Northeast Asia Regional Cooperation in Cyber Security Policy
- LanguageKorean
- Authors Hankyun Kim, Rhohyung Park, Myunghyun Chung, Minho Ahn
- ISBN978-89-7366-671-3
- Date December 01, 2015
- Hit407
Chapter 1. The Objectives and Methods of the Study
Cyberspace is under threat of malicious cyber activities, such as cyberterrorism and cyber crime. Malicious cyber activities are becoming diverse in size and type and the impact is very significant. Since the cyberspace issues are transboundary in nature, it is important to establish the national cooperation response system to respond to cyber-security and cyber-crime issues. Currently, South Korea is promoting trust process through the national dialogue and cooperation among the Northeast Asia region including United States. In the Northeast Asia, however, a regional cross-border political and security cooperation has continued short of interdependence as compared to economic, social and cultural interdependence trends, so called “Asian Paradox” phenomenon, and a multilateral partnership mechanism is not formed to deal with disputes between states.
In 2014, South Korea held “2014 Northeast Asia Peace and Cooperation Forum” and experts from United States, China, Russia, Japan, Mongolia, and Korea participated to discuss the current issues of the energy security, nuclear safety, and the cyberspace and worked to improve mutual understanding. However, in the field of cyberspace, South Korea does not have a systematic view about the national cybersecurity and cybercrime. Therefore it is necessary to explore policy analysis and responses to cybersecurity and cybercrime for cooperation in Northeast Asia. This study will review of the recent policy stance on cybersecurity and cybercrime in the United States, China, Russia, Japan, and South Korea, and draw cooperative response measure through the implications of those policies which South Korea may suggest in the Northeast Asia region.
Chapter 2. Comparative Study on Cybersecurity and Cybercrime Policy in Northeast Asia Countries
I. The United States
The United States has developed cyber policy through ‘international strategy in cyberspace’ in 2011, and affirmed that the use of military force as a last resort in accordance with international law when necessary in response to hostile acts in cyberspace. In particular, the U.S. has embodied the response to malicious cyber threats and released national security strategy, President executive order, and the Department of Defense cyber strategy in 2015. The executive order of U.S. President Barack Obama announced on April 1, 2015 urged to respond actively about the source disclosed the cyber threat to the United States, regardless of the state or private sector. In addition, the Department of Defense amended ’DoD strategy in cyberspace’ in 2011 and released a new ‘DoD Cyber Strategy’ on April 23, 2015.
US policy to respond to cybercrime on the internet and computer systems is governed through the Computer Fraud Abuse Act to supplement the deficiency of the federal criminal law. In addition, by having the investigation authority to the Department of Homeland Security agencies, as well as cybercrime police, response is to be done by mutual cooperation of the relevant authorities.
II. Japan
Japan enacted the Basic Law of the cyber security in 2014, presented a basic principle within the law, and provided legal basis for promoting a national cybersecurity initiatives. The law provides the responsibilities of each entity, such as local governments, critical infrastructure operators, cyber-related businesses, educational institutions, public, and specifies basic policy applicable to industrial development, research and development, human resource development, international cooperation, including all relevant sectors. In addition, by establishment of the Strategy Headquarters to oversee cybersecurity policy to the Cabinet, it is expected to strengthen international cooperation, crossborder confidence-building and information sharing, developing countries support, including technical cooperation and criminal enforcement.
Japan also released new “Cybersecurity Strategy” in September 2015 to promote international cooperation to secure in cyberspace, free flow of information, establishment of international norms, confidence building, including response to the cybercrime and cyber terror.
III. China
For the purpose of strengthening the governance of cyber security, China has changed the competent authorities to the joint governance system with the State Council and the Central Committee of the Communist Party of China. China expressly provided China’s Internet sovereignty and jurisdiction over the region through national security law in force since July 2015, The draft of Cybersecurity Act also provides the definition of cybersecurity and principle of cyber sovereignty. On the other hand, in the Criminal Code responds to cybercrime and defines the acts violating the human trafficking, such as legitimate property rights of individuals, corporations and other organizations, response to the criminal acts that infringe upon the cybersecurity operation using a cyber, acts that infringe upon national security and social stability using a cyber, acts that destroy socialist market economic and social management order.
The draft Cybersecurity Act currently under review is to strengthen the control over the whole network, defense and cyber attacks, and aims to capacity building of the government to protect Chinese users’ information. This Act will apply from domestic politics and national security to foreign operators, and reflect recent trend of Chinese government policy.
IV. Russia
Russian cyber related policies focuses to ensure cybersecurity by governing and controlling the flow of information with a physical protection of the information infrastructure. The main differences of Russia policy with the West that focuses on the free flow of information is pursuit of cybersecurity through the intervention of public authorities to cyberspace. With regard to cybercrime, Russia is known to be a very high level in comprehensive evidence gathering capabilities in cyber space, and has been leading country in the software and technology for cyber crime.
The most prominent feature is that it has the authority to shut down Internet resources according to their own discretion, without the permission of the court authorities. In addition, until the recent cases Russian cyber criminals were not de fact punishment if they did not committed by targeting the Russian nationals. Russia is a situation that gradually increases penalties for enforcement, such as a shared resource on the Internet that infringes the intellectual property rights since recently increased pressure on the prosecution in national and international cybercrime.
V. South Korea
In South Korea, cyberwarfare is governed by the Ministry of Defence, cyber terrorism is by National Intelligence Service, and the cyber attacks in the private sector is governed by the Ministry of Science, ICT, and Future Planning.
In addition,as presidential secretary for cyber security was established, it made the organization more practical to build a cyber security control tower. Regarding cybercrime, Cyber Bureau of Korea National Police Agency is the main competent authority since 2014.
On the other hand Korea has not yet established legal mechanism in response to cybersecurity and cybercrime except for the guidelines under the competent authority. In this regards, it is urgent to enact a cybersecurity basic law which defines basic principles and concepts. Also it is necessary to establish a mechanism for educating capable cybersecurity experts in this field.
Chapter 3. Issues and Developments of 2014 Northeast Asia Peace Cooperation Forum and Regional Cooperation in Cybercrime
I. Discussions in 2014 Northeast Asia Peace Cooperation Forum
The need to gradually build trust among countries by establishing a common definition and international norms for “cyber space” and “sharing of information” has been emphasized. In this regard, the ROK Government will first exert efforts to expand cooperation with the newly launched ROK-China-Japan Cyber Policy Consultation held in October 2014 as a basis, and to make use of the opportunities presented by such occasions.
A considerable number of international seminars have been held bringing together representatives from the governmental and nongovernmental sector, such as the ROK-NATO NAPCI(Northeast Asia Peace Cooperation Initiative) Seminar on July 9, 2014; the Joint ROK-EU Seminar held on September 18-19; and the Northeast Asia Peace and Cooperation Forum held on October 28-30. These have served to further foster consensus on NAPCI among experts and to gather opinions on feasible areas of cooperation and the future direction for NAPCI. In 2015 also through the holding of joint seminars with NATO, the EU, the OSCE, and ASEAN, the ROK Government will seek to deepen cooperation with these organizations and to garner wisdom with regard to the full pursuit of projects for cooperation on various issues in the context of NAPCI.
The first High-level Intergovernmental Meeting was held on October 28, 2014 with the US, China, Japan, Russia, and Mongolia attending as official participants and the UN, the EU, and NATO attending as dialogue partners.
Welcoming the efforts by the ROK Government to overcome the Asian Paradox through functional cooperation, the participants shared the view that such efforts should also address the following matters: how to complement existing mechanisms for cooperation (such as the ARF and the EAS); how to encourage the participation of North Korea; how to improve ROK-China-Japan relations; how to identify issues of common interest; and how to bridge such efforts with cooperation in hard security areas.
II. Northeast Asia Peace Cooperation Initiative and The Need of Regional Cooperative Mechanism for Cybersecurity
There is a need to make concerted efforts to effectively respond to transnational cyber threats. Transnational threats, which respect no national or regional boundaries, are ones that cannot be tackled by the efforts of a single country alone. It is desirable to seek to effectively deal with such issues through cooperative efforts. There is a need to address such issues as transboundary an increase in malicious cyber activities and cybercrime, through information sharing and the effective use of human and material technological resources. To deal with unforeseen crises resulting from natural or human disasters, it is important to prepare in advance by building a mechanism for multinational and pan-governmental cooperation so that the countries in the region can ly respond to and minimize the impact of crisis situations.
Chapter 4. Policy Suggestions for Peace and Cooperation in Northeast Asia
The issues arising in cyberspace including illegal and malicious cyber activities require the collaboration of international dimension not only among states but non-state actors. In this process, it is necessary to note that international norms and principles suggested by several international organizations to govern cyberspace including the adoption of the report of the fourth UN Group of Government Experts in the field of Information Security, revision of Tallinn Manual on international law applicable to the cyber warfare, Code of Conduct of Shanghai Cooperation Organization, and Information Security Convention adopted in BRICs.
The agenda for the future discussion are as following. First, which part of the international law is applicable to cyberspace in what form. Second, it is necessary to have agreed response mechanism against the cyber threats in Northeast Asia. Third. governing rules and control system regarding to cyber weapons. Fourth, international cooperation and discussion about the legal mechanism of digital trade issues. Fifth, establishment of regional cooperative mechanism and competent authorities in the governance view point. Sixth, common understanding and discussion about accession to the Cyber Crime Convention under the discussion of mutual assistance and cooperation.
Cyberspace is under threat of malicious cyber activities, such as cyberterrorism and cyber crime. Malicious cyber activities are becoming diverse in size and type and the impact is very significant. Since the cyberspace issues are transboundary in nature, it is important to establish the national cooperation response system to respond to cyber-security and cyber-crime issues. Currently, South Korea is promoting trust process through the national dialogue and cooperation among the Northeast Asia region including United States. In the Northeast Asia, however, a regional cross-border political and security cooperation has continued short of interdependence as compared to economic, social and cultural interdependence trends, so called “Asian Paradox” phenomenon, and a multilateral partnership mechanism is not formed to deal with disputes between states.
In 2014, South Korea held “2014 Northeast Asia Peace and Cooperation Forum” and experts from United States, China, Russia, Japan, Mongolia, and Korea participated to discuss the current issues of the energy security, nuclear safety, and the cyberspace and worked to improve mutual understanding. However, in the field of cyberspace, South Korea does not have a systematic view about the national cybersecurity and cybercrime. Therefore it is necessary to explore policy analysis and responses to cybersecurity and cybercrime for cooperation in Northeast Asia. This study will review of the recent policy stance on cybersecurity and cybercrime in the United States, China, Russia, Japan, and South Korea, and draw cooperative response measure through the implications of those policies which South Korea may suggest in the Northeast Asia region.
Chapter 2. Comparative Study on Cybersecurity and Cybercrime Policy in Northeast Asia Countries
I. The United States
The United States has developed cyber policy through ‘international strategy in cyberspace’ in 2011, and affirmed that the use of military force as a last resort in accordance with international law when necessary in response to hostile acts in cyberspace. In particular, the U.S. has embodied the response to malicious cyber threats and released national security strategy, President executive order, and the Department of Defense cyber strategy in 2015. The executive order of U.S. President Barack Obama announced on April 1, 2015 urged to respond actively about the source disclosed the cyber threat to the United States, regardless of the state or private sector. In addition, the Department of Defense amended ’DoD strategy in cyberspace’ in 2011 and released a new ‘DoD Cyber Strategy’ on April 23, 2015.
US policy to respond to cybercrime on the internet and computer systems is governed through the Computer Fraud Abuse Act to supplement the deficiency of the federal criminal law. In addition, by having the investigation authority to the Department of Homeland Security agencies, as well as cybercrime police, response is to be done by mutual cooperation of the relevant authorities.
II. Japan
Japan enacted the Basic Law of the cyber security in 2014, presented a basic principle within the law, and provided legal basis for promoting a national cybersecurity initiatives. The law provides the responsibilities of each entity, such as local governments, critical infrastructure operators, cyber-related businesses, educational institutions, public, and specifies basic policy applicable to industrial development, research and development, human resource development, international cooperation, including all relevant sectors. In addition, by establishment of the Strategy Headquarters to oversee cybersecurity policy to the Cabinet, it is expected to strengthen international cooperation, crossborder confidence-building and information sharing, developing countries support, including technical cooperation and criminal enforcement.
Japan also released new “Cybersecurity Strategy” in September 2015 to promote international cooperation to secure in cyberspace, free flow of information, establishment of international norms, confidence building, including response to the cybercrime and cyber terror.
III. China
For the purpose of strengthening the governance of cyber security, China has changed the competent authorities to the joint governance system with the State Council and the Central Committee of the Communist Party of China. China expressly provided China’s Internet sovereignty and jurisdiction over the region through national security law in force since July 2015, The draft of Cybersecurity Act also provides the definition of cybersecurity and principle of cyber sovereignty. On the other hand, in the Criminal Code responds to cybercrime and defines the acts violating the human trafficking, such as legitimate property rights of individuals, corporations and other organizations, response to the criminal acts that infringe upon the cybersecurity operation using a cyber, acts that infringe upon national security and social stability using a cyber, acts that destroy socialist market economic and social management order.
The draft Cybersecurity Act currently under review is to strengthen the control over the whole network, defense and cyber attacks, and aims to capacity building of the government to protect Chinese users’ information. This Act will apply from domestic politics and national security to foreign operators, and reflect recent trend of Chinese government policy.
IV. Russia
Russian cyber related policies focuses to ensure cybersecurity by governing and controlling the flow of information with a physical protection of the information infrastructure. The main differences of Russia policy with the West that focuses on the free flow of information is pursuit of cybersecurity through the intervention of public authorities to cyberspace. With regard to cybercrime, Russia is known to be a very high level in comprehensive evidence gathering capabilities in cyber space, and has been leading country in the software and technology for cyber crime.
The most prominent feature is that it has the authority to shut down Internet resources according to their own discretion, without the permission of the court authorities. In addition, until the recent cases Russian cyber criminals were not de fact punishment if they did not committed by targeting the Russian nationals. Russia is a situation that gradually increases penalties for enforcement, such as a shared resource on the Internet that infringes the intellectual property rights since recently increased pressure on the prosecution in national and international cybercrime.
V. South Korea
In South Korea, cyberwarfare is governed by the Ministry of Defence, cyber terrorism is by National Intelligence Service, and the cyber attacks in the private sector is governed by the Ministry of Science, ICT, and Future Planning.
In addition,as presidential secretary for cyber security was established, it made the organization more practical to build a cyber security control tower. Regarding cybercrime, Cyber Bureau of Korea National Police Agency is the main competent authority since 2014.
On the other hand Korea has not yet established legal mechanism in response to cybersecurity and cybercrime except for the guidelines under the competent authority. In this regards, it is urgent to enact a cybersecurity basic law which defines basic principles and concepts. Also it is necessary to establish a mechanism for educating capable cybersecurity experts in this field.
Chapter 3. Issues and Developments of 2014 Northeast Asia Peace Cooperation Forum and Regional Cooperation in Cybercrime
I. Discussions in 2014 Northeast Asia Peace Cooperation Forum
The need to gradually build trust among countries by establishing a common definition and international norms for “cyber space” and “sharing of information” has been emphasized. In this regard, the ROK Government will first exert efforts to expand cooperation with the newly launched ROK-China-Japan Cyber Policy Consultation held in October 2014 as a basis, and to make use of the opportunities presented by such occasions.
A considerable number of international seminars have been held bringing together representatives from the governmental and nongovernmental sector, such as the ROK-NATO NAPCI(Northeast Asia Peace Cooperation Initiative) Seminar on July 9, 2014; the Joint ROK-EU Seminar held on September 18-19; and the Northeast Asia Peace and Cooperation Forum held on October 28-30. These have served to further foster consensus on NAPCI among experts and to gather opinions on feasible areas of cooperation and the future direction for NAPCI. In 2015 also through the holding of joint seminars with NATO, the EU, the OSCE, and ASEAN, the ROK Government will seek to deepen cooperation with these organizations and to garner wisdom with regard to the full pursuit of projects for cooperation on various issues in the context of NAPCI.
The first High-level Intergovernmental Meeting was held on October 28, 2014 with the US, China, Japan, Russia, and Mongolia attending as official participants and the UN, the EU, and NATO attending as dialogue partners.
Welcoming the efforts by the ROK Government to overcome the Asian Paradox through functional cooperation, the participants shared the view that such efforts should also address the following matters: how to complement existing mechanisms for cooperation (such as the ARF and the EAS); how to encourage the participation of North Korea; how to improve ROK-China-Japan relations; how to identify issues of common interest; and how to bridge such efforts with cooperation in hard security areas.
II. Northeast Asia Peace Cooperation Initiative and The Need of Regional Cooperative Mechanism for Cybersecurity
There is a need to make concerted efforts to effectively respond to transnational cyber threats. Transnational threats, which respect no national or regional boundaries, are ones that cannot be tackled by the efforts of a single country alone. It is desirable to seek to effectively deal with such issues through cooperative efforts. There is a need to address such issues as transboundary an increase in malicious cyber activities and cybercrime, through information sharing and the effective use of human and material technological resources. To deal with unforeseen crises resulting from natural or human disasters, it is important to prepare in advance by building a mechanism for multinational and pan-governmental cooperation so that the countries in the region can ly respond to and minimize the impact of crisis situations.
Chapter 4. Policy Suggestions for Peace and Cooperation in Northeast Asia
The issues arising in cyberspace including illegal and malicious cyber activities require the collaboration of international dimension not only among states but non-state actors. In this process, it is necessary to note that international norms and principles suggested by several international organizations to govern cyberspace including the adoption of the report of the fourth UN Group of Government Experts in the field of Information Security, revision of Tallinn Manual on international law applicable to the cyber warfare, Code of Conduct of Shanghai Cooperation Organization, and Information Security Convention adopted in BRICs.
The agenda for the future discussion are as following. First, which part of the international law is applicable to cyberspace in what form. Second, it is necessary to have agreed response mechanism against the cyber threats in Northeast Asia. Third. governing rules and control system regarding to cyber weapons. Fourth, international cooperation and discussion about the legal mechanism of digital trade issues. Fifth, establishment of regional cooperative mechanism and competent authorities in the governance view point. Sixth, common understanding and discussion about accession to the Cyber Crime Convention under the discussion of mutual assistance and cooperation.
File
-
유엔국제협력연구2015-세부과제3-동북아 사이버범죄 및 보안 지역협력방안_최종출.pdf
(3.68MB / Download:170)
Download