Skip to main content
Top

2022 | OriginalPaper | Chapter

Developing a Collective Retorsion Framework Against Malicious Cyber Operations: Opportunities and Steps for EU-South Korea Cybersecurity Cooperation

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

South Korea has continually experienced malicious cyber operations, and their frequency and sophistication have been ramped up, raising concerns over threats posed to economic and social developments as well as the security of the country. Unfortunately, South Korea has not yet come up with strategies for an effective international response, thereby failing to deter potential malicious actors. Such failure is traced back to South Korea’s main challenges in response to malicious cyber operations: attribution challenges and high political costs of unilateral countermeasures. In this context, the EU’s collective retorsion regime comprised of lawful but unfriendly acts as a means of response against malicious cyber operations may offer useful insights for South Korea’s cybersecurity policies. This chapter develops the argument that South Korea should seek cooperation with the EU to build a framework for collectively imposing proportionate costs on malicious cyber actors, a collective retorsion framework.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Footnotes
1
In this chapter, “cyber operation” means the employment of cyber capabilities to achieve objectives in or through cyberspace, as proposed in the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Michael N. Schmitt (ed.), Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, (Cambridge University Press, 2017), 564.
 
2
For a discussion on cyber threat landscape, see Mason Richey’s chapter.
 
3
The US Department of Justice, “Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace.” October 19, 2020; The UK, “UK exposes series of Russian cyber attacks against Olympic and Paralympic Games,” 19 October 2020.
 
4
Council of the EU, Council Conclusions on a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (“Cyber Diplomacy Toolbox”), Brussels, 19 June 2017.
 
5
Samuele De Tomas Colatin, “Si vis cyber pacem, para sanctiones: the EU Cyber Diplomacy Toolbox in action,” accessed August 24, 2021, https://​ccdcoe.​org/​library/​publications/​si-vis-cyber-pacem-para-sanctiones-the-eu-cyber-diplomacy-toolbox-in-action.
 
6
In addition to this legal aspect of attribution, there are also different concepts on attribution: technical attribution or political attribution. The Netherlands, Letter of 5 July 2019 from the Minister of Foreign Affairs to the President of the House of Representatives on the international legal order in cyberspace, Appendix: International law in cyberspace, 2019.
 
7
See the chapters of Gibum Kim and Tatiana Tropina.
 
8
Exercise by a state of enforcement jurisdiction in a foreign state is possible under the term of a treaty (to which both states are party) or other consent of the foreign state. Generally, mutual legal assistance is governed by multilateral or bilateral treaties on mutual legal assistance in criminal matters.
 
9
See the chapters of George Christou and Ji Soo Lee, Tatiana Tropina, and Gibum Kim.
 
10
Budapest Convention, Article 32(b). On 28 May 2021, the Council of Europe approved the draft for the Second Additional Protocol to the Budapest Convention on enhanced co-operation and disclosure of electronic evidence. Thomas Wahl, CoE Committee Adopts Draft on E-Evidence Protocol, accessed October 29, 2021, https://​eucrim.​eu/​news/​coe-committee-adopts-draft-on-e-evidence-protocol.
 
11
European Commission, Proposal for a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for electronic evidence in criminal matters, 17 April 2018, COM(2018) 225 final; European Commission, Proposal for a Directive of the European Parliament and of the Council laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings, 17 April 2018, COM(2018) 226 final. Similarly, the US has introduced the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) to speed access to electronic evidence in March 2018.
 
12
Council of Europe, “T-CY News: Budapest Convention at ISCR 2019,” 22–24 May 2019, https://​www.​coe.​int/​en/​web/​cybercrime/​-/​budapest-convention-at-iscr-2019.
 
13
The US Department of Justice, “Six Russian.”
 
14
The UK, “Olympic and Paralympic Games.”
 
15
So Jeong Kim and Sunha Bae, “Korean Policies of Cybersecurity and Data Resilience” in The Korean Way with Data, (Carnegie Endowment for International Peace, 2021), 58.
 
16
EU Cyber Direct, “EU-ROK Cyber Consultations Resilience and Trust in Cyberspace,” December 16, 2020, 2.
 
17
States can exercise the right of self-defence to deter malicious cyber operations which have amounted to the level of armed attack in Article 51 of the UN Charter. See also Schmitt (ed.), Tallinn Manual 2.0, Rule 71. As to low-intensity cyber operations, see Michael N. Schmitt, ““Below the Threshold” Cyber Operations: The Countermeasures Response Option and International Law,” Virginia Journal of International Law, Vol. 54, No. 3, 2014.
 
18
UNGA, Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, UN Doc. A/68/98, 24 June 2013, para. 20; UNGA, Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, UN Doc. A/70/174, 22 July 2015, para. 27; UNGA, Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security, UN Doc. A/76/135, 14 July 2021, para. 71(b). See also the chapter of JoonKoo Yoo.
 
19
Every internationally wrongful act of a State entails the international responsibility of that State. There is an internationally wrongful act of a State if conduct (i) is attributable to the State and (ii) constitutes a breach of an international obligation of that State. ILC, Draft Articles on Responsibility of States for Internationally Wrongful Acts, Report of the International Law Commission on the work of its Fifty-third session, UN Doc. A/56/10, (23 April–1 June and 2 July–10 August 2001), Articles 1 and 2.
 
20
ILC, Draft Articles, Article 22. As to the conditions for countermeasures, see ILC, Draft Articles, Articles 49–54.
 
21
EU Cyber Direct, “EU-ROK Cyber Consultations,” 2.
 
22
 See also the chapter of Michael Reiterer. 
 
23
Council of the EU, Council Conclusions on Cyber Diplomacy, Brussels, 11 February 2015.
 
24
Council of the EU, Implementing guidelines for the Framework on a Joint EU Diplomatic Response to Malicious Cyber Activities, Brussels, 9 October 2017.
 
25
Implementing guidelines, 5.
 
26
Council Decision (CFSP) 2020/1127 of 30 July 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, OJ L 246, 30.7.2020.
 
27
Council Decision (CFSP) 2020/1127.
 
28
Council Decision (CFSP) 2020/1537 of 22 October 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, OJ L 351I, 22.10.2020. For a discussion on the cyber threat landscape, see Mason Richey’s chapter.
 
29
Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, OJ L 129I, 17.5.2019, 13–19.
 
30
Council Decision on Restrictive Measures, preamble, para. 7.
 
31
Council Decision on Restrictive Measures, Article 1(1).
 
32
Council Decision on Restrictive Measures, Article 1(3).
 
33
Council Decision on Restrictive Measures, Article 1(3).
 
34
Catherine Stupp, “Germany Seeks EU Sanctions for 2015 Cyberattack on Its Parliament,” The Wall Street Journal, June 11, 2020; M Baumgartner, et al, “The Breach from the East,” Der Spiegel, 18 March 2018.
 
35
Council Decision (CFSP) 2020/1537.
 
36
Council Decision on Restrictive Measures, Article 1(2).
 
37
See also Mason Richey’s Chapter.
 
38
Council Decision on Restrictive Measures, Articles 4 and 5.
 
39
The Netherlands, Ministry of Defence, Letter to the House of Representatives regarding disruption of a GRU cyber operation in The Hague. October 2018.
 
40
Council Decision (CFSP) 2020/1127.
 
41
Council Decision (CFSP) 2020/1537.
 
42
Council Decision on Restrictive Measures, Articles 4 and 5.
 
43
Council Decision (CFSP) 2020/1127. According to the US Department of Justice, Chosun Expo is known as a North Korean government front company. U.S.A. v. PARK JIN HYOK, Criminal Complaint, United States District Court for the Central District of California, June 2018, 133.
 
44
Implementing Guidelines, 4.
 
45
Council Decision on Restrictive Measures, Articles 4(3), 4(6), and 5(3).
 
46
Colatin, “Toolbox in action.” For the concept of retorsion, see ILC, the Draft Articles, Commentary to the Chapter II (Countermeasures), para. 3.
 
47
Jeff Kosseff, “Retorsion as a Response to Ongoing Malign Cyber Operations,” in 2020 12th International Conference on Cyber Conflict 20/20 Vision: The Next Decade, eds. T. Jančárková, L. Lindström and M. Signoretti, I. Tolga, G. Visky (Tallinn: CCDCOE, 2020).
 
48
In order to take countermeasures, states should comply with several requirements under the law of state responsibility. Most of all, it is necessary to establish whether there is an internationally wrongful act, which requires attribution of acts to a state and a breach of an international obligation of that state. For more requirements, see ILC Draft Articles, Articles 49–54.
 
49
Even though it is not required to establish state attribution under international law in order to take measures of retorsion, states need to identify which actors conducted malicious cyber operations.
 
50
The EU Cyber Diplomacy Toolbox, Annex, para. 4. Paul Ivan, Responding to Cyberattacks: Prospects for the EU Cyber Diplomacy Toolbox, European Policy Centre (March 2019), 12.
 
51
Annegret Bendiek, “The European Union’s Foreign Policy Toolbox in International Cyber Diplomacy,” Cyber, Intelligence, and Security 2, No. 3 (December 2018), 66; Colatin, “Toolbox in action.”; Jamie Collier, “Europe’s New Sanction Regime Suggests a Growing Cyber Diplomacy Presence,” Fireeye, accessed April 29, 2021, https://​www.​fireeye.​com/​blog/​executive-perspective/​2020/​08/​europe-new-sanction-regime-suggest-a-growing-cyber-diplomacy-presence.​html.
 
52
NATO CCDCOE, “European Union establishes a sanction regime for cyber-attacks,” accessed April 28, 2021, https://​ccdcoe.​org/​library/​publications/​european-union-establishes-a-sanction-regime-for-cyber-attacks.
 
53
Council Decision on Restrictive Measures, preamble, para. 7 and Article 9.
 
54
The ROK, National Cybersecurity Strategy, April 2019. See also the chapter of Kyu-dok Hong and Seong-jong Song.
 
55
The ROK, National Cybersecurity Basic Plan, September 2019.
 
56
The ROK, National Cybersecurity Basic Plan, 28–29.
 
58
EU Cyber Direct, “EU-ROK Cyber Consultations.”
 
59
Framework Agreement, Article 15.
 
60
Michael Reiterer, “The 10th anniversary of the EU-Korea Strategic partnership,” Journal of European Union Studies 56, (October 2020): 3–20. https://brussels-school.be/sites/default/files/SpecialContribution-MichaelReiterer%28EU%EC%97%B0%EA%B5%AC%2057%ED%98%B8%29.pdf 
 
61
Delegation of the European Union to the Republic of Korea, EU-Republic of Korea Strategic Partnership, 30 June 2020. https://​eeas.​europa.​eu/​delegations/​south-korea/​81748/​eu-republic-korea-strategic-partnership_​en.
 
Literature
go back to reference Baumgartner, M, et al, “The Breach from the East,” Der Spiegel, 18 March 2018. Baumgartner, M, et al, “The Breach from the East,” Der Spiegel, 18 March 2018.
go back to reference Bendiek, Annegret, “The European Union’s Foreign Policy Toolbox in International Cyber Diplomacy,” Cyber, Intelligence, and Security 2, No. 3 (December 2018). Bendiek, Annegret, “The European Union’s Foreign Policy Toolbox in International Cyber Diplomacy,” Cyber, Intelligence, and Security 2, No. 3 (December 2018).
go back to reference Council of the EU, Council Conclusions on a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (“Cyber Diplomacy Toolbox”), Brussels, 7 June 2017a. Council of the EU, Council Conclusions on a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (“Cyber Diplomacy Toolbox”), Brussels, 7 June 2017a.
go back to reference Council of the EU, Council Conclusions on Cyber Diplomacy, Brussels, 11 February 2015. Council of the EU, Council Conclusions on Cyber Diplomacy, Brussels, 11 February 2015.
go back to reference Council of the EU, Implementing guidelines for the Framework on a Joint EU Diplomatic Response to Malicious Cyber Activities, Brussels, 9 October 2017b. Council of the EU, Implementing guidelines for the Framework on a Joint EU Diplomatic Response to Malicious Cyber Activities, Brussels, 9 October 2017b.
go back to reference Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, OJ L 129I, 17.5.2019. Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, OJ L 129I, 17.5.2019.
go back to reference Council Decision (CFSP) 2020/1127 of 30 July 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, OJ L 246, 30.7.2020a. Council Decision (CFSP) 2020/1127 of 30 July 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, OJ L 246, 30.7.2020a.
go back to reference Council Decision (CFSP) 2020/1537 of 22 October 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, OJ L 351I, 22.10.2020b. Council Decision (CFSP) 2020/1537 of 22 October 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, OJ L 351I, 22.10.2020b.
go back to reference EU Cyber Direct, “EU-ROK Cyber Consultations Resilience and Trust in Cyberspace,” December 16 2020. EU Cyber Direct, “EU-ROK Cyber Consultations Resilience and Trust in Cyberspace,” December 16 2020.
go back to reference European Commission, Proposal for a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for electronic evidence in criminal matters, 17 April 2018, COM(2018) 225 final. European Commission, Proposal for a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for electronic evidence in criminal matters, 17 April 2018, COM(2018) 225 final.
go back to reference European Commission, Proposal for a Directive of the European Parliament and of the Council laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings, 17 April 2018, COM(2018) 226 final. European Commission, Proposal for a Directive of the European Parliament and of the Council laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings, 17 April 2018, COM(2018) 226 final.
go back to reference ILC, Draft Articles on Responsibility of States for Internationally Wrongful Acts, Report of the International Law Commission on the work of its Fifty-third session, UN Doc. A/56/10, (23 April–1 June and 2 July–10 August 2001). ILC, Draft Articles on Responsibility of States for Internationally Wrongful Acts, Report of the International Law Commission on the work of its Fifty-third session, UN Doc. A/56/10, (23 April–1 June and 2 July–10 August 2001).
go back to reference Ivan, Paul, Responding to Cyberattacks: Prospects for the EU Cyber Diplomacy Toolbox, European Policy Centre (March 2019). Ivan, Paul, Responding to Cyberattacks: Prospects for the EU Cyber Diplomacy Toolbox, European Policy Centre (March 2019).
go back to reference Kim, So Jeong and Bae, Sunha, “Korean Policies of Cybersecurity and Data Resilience” in The Korean Way with Data, (Carnegie Endowment for International Peace, 2021). Kim, So Jeong and Bae, Sunha, “Korean Policies of Cybersecurity and Data Resilience” in The Korean Way with Data, (Carnegie Endowment for International Peace, 2021).
go back to reference Kosseff, Jeff “Retorsion as a Response to Ongoing Malign Cyber Operations,” in 2020 12th International Conference on Cyber Conflict 20/20 Vision: The Next Decade, eds. T. Jančárková, L. Lindström and M. Signoretti, I. Tolga, G. Visky (Tallinn: CCDCOE, 2020). Kosseff, Jeff “Retorsion as a Response to Ongoing Malign Cyber Operations,” in 2020 12th International Conference on Cyber Conflict 20/20 Vision: The Next Decade, eds. T. Jančárková, L. Lindström and M. Signoretti, I. Tolga, G. Visky (Tallinn: CCDCOE, 2020).
go back to reference Reiterer, Michael, “The 10th anniversary of the EU-Korea Strategic partnership,” Journal of European Union Studies 56, (October 2020). Reiterer, Michael, “The 10th anniversary of the EU-Korea Strategic partnership,” Journal of European Union Studies 56, (October 2020).
go back to reference Schmitt, Michael N. (ed.), Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, (Cambridge University Press, 2017). Schmitt, Michael N. (ed.), Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, (Cambridge University Press, 2017).
go back to reference Schmitt, Michael N, ““Below the Threshold” Cyber Operations: The Countermeasures Response Option and International Law,” Virginia Journal of International Law, Vol. 54, No. 3, 2014. Schmitt, Michael N, ““Below the Threshold” Cyber Operations: The Countermeasures Response Option and International Law,” Virginia Journal of International Law, Vol. 54, No. 3, 2014.
go back to reference Stupp, Catherine, “Germany Seeks EU Sanctions for 2015 Cyberattack on Its Parliament,” The Wall Street Journal, June 11, 2020. Stupp, Catherine, “Germany Seeks EU Sanctions for 2015 Cyberattack on Its Parliament,” The Wall Street Journal, June 11, 2020.
go back to reference The Netherlands, Ministry of Defence, Letter to the House of Representatives regarding disruption of a GRU cyber operation in The Hague. October 2018. The Netherlands, Ministry of Defence, Letter to the House of Representatives regarding disruption of a GRU cyber operation in The Hague. October 2018.
go back to reference The Netherlands, Letter of 5 July 2019 from the Minister of Foreign Affairs to the President of the House of Representatives on the international legal order in cyberspace, Appendix: International law in cyberspace, 2019. The Netherlands, Letter of 5 July 2019 from the Minister of Foreign Affairs to the President of the House of Representatives on the international legal order in cyberspace, Appendix: International law in cyberspace, 2019.
go back to reference The ROK, National Cybersecurity Strategy, April 2019a. The ROK, National Cybersecurity Strategy, April 2019a.
go back to reference The ROK, National Cybersecurity Basic Plan, September, 2019b. The ROK, National Cybersecurity Basic Plan, September, 2019b.
go back to reference The UK, “UK exposes series of Russian cyber attacks against Olympic and Paralympic Games,” 19 October 2020. The UK, “UK exposes series of Russian cyber attacks against Olympic and Paralympic Games,” 19 October 2020.
go back to reference The US Department of Justice, “Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace,” October 19, 2020. The US Department of Justice, “Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace,” October 19, 2020.
go back to reference UNGA, Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, UN Doc. A/68/98, 24 June 2013. UNGA, Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, UN Doc. A/68/98, 24 June 2013.
go back to reference UNGA, Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, UN Doc. A/70/174, 22 July 2015. UNGA, Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, UN Doc. A/70/174, 22 July 2015.
go back to reference UNGA, Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security, UN Doc. A/76/135, 14 July 2021. UNGA, Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security, UN Doc. A/76/135, 14 July 2021.
Metadata
Title
Developing a Collective Retorsion Framework Against Malicious Cyber Operations: Opportunities and Steps for EU-South Korea Cybersecurity Cooperation
Author
Joohui Park
Copyright Year
2022
DOI
https://doi.org/10.1007/978-3-031-08384-6_5

Premium Partner