NEW SECURITY CHALLENGES SERIES EDITOR: GEORGE CHRISTOU Cybersecurity Policy in the EU and South Korea from Consultation to Action Theoretical and Comparative Perspectives Edited by Gertjan Boulet · Michael Reiterer Ramon Pacheco Pardo Foreword by Herman Van Rompuy New Security Challenges Series Editor George Christou University of Warwick Coventry, UK The last decade has demonstrated that threats to security vary greatly in their causes and manifestations and that they invite interest and demand responses from the social sciences, civil society, and a very broad policy community. In the past, the avoidance of war was the primary objective, but with the end of the Cold War the retention of military defence as the centrepiece of international security agenda became untenable. There has been, therefore, a significant shift in emphasis away from traditional approaches to security to a new agenda that talks of the softer side of secu- rity, in terms of human security, economic security, and environmental security. The topical New Security Challenges series reflects this pressing political and research agenda. * * * For an informal discussion for a book in the series, please contact the series editor George Christou ([email protected]), or Palgrave editor Alina Yurova ([email protected]). This book series is indexed by Scopus. Gertjan Boulet Michael Reiterer • Ramon Pacheco Pardo Editors Cybersecurity Policy in the EU and South Korea from Consultation to Action Theoretical and Comparative Perspectives Editors Gertjan Boulet Michael Reiterer Korea University Centre for Security, Diplomacy & Seoul, South Korea Strategy (CSDS) Brussels School of Governance Vrije Universiteit Brussel (VUB) (BSoG-VUB) Brussels, Belgium Brussels, Belgium Ramon Pacheco Pardo King’s College London, UK ISSN 2731-0329 ISSN 2731-0337 (electronic) New Security Challenges ISBN 978-3-031-08383-9 ISBN 978-3-031-08384-6 (eBook) https://doi.org/10.1007/978-3-031-08384-6 © The Editor(s) (if applicable) and The Author(s), under exclusive licence to Springer Nature Switzerland AG 2022 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Palgrave Macmillan imprint is published by the registered company Springer Nature Switzerland AG. The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland F oreword When invited to offer some thoughts on the perspectives for cybersecurity cooperation between the European Union and South Korea, I was reminded of the EU-Korea summit in 2013 in Brussels, where I had with my Korean counterpart the first substantial discussion of working together on cyber issues. We welcomed the launch of bilateral cyber policy consul- tations, and importantly, we agreed to continue joint efforts to maintain a safe, open and secure cyberspace. Convinced of the necessity to promote economic and social development by maximising the positive role of ICT and the Internet, we were also mindful of the projected important role of cyberspace in fostering and protecting on-line the core values of human dignity, freedom, democracy, equality, the rule of law and respect for human rights. This volume shows that these seeds have borne fruit, even if the tree they rest on still needs significant care and engagement if it is to continue to blossom. As is often the case in diplomacy, moving from an exchange of information and best practices to action remains a challenge. This volume shows points of direction by identifying common goals and implementa- tion tools: the means to connect people, to further invest in both com- mercial applications and a robust international governance framework that support democracy based on law, norms, rules and values. Making good use of the internet and the social media has grown in importance and gained a further boost through covid-19, which pre- vented travel to a large degree. The Internet became the great connector. The cyber world gained even more importance, and in parallel the need to address cybersecurity grew further. v vi FoREWoRD Beyond personal and commercial use, the military dimension of the Internet is growing. At the beginning of the war of aggression by Russia against Ukraine, cyber attacks sought to destabilise the country. My col- league, the former president of the European Commission, Jean-Claude Juncker, warned in his 2017 State of the Union address: “Cyber-attacks can be more dangerous to the stability of democracies than guns and tanks”. Now we witness both—cyber attacks and tanks combined in hybrid warfare. In response to cyber attacks, armed forces added cyber attack and cyber defence units. The protection of the ever-growing critical infrastruc- ture has become an essential aspect of security. Having been the victim of a cyber attack in my capacity as the president of the European Council in 2012, I know first-hand the importance of securing networks and accounts. South Korea is one of the most connected societies; it invests in emerg- ing technologies and related research, and leads in the production of semi- conductors. South Korea has already successfully cooperated with European partners in the Horizon 2020 research programme on 5G tech- nology, which is crucial for communication but also security. This intensi- fication of cooperation between the EU and South Korea fits very well into the overall EU policy designed to enhance cooperation with like- minded partners in the Indo-Pacific region on strategic goals. The EU has recently intensified its engagement with Asia and the Indo-Pacific through programmes focusing on connectivity: the Connectivity Strategy with Asia, the Indo-Pacific Strategy and the Global Gateway. A common fea- ture of all these programmes is to connect people and not only building physical infrastructure. Enhancing this cooperation and developing 6G together would add a highly political but also practical dimension to the strategic partnership of the EU and South Korea. This also applies to strengthening cooperation in repelling cyber attacks and using countermeasures. South Korea’s consideration of its bilateral relations with some countries means that it prefers to join multilateral responses and sanctions regimes rather than take its own unilateral mea- sures. In this respect and our common interest, the EU could help to foster cooperation with neighbouring countries like Japan—I launched the “EU-Japan Cyber Dialogue” with Prime Minister Abe in 2014. In order to enhance cybersecurity a global networked approach is necessary to which a robust cyber diplomacy by the EU would contribute and to which South Korea could be invited to join. Cyberspace has gained multidimensional importance in areas like war and peace, preserving and threatening democratic systems, providing a FoREWoRD vii medium for real and fake news, respecting or even defending human rights. Mark Leonard alerted us to the danger of inaction in his recent book The Age of Unpeace, How Connectivity Causes Conflict: the Internet, the ultimate unifier of the global village, should not be allowed to become the perfect weapon to divide the world. In short, this is a timely and well-curated volume of work by European and Asian experts, published at a time when the new administration of President Yoon Suk-yeol is forming its policies. I hope the new Administration in Seoul will draw some inspiration from this volume and continue building a stronger bilateral relationship between the EU and South Korea in cybersecurity and beyond. P resident Emeritus European Council Herman Van Rompuy Minister of State F oreword This volume marks a signature publication in a continued process of coop- eration with editor Gertjan Boulet: hosting him as a visiting researcher at Korea University in 2016—initially for a period of six months—planted the seeds for long-term cooperation to date. This volume in fact has its roots in an inspiring guest lecture of co-editor Michael Reiterer during one of Gertjan’s courses at Korea University. As the editors say in the Introduction, the guest lecture on EU foreign policy in cyberspace led to a series of workshops bringing together Korean and EU experts from diverse fields, which we attended in a spirit of strengthening cyber coop- eration between the EU and South Korea. Digital technology has become more important than ever in various areas like smart cities, autonomous vehicles and artificial intelligence (AI). However, as being at the edge of emerging technologies grants states a competitive advantage, cybersecurity has become a matter of national sur- vival; cyber attacks may cripple the infrastructure of a country, and thus we talk of the need to protect critical infrastructure. As there are no limits in time and space for communication and interaction between countries, international cooperation is the only way to build competitive digital economies throughout the world and to achieve efficient and practical cybersecurity. As various chapters in this volume show, the EU and South Korea already cooperate closely as strategic partners in a wide range of areas covering economic, trade, political, diplomatic and security sectors, and with cybersecurity as a prime area for joint actions. As part of the EU’s Connectivity, Indo-Pacific and Global Gateway strategies, bilateral coop- eration with South Korea should further advance, and the existing ix x FoREWoRD strategic partnership should be further developed in view of building highly efficient digital capabilities in the region and addressing challenges posed by digital transformation, including social and ethical issues. The EU’s growing weight on the digital economy and leading role in the regulation of data and AI has inspired South Korea’s digital strategy, with the GDPR and the necessary adequacy assessment of Korean regula- tions as a representative example of the EU’s influence. However, more work has to be done to achieve a truly global, open, free and secure cyber- space, based on regulations that are proportionate and strike a balance between government control and freedom. As cyber threats become more and more sophisticated and complex, defence becomes difficult with existing security tools. When starting the illegal invasion of Ukraine in 2022, Russia conducted a series of cyber attacks on critical infrastructure in Ukraine and disseminated fake news to deceive Ukrainian citizens and the international media. Volunteer hackers and tech companies worldwide started to defend Ukraine and disrupt Russia’s digital infrastructure through cyber attacks, actions motivated by the conviction that international peace must be maintained and that his- tory should not repeat itself. Such unexpected consequences of the digital transformation can be expected to intensify in the future and should moti- vate the international community to develop practical measures to collec- tively resolve global cyber problems and serve as a catalyst to strengthening international voluntary measures even without any agreements on the global level. Strategically, the lesson to draw from Russia’s invasion is to expand South Korea’s relationships with NATo and EU in a multilateral perspective, also given the continued cyber attacks from North Korea. A wide range of sanctions by numerous countries have been imposed on Russia and Russian politicians after the aggression against Ukraine, orga- nizations have been denouncing Russia’s illegal acts, the UN General Assembly reprimanded Russia which was also excluded from the Council of Europe on March 16, 2022. on the same day, the International Court of Justice ordered Russia to suspend its military operation in the territory of Ukraine. These internationally concerted actions suggest that interna- tional cooperation can prevent and preclude potential or existing threats in any space including cyberspace. To avoid escalation, international coop- eration among countries should be sophisticated and coherent. Cooperation between the EU and South Korea should move in this direction.