies and strategies that have transformed Uruguay since the 2010s. Uruguay is ranked first in Latin America and 35th place in the world on Digital Government Development, according to the UNDESA index, which measures dimensions related to technological infrastructure, availability of online services, and ability of citizens to take advantage of those resources. Uruguay also ranks first in Latin America and 42nd in the world on ICT Development, according to the 2017 IDI, published by the International Telecommunications Union. In all, this South American country has positioned itself at the forefront as a regional and world benchmark in Digital Government.
The US believes that international law is applicable in cyberspace. As part of the ‘like-minded’ coalition, the US recognises a need to acknowledge the full breadth of relevant international law, including international humanitarian law (IHL), human rights law, customary international law on the responsibilities of states for internationally wrongful acts. The general applicability of IHL in cyberspace is not to be misconstrued as a tacit endorsement of aggression in the cyber domain; instead, it only serves to remind states of the responsibility to respect and protect civilians in the event of armed conflict.
In the context of multilateral fora, US diplomats have specifically emphasised the applicability of the right to self-defence under Art. 51 of the UN Charter, noting that a State may lawfully take cyber-based or non-cyber-based countermeasures in response to internationally wrongful cyber activities attributable to another State, but only subject to the requirements of the doctrine under international law and the principles of necessity and proportionality. As a member of the 2015 Group of Governmental Experts (UNGGE) and as per the Seoul Framework for and Commitment to an Open and Secure Cyberspace, the ROK recognises that international law, and in particular the UN Charter, is applicable in cyberspace and essential for maintaining security and stability as well as promoting an open, secure, peaceful, and accessible ICT environment.
The country also acknowledges that cybersecurity must go hand-in-hand with respect for human rights and fundamental freedoms as set forth in the Universal Declaration of Human Rights and other international instruments. The ROK notably co-sponsored the Human Rights Council Resolutions 20/8 and 26/13 concerning the promotion, protection and enjoyment of human rights on the Internet.
The country supports the idea of increasing interstate engagement and exchanging national views on how international law applies in cyberspace, both at the multilateral level as well as at the bilateral and regional levels. As a member state of the UNGA, Uruguay expressed their views at the OEWG in 2021, considering cybersecurity an essential element in the prevention of international conflicts. Uruguay provides a rather humanitarian approach to international law and its application on cyber issues. The country is a member of international organisations that promote the development and compliance with standards of transparency and access to information, such as the Open Government Partnership, the Electronic Government Network of Latin America and the Caribbean (GEALC) and Digital Nations.
Uruguay was the first Latin American country, in 2013, to sign the only existing binding, international document concerning the Automatic Processing of Personal Data (known as Convention 108). Its signature and membership have been ratified in 2021.
Uruguay’s Digital initiatives at the national level are also in compliance with the Digital Agenda for Latin America and the Caribbean (eLAC by CEPAL). In particular, Uruguay’s Cybersecurity goal is in line with CEPAL’s framework for confidence-building measures such as combating digital crime by formulating public policies and strategies for cybersecurity and critical infrastructure protection.
In the context of multilateral fora, US diplomats have specifically emphasised the applicability of the right to self-defence under Art. 51 of the UN Charter, noting that a State may lawfully take cyber-based or non-cyber-based countermeasures in response to internationally wrongful cyber activities attributable to another State, but only subject to the requirements of the doctrine under international law and the principles of necessity and proportionality. As a member of the 2015 Group of Governmental Experts (UNGGE) and as per the Seoul Framework for and Commitment to an Open and Secure Cyberspace, the ROK recognises that international law, and in particular the UN Charter, is applicable in cyberspace and essential for maintaining security and stability as well as promoting an open, secure, peaceful, and accessible ICT environment.
The country also acknowledges that cybersecurity must go hand-in-hand with respect for human rights and fundamental freedoms as set forth in the Universal Declaration of Human Rights and other international instruments. The ROK notably co-sponsored the Human Rights Council Resolutions 20/8 and 26/13 concerning the promotion, protection and enjoyment of human rights on the Internet.
The country supports the idea of increasing interstate engagement and exchanging national views on how international law applies in cyberspace, both at the multilateral level as well as at the bilateral and regional levels. As a member state of the UNGA, Uruguay expressed their views at the OEWG in 2021, considering cybersecurity an essential element in the prevention of international conflicts. Uruguay provides a rather humanitarian approach to international law and its application on cyber issues. The country is a member of international organisations that promote the development and compliance with standards of transparency and access to information, such as the Open Government Partnership, the Electronic Government Network of Latin America and the Caribbean (GEALC) and Digital Nations.
Uruguay was the first Latin American country, in 2013, to sign the only existing binding, international document concerning the Automatic Processing of Personal Data (known as Convention 108). Its signature and membership have been ratified in 2021.
Uruguay’s Digital initiatives at the national level are also in compliance with the Digital Agenda for Latin America and the Caribbean (eLAC by CEPAL). In particular, Uruguay’s Cybersecurity goal is in line with CEPAL’s framework for confidence-building measures such as combating digital crime by formulating public policies and strategies for cybersecurity and critical infrastructure protection.
As stated in the 2018 National Security Strategy, the United States views voluntary, non-binding norms of state behaviour during peacetime as essential components of a framework of responsible State behaviour in cyberspace. The US has participated in all iterations of the UN Group of Governmental Experts (UNGGE) as well as the latest Open-Ended Working Group.
In these multilateral fora, US diplomats have typically opposed attempts at shifting to a legally binding status for norms of responsible state behaviour, arguing that such discussions are “premature” and do not represent the best way to address the immediate threats given the fast pace of technological developments.
The starting basis for any further discussions on the part of the US rests on the current buildup of consensus surrounding the norms identified in the 2015 and 2021 GGE reports. Efforts should be concentrated on the implementation of existing consensus norms, not the creation of entirely new normative concepts (i.e. in relation to harmful hidden functions and specific critical infrastructure sectors). The ROK stands in favour of the adoption and elaboration of voluntary, non-binding norms of state behaviour during peacetime. It strongly upholds the 11 non-binding norms agreed upon in the 2015 UNGGE report and believes that further efforts should be undertaken to clarify and concretise them.
In addition, the ROK has put great emphasis on the principle of due diligence, consistently demonstrating its commitment through public statements at regional and international forums. The country believes that no new legally binding instrument is necessary for the moment, retaining a preference for the ‘soft law’ approach and maintaining that less resilient states should first focus on building capacity rather than reforming regulatory frameworks. Uruguay is a represented member in the Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace. The South American country has openly stated that the voluntary norms included in the Report of the Group of Experts (GGE) represent an inescapable guide for the responsible behaviour of States in cyberspace. In session 5 of the second substantive session of the OEWG 2021-2025, Uruguay along with seven other States pointed out the importance of the protection of critical infrastructure, according to norm 13(f).
In these multilateral fora, US diplomats have typically opposed attempts at shifting to a legally binding status for norms of responsible state behaviour, arguing that such discussions are “premature” and do not represent the best way to address the immediate threats given the fast pace of technological developments.
The starting basis for any further discussions on the part of the US rests on the current buildup of consensus surrounding the norms identified in the 2015 and 2021 GGE reports. Efforts should be concentrated on the implementation of existing consensus norms, not the creation of entirely new normative concepts (i.e. in relation to harmful hidden functions and specific critical infrastructure sectors). The ROK stands in favour of the adoption and elaboration of voluntary, non-binding norms of state behaviour during peacetime. It strongly upholds the 11 non-binding norms agreed upon in the 2015 UNGGE report and believes that further efforts should be undertaken to clarify and concretise them.
In addition, the ROK has put great emphasis on the principle of due diligence, consistently demonstrating its commitment through public statements at regional and international forums. The country believes that no new legally binding instrument is necessary for the moment, retaining a preference for the ‘soft law’ approach and maintaining that less resilient states should first focus on building capacity rather than reforming regulatory frameworks. Uruguay is a represented member in the Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace. The South American country has openly stated that the voluntary norms included in the Report of the Group of Experts (GGE) represent an inescapable guide for the responsible behaviour of States in cyberspace. In session 5 of the second substantive session of the OEWG 2021-2025, Uruguay along with seven other States pointed out the importance of the protection of critical infrastructure, according to norm 13(f).
The March 2021 Interim National Security Strategic Guidance states that “[the US] will make cybersecurity a top priority, strengthening our capability, readiness, and resilience in cyberspace.” Following the recommendations of the 2020 Solarium Commission, the US government has adopted the concept of ‘layered resilience’ and is gradually rolling out a comprehensive arsenal of resilience measures across a variety of domains.
The US has been active in engaging in strategically-minded capacity building with partners; US capacity building in Africa with organisations such as the African Union and SADC, for instance, have been largely motivated by Washington’s wish to promote an open, secure, and democratic model for Internet governance across the African continent.
In relation to cyber defence, there have been several joint operations and military exercises, both bilaterally (e.g. between the US Cyber Command and the Montenegrin military) and under the auspices of NATO. Recent regional engagement efforts such as the dialogues in the context of the tripartite AUKUS coalition and the Structured Quadrilateral Security Dialogue (the eponymous Quad) also heavily feature references to collaborative cyber-capacity building. In multilateral fora, the US has also welcomed the inclusion of confidence-building measures in the GGE reports and noted that, in order for CBMs to be useful, they need to be implemented at minimum on a bilateral basis and preferably on a multilateral and eventually an international basis. Driven by a proliferation of cyberthreats originating in the DPRK, Korean diplomats have consistently maintained that bridging the global gap in cybersecurity capabilities constitutes a central task for states; as such, countries should develop cyber defence capabilities to foster resilience in the global cyber ecosystem.
The South Korean government has introduced several international cooperation mechanisms, especially through the Korean Internet & Security Agency (KISA) and its Global Cybersecurity Centre for Development (GCCD) project. Through the GCCD, South Korea has worked with the World Bank and a series of partner countries in Latin America to organise workshops and exercises. Another important initiative is the Cybersecurity Alliance for Mutual Progress (CAMP) network, a mechanism launched in 2016 that provides a platform for Korea to share its expertise with a large group of partner countries and help them exchange knowledge and best practices. Objective 10 of Uruguay’s Digital Agenda for 2025 provides a clear guideline for resilience measures in cybersecurity and ICT. Uruguay is focused on enhancing cybersecurity to prevent and mitigate risks in cyberspace, advancing compliance with the national cyber-security framework, based on public-private cooperation and ensuring the availability of critical information assets. Uruguay intends to achieve this goal by improving efficiency in detecting and responding to cyber incidents by implementing new technologies that allow for predictive analytics and response automation, among others.
The US has been active in engaging in strategically-minded capacity building with partners; US capacity building in Africa with organisations such as the African Union and SADC, for instance, have been largely motivated by Washington’s wish to promote an open, secure, and democratic model for Internet governance across the African continent.
In relation to cyber defence, there have been several joint operations and military exercises, both bilaterally (e.g. between the US Cyber Command and the Montenegrin military) and under the auspices of NATO. Recent regional engagement efforts such as the dialogues in the context of the tripartite AUKUS coalition and the Structured Quadrilateral Security Dialogue (the eponymous Quad) also heavily feature references to collaborative cyber-capacity building. In multilateral fora, the US has also welcomed the inclusion of confidence-building measures in the GGE reports and noted that, in order for CBMs to be useful, they need to be implemented at minimum on a bilateral basis and preferably on a multilateral and eventually an international basis. Driven by a proliferation of cyberthreats originating in the DPRK, Korean diplomats have consistently maintained that bridging the global gap in cybersecurity capabilities constitutes a central task for states; as such, countries should develop cyber defence capabilities to foster resilience in the global cyber ecosystem.
The South Korean government has introduced several international cooperation mechanisms, especially through the Korean Internet & Security Agency (KISA) and its Global Cybersecurity Centre for Development (GCCD) project. Through the GCCD, South Korea has worked with the World Bank and a series of partner countries in Latin America to organise workshops and exercises. Another important initiative is the Cybersecurity Alliance for Mutual Progress (CAMP) network, a mechanism launched in 2016 that provides a platform for Korea to share its expertise with a large group of partner countries and help them exchange knowledge and best practices. Objective 10 of Uruguay’s Digital Agenda for 2025 provides a clear guideline for resilience measures in cybersecurity and ICT. Uruguay is focused on enhancing cybersecurity to prevent and mitigate risks in cyberspace, advancing compliance with the national cyber-security framework, based on public-private cooperation and ensuring the availability of critical information assets. Uruguay intends to achieve this goal by improving efficiency in detecting and responding to cyber incidents by implementing new technologies that allow for predictive analytics and response automation, among others.
The US is a signatory and an early proponent of the Budapest Convention. A big part of American cyber diplomatic activity has, in fact, been focused on promoting the Budapest regime as the global model of cybercrime governance. In 2019, the US firmly opposed the Russian-sponsored resolution calling for an alternative legal instrument to the Convention; following the passing of the resolution, however, the US has agreed to participate in the Ad Hoc Committee established under UNGA resolution 74/247 despite the fact that the “surprise text” within the May 2021 resolution was seen as an effort to “circumvent dialogue” and undermine the “balanced, inclusive, consensus-based process” sought by the US.
On a multilateral level, the US is also a party to the UN Convention against Transnational Organised Crime (UNTOC) and the Inter-American Convention on Mutual Legal Assistance of the Organisation of American States (OAS) and is a member of Interpol.
Bilaterally, the US has completed an agreement with the UK under the CLOUD Act that facilitates cross-border data sharing directly between US companies and the British government; the US is trying to expand this type of bilateral engagement, currently negotiating a similar agreement with Australia. The ROK is generally a strong advocate of strengthening global cooperation against cybercrime. While it is not formally a signatory to the Budapest Convention, the country voted against the Russian-sponsored UNGA resolution calling for a new binding cybercrime treaty.
To promote cooperation among law enforcement agencies, the ROK’s Supreme Prosecutor’s Office (SPO) convenes regular meetings with the FBI, while also engaging with the Federal Criminal Police Office (BKA) in Germany and the European Cybercrime Centre (EC3) in the Netherlands.
On the basis of an increased awareness that Internet Service Providers (ISPs) are becoming “important partners to secure electronic evidences”, the SPO works along with Microsoft to operate the Government Security Program (GSP). Uruguay is not a signatory State of the Budapest Convention on Cybercrime, cooperating in international affairs outside of the framework established by the Council of Europe. However, it has a relatively low rate of cybercrime compared to other countries in the region, staking its position as one of the most advanced countries in Latin America and the Caribbean in terms of cybersecurity. Much of its success relies on the Cybersecurity Framework published in 2021, which is allowing Uruguay to start using artificial intelligence to automate incident response and pattern detection, as well as incorporating data analytics to make projections and anticipate incidents.
Regarding Data Protection, Uruguay has adapted its national framework to the European GDPR, despite its latest Data Protection Law dating back to 2008.
On a multilateral level, the US is also a party to the UN Convention against Transnational Organised Crime (UNTOC) and the Inter-American Convention on Mutual Legal Assistance of the Organisation of American States (OAS) and is a member of Interpol.
Bilaterally, the US has completed an agreement with the UK under the CLOUD Act that facilitates cross-border data sharing directly between US companies and the British government; the US is trying to expand this type of bilateral engagement, currently negotiating a similar agreement with Australia. The ROK is generally a strong advocate of strengthening global cooperation against cybercrime. While it is not formally a signatory to the Budapest Convention, the country voted against the Russian-sponsored UNGA resolution calling for a new binding cybercrime treaty.
To promote cooperation among law enforcement agencies, the ROK’s Supreme Prosecutor’s Office (SPO) convenes regular meetings with the FBI, while also engaging with the Federal Criminal Police Office (BKA) in Germany and the European Cybercrime Centre (EC3) in the Netherlands.
On the basis of an increased awareness that Internet Service Providers (ISPs) are becoming “important partners to secure electronic evidences”, the SPO works along with Microsoft to operate the Government Security Program (GSP). Uruguay is not a signatory State of the Budapest Convention on Cybercrime, cooperating in international affairs outside of the framework established by the Council of Europe. However, it has a relatively low rate of cybercrime compared to other countries in the region, staking its position as one of the most advanced countries in Latin America and the Caribbean in terms of cybersecurity. Much of its success relies on the Cybersecurity Framework published in 2021, which is allowing Uruguay to start using artificial intelligence to automate incident response and pattern detection, as well as incorporating data analytics to make projections and anticipate incidents.
Regarding Data Protection, Uruguay has adapted its national framework to the European GDPR, despite its latest Data Protection Law dating back to 2008.
