Skip to main content

2022 | Buch

Cybersecurity Policy in the EU and South Korea from Consultation to Action

Theoretical and Comparative Perspectives


Über dieses Buch

This book offers a very interesting deep-dive into EU and South Korean approaches to cybersecurity issues. In a unique approach, the editors and authors focus on the potential for strategic partnership and shared lessons learned given common commitments to democracy, human rights, the free market, and a rules-based international order of the two regions. Essential reading for students and researchers in political science, international relations, international law, strategic and defence studies, computer science, and cognitive science.


The introduction’s main objective is to explain to the readers why they are reading what they are reading, reflecting the shared commitment of the editors and authors to invest in three areas for cyber cooperation between the European Union (EU) and South Korea running through the book: digital economy, cyber threats and rules-based cooperation. The common incentives for the EU and South Korea to cooperate in these areas are trade conflicts over digital technology between the US and China, growing cyber threats worldwide, and the real danger of a cyber arms race. In identifying the similarity and to some extent the complementarity of policies followed by the EU and South Korea, the authors of this volume deal with the most salient issues of cyber security and make a strong case for enhancing cooperation in deeds not only in words, bilaterally and globally. The introduction also explains the book’s aim, target audience, focus and outline. The primary objective of this volume is to tap the potential of EU-South Korea cooperation to build a peacetime regime for cyberspace based on shared norms, rules and values. Another objective is to bring together, for the first time, scattered and fragmented knowledge and ongoing interdisciplinary research about cybersecurity in a structured and coherent manner. This volume serves a wider audience consisting of public sector policymakers, military and law enforcement officers, private sector cyber security experts, lawyers, media, civil society, and scholars and students in a variety of fields and disciplines. Though the focus is mainly on the EU and South Korea, the book also takes into consideration the perspective of China. The book is divided into three main sections: Section 1 ‘Rationale for cybersecurity cooperation between the European Union (EU) and South Korea’ tackles the question ‘why’ the EU and South Korea should cooperate in the field of cybersecurity. Section 2 ‘Comparisons’ covers three themes (cyber arms control, cyber defence and digital investigations) from a Korean and European perspective. Section 3 ‘International order and cross-cutting issues’ moves the analysis beyond the EU-South Korean angle identifying cross-cutting issues in the field of cybersecurity and the ongoing efforts with the United Nation (UN) system to advance international cybersecurity governance.
Gertjan Boulet, Michael Reiterer, Ramon Pacheco Pardo

Rationale for Cybersecurity Cooperation Between the EU and South Korea

EU Cyber Diplomacy: Value- and Interest-Driven Foreign Policy with New Focus on the Indo-Pacific
The chapter outlines the development of the EU’s cyber diplomacy and links it to the recent policy papers on the Indo-Pacific. Cyber diplomacy needs an all-in approach, accelerating cooperation to meet the challenges of cyber at the nexus of security and technology. It can make an essential contribution to strategic autonomy. Prime partners are in the Indo-Pacific in promoting digital governance and standard setting, to assure a global, open, free, stable and secure cyberspace for continued prosperity and protection of fundamental human rights in cyberspace. Cyber diplomacy fulfils three major functions: it supports externally the EU’s internal policies; protects the interests of the EU and the relevant stakeholders; and gives the EU through the Cyber Diplomacy Toolbox an offensive instrument to defend its interest more effectively. South Korea has an interest to participate in multilateral restrictive measures/sanctions especially when faced with attributable attacks by major forces.
Michael Reiterer
EU-South Korea Cooperation on Cybersecurity, Data Protection and Emerging Technologies
The European Union (EU) and the Republic of Korea (South Korea) are considered normatively like-minded in the cyber and digital sphere. They face shared threats, common concerns and common interests relating to cybersecurity, data protection and emerging technologies and work bilaterally and multilaterally to achieve a resilient, stable and secure global cyber ecosystem. This chapter interrogates how cooperation and collaboration have evolved between the EU and South Korea to address shared threats. It is argued that whilst there is a high degree of convergence across the issue areas explored, divergence still exists and cooperation can be significantly improved beyond dialogue, information sharing and trust-building.
George Christou, Ji Soo Lee
Cyber Offence Dominance, Regional Dynamics, and Middle Power–led International Cooperation
Despite the maturing of the cyber domain as an important area of contestation and conflict vector, there are no truly multilateral conventions governing cyber operations and cyberconflict in terms of national and military security. This is problematic because a lack of norms both (a) incentivizes predatory behaviour and (b) increases risks of misperception, misunderstanding, cybersecurity dilemmas, and conflict escalation. In this context, this chapter provides a cyber threat landscape and analyses strategic competition and conflict among selected states in East Asia (the US, China, South Korea, North Korea, Japan, Russia) via the cyber domain. Following that, this chapter applies offence-defence theory to the cyber domain in order to predict states’ likely cyberspace behaviour. To this end, the chapter argues that the cyber domain is offence dominant, leading to increased risks of escalatory chainganging. Flowing from this analysis, the chapter seeks to determine what kinds of international cooperation could reduce this escalatory cyber tendency, and how the EU is cooperating with like-minded states such as South Korea to reduce cyber threats.
Mason Richey
Developing a Collective Retorsion Framework Against Malicious Cyber Operations: Opportunities and Steps for EU-South Korea Cybersecurity Cooperation
South Korea has continually experienced malicious cyber operations, and their frequency and sophistication have been ramped up, raising concerns over threats posed to economic and social developments as well as the security of the country. Unfortunately, South Korea has not yet come up with strategies for an effective international response, thereby failing to deter potential malicious actors. Such failure is traced back to South Korea’s main challenges in response to malicious cyber operations: attribution challenges and high political costs of unilateral countermeasures. In this context, the EU’s collective retorsion regime comprised of lawful but unfriendly acts as a means of response against malicious cyber operations may offer useful insights for South Korea’s cybersecurity policies. This chapter develops the argument that South Korea should seek cooperation with the EU to build a framework for collectively imposing proportionate costs on malicious cyber actors, a collective retorsion framework.
Joohui Park


Cyber Arms Control on the Korean Peninsula: Challenges and Opportunities with a View to North Korea’s Asymmetry Strategy
North Korea’s defence strategy relies on its nuclear arsenal as strategic deterrent and on cyber capabilities as weapons technology to retain the strategic initiative during peacetime and to support kinetic attacks during conflict. Due to the advantageous cost-benefit ratio of cyber weapons compared to conventional and nuclear weapons, North Korea has invested considerably in cyber capabilities to underwrite its asymmetry strategy targeted at the US-ROK alliance. In combination with frequent occurrences of cybercrime and terror originating from North Korea, this has led to a proliferation of cyber attacks and exacerbated cyber insecurity on the Korean Peninsula. South Korea, the main target of North Korean cyber attacks, has furthermore proven unable to develop cyber defence capabilities able to sufficiently protect its military and civilian networks. Against this background, this chapter investigates the possibility of a cyber arms control regime on the Korean Peninsula. Fashioned after existing arms control regimes, this chapter proposes an inter-Korean cyber arms control agreement.
Sangho Lee, Maximilian Ernst
Arms Control in the Cyber Domain: A European Approach to Mitigate Digital Threats
While it has become evident that hostile acts of cyber aggression are increasing, policy makers still struggle to fully comprehend the interconnected nature and potential threats of the digital realm. Against this background, this chapter analyses EU cybersecurity strategies and mechanisms from an arms control perspective. Several decisive elements of European cyber arms control have been identified, limiting and regulating the militarisation of the digital environment through traditional and non-traditional means of arms control mechanisms. These include mainly the limitation of potentially harmful programmes by enforcing standards and regulations as well as the restriction of malicious behaviour and intent in the form of sanctions. The chapter finds that the EU has effectively developed and implemented these instruments to successfully mitigating digital threats in a preventive and proactive fashion, indicating aspects of arms control and non-proliferation. The chapter also provides an outlook into the field of artificial intelligence (AI), stressing that the EU is responsible for preventing the multifaceted risks and threats posed by AI.
Michael Zinkanell
South Korea’s Cyber Defence and Digital Cooperation with the EU
This chapter examines the evolving and imminent North Korean cyber threat and primarily highlights the role of the Reconnaissance General Bureau (and its cyber footprints as the core institutional system of North Korea’s cyber operations). The chapter also examines the possibility of an EU-South Korea cyber-strategic partnership based on the respective cybersecurity strategies against North Korea’s threats and other cybersecurity concerns and, to this end, formulates four policy recommendations to improve South Korea’s cybersecurity defence posture which are relevant for further South Korea-EU cyber cooperation: the establishment of a whole-of-the-government consensus on the necessity of countermeasures against cybersecurity threats, the construction of central authority in charge of overall cybersecurity policies, and the institutionalization of international cooperation in cybersecurity through various channels.
Kyu-dok Hong, Seong-jong Song
Building Cyber Resilience: The Defensive Shield for the EU
In April 2021 the European Union (EU) published its new Cybersecurity Strategy which reflects the organisation’s ambition to be in the lead for digital economy, invest more in technology, and remain the frontrunner in maintaining a high level of protection for the whole society. The key for being able to effectively address cyber threats lies in cyber resilience: the ability to mitigate the damage of an incident and continue operation. This chapter explains in a nutshell the EU’s main regulatory and policy aims in achieving increased resilience in cyberspace. In particular, the chapter focuses on the role of disruptive technologies in building a defensive shield for the EU and recent developments within the domain of EU cyber defence. Finally, the chapter will illustrate how cooperation with trusted partners such as South Korea will be mutually beneficial for enhancing cyber resilience.
Anna-Maria Osula
Enhancing Cooperation Between South Korea and the EU in the Fight Against Cybercrime
Cybercrime is one of the representative transnational crimes occurring across national jurisdictions and has become an international challenge with the Internet reaching developing countries since 2000. Since an effective response to cybercrime requires an enhanced level of global cooperation, South Korea has achieved a certain level of success through international cooperation. However, there is still a long way to succeed: participation of South Korea to the Convention on Cybercrime has been delayed, and cooperation with the EU has lagged behind compared to progress with the US and other Asian countries. This chapter reviews South Korea’s international cooperation framework on cybercrime and presents four solutions to promote EU-South Korea cooperation: (1) joining the Convention on Cybercrime of the Council of Europe, (2) establishing a working group on joint investigation in cybercrime, (3) implementing cybercrime capacity building projects in developing countries, (4) expanding cooperation on digital forensics technology.
Gibum Kim
The EU and Access to Electronic Evidence: Privatisation of Law Enforcement?
The inability of the mutual legal assistance frameworks to meet the growing demand for cross-border access to electronic evidence has led to various legislative proposals that suggest replacing mutual legal assistance with direct requests to communication service providers located abroad. These solutions include the US CLOUD Act, the EU E-Evidence Proposals, and the Second Additional Protocol to the Council of Europe Convention on Cybercrime. This chapter discusses the challenges of current regimes governing access to electronic evidence stored with providers abroad and analyses the new legislative frameworks relevant to the EU and their possible effects. The author argues that replacing traditional mutual legal assistance mechanisms with direct requests to providers can lead to privatisation of law enforcement and, ultimately, have a severe effect on the protection of fundamental rights in the EU and beyond.
Tatiana Tropina

International Order and Cross-Cutting Issues

Recent Trends in UN Cybersecurity Governance and South Korea-EU Cooperation
This chapter discusses why the UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications process has reached a turning point. It argues that the discussion about how Information and Communication Technology (ICT) should be regulated is as much about strategy, politics, and ideological differences as it is about law. For the time being, states have too diverging interests and normative preferences to reach consensus on anything but the most basic of legal findings. This chapter also offers some suggestions about what the future holds with regard to the regulation of cyberspace. It argues that the deadlock of the UNGGE process is likely to lead to a shift away from ambitious global initiatives towards regional cooperation between like-minded countries. In this regard, it delineates how to facilitate South Korea-EU cooperation in the context of governance and norms building.
JoonKoo Yoo
The International Cybersecurity Cooperation Dilemma and Implications for EU-South Korea Relations
This chapter focuses on the international cybersecurity cooperation dilemma. Cybersecurity is a common concern within the international community. With the breakneck development of the Internet, countries have gradually formed cooperation mainly involving models of international conferences, international organizations, and international treaties. Despite this, international cybersecurity cooperation is still insufficient, mainly due to fragmented mechanisms, poor effectiveness, and camp-based confrontations. From a realist point of view, these problems arise from objective factors such as differences in willingness, interests, and demands, amplified by gaps in strength, cost sharing, benefit distribution, and technical uncertainties. From the perspective of constructivism, there are also contributing factors such as misperceptions caused by stereotypes and misperceptions inherent to the characteristics of cyberspace. EU-South Korea cybersecurity cooperation should be open and inclusive to eliminate misperceptions, develop a tailor-made framework for cybersecurity cooperation, establish a dedicated cybersecurity cooperation mechanism, and pursue greater autonomy in the cyberspace of confrontation between camps. In their cooperation there is room for the EU and South Korea to play a greater role in cybersecurity.
Cuihong Cai
Conclusion: From Words to Deeds
The authors of this edited volume are convinced that cybersecurity cooperation between the EU and South Korea ought to move from theory to practice, from words to deeds – on the official as well as on the private level. Techno-competition in the digital economy boosted by the covid-19 crisis, the growth of critical infrastructure in size and importance and the need for its protection against cyber threats, and the growing weaponization of technology have turned technological competition into an arms race. All these elements require joint endeavours of like-minded partners such as the EU and South Korea to push for cyber governance as part of a rules-based system. Technical capabilities paired with shared values and a belief in the need for multilateralism in this field provide a strong basis to meet the often same types of malicious cyber activities by the same (non-)state actors operating in the cyber domain. Geopolitics provides a further incentive for cooperation: in the Sino-US competition both the EU and South Korea are interested to cooperate with the US to face up to China’s growing power and techno-nationalism, but would like to pursue these goals ‘their way’ which could become a common EU-Korean way. The Conclusions put the various views of the contributors in perspective, show concrete paths to follow in order not to miss the rendezvous with history through inaction but to proceed from words to deeds.
Michael Reiterer, Ramon Pacheco Pardo, Gertjan Boulet
Cybersecurity Policy in the EU and South Korea from Consultation to Action
herausgegeben von
Gertjan Boulet
Michael Reiterer
Ramon Pacheco Pardo
Electronic ISBN
Print ISBN

Premium Partner