- #Global Issues
- #South Korea
- #Technology & Cybersecurity
► To bolster cyber security in one’s nation, cooperation among countries is essential to a greater extent, due to the transnational characteristic of cyberspace.
► Governments now prefer to facilitate ‘development cooperation’ as a new method for pursuing cyber capacity building at the global level. Linking cyber security and development cooperation may seem unfamiliar because these two sub-sectors have different objectives and traditions, one coming from defense policies and the other from development policies. As the number of supply chain attacks has increased, coming from third countries with weak ICT infrastructure and security capabilities, some ‘upstream’ countries have started implementing ODA projects aimed at the promotion of cyber capabilities building (CCB) in developing countries.
► South Korea should take further actions to promote CCB as it is a beneficial tool to reduce cyber risks and foster cyber partnerships with like-minded countries in the global South.
A New Demand for International Cooperation to Counter Cyber Threats
The global community is now facing a growing number of cyber threats. To counter the threats, each government tends to respond to cyber risks in its own way. Unlike typical cyber-attacks that normally require bilateral measures and responses, ‘cyber-attacks through a third country’ are something far less manageable and preventable for individual countries. With such roundabout attacks increasing, the risks and resulting damages are more likely to spread from countries with inadequate cyber infrastructure to others that share networks. To bolster cyber security in one’s nation, cooperation among countries is essential to a greater extent, due to the transnational characteristic of cyberspace.
The management of cyber risks through international cooperation is an emerging norm. An EU report (2021),[1] titled “Cyber Capacity Building: Global Trends and Scenarios,” highlights that cyber power countries and international organizations are fast recognizing the importance and necessity of collective-global responses. Governments now prefer to facilitate ‘development cooperation’ as a new method for pursuing cyber capacity building at the global level, as stated in the document. Development cooperation refers to a government’s overseas activities for economic and social welfare in developing countries. These activities are funded by ODA (official development assistance), which are public funds. Forging a connection between cyber security and development cooperation is a relatively new concept, and the methods used to do so vary from country to country.
When Cyber Security Meets Development Cooperation
Linking cyber security and development cooperation may seem unfamiliar because these two sub-sectors have different objectives and traditions, one coming from defense policies and the other from development policies. As the number of supply chain attacks has increased, coming from third countries with weak ICT infrastructure and security capabilities, some ‘upstream’ countries have started implementing ODA projects aimed at the promotion of cyber capabilities building (CCB) in developing countries. Even for development policy practitioners in donor governments, CCB is a new agenda that stands apart from other related concepts and ensuing interventions that have been implemented under the label of ‘digital or ICT development.’ Upon its substantial emergence in the 2010s, CCB has incorporated a range of activities (from human resource development, institutional reform, and to organizational adaptation) essential for building a ‘safe, secure, and open’ cyberspace.
The recent increase in the number and scale of these CCB projects may indicate a deliberate strategic choice made by cyber powers today. For the cyber security sector, CCB represents a broadening of their interests and activities that usually concentrated on home-based concerns and responses. CCB-focused ODA projects would be more accessible for partner countries. This is because CCB implementors may be able to take advantage of the trust, networks, and infrastructure that have already been developed by development cooperation actors in nearly all governments in the developing world. Since the impact of CCB projects goes beyond improving cyber security environments and capacities in partner countries, they could address shared interests between donors and recipients.
Nevertheless, the internal process of how the CCB initiative plays out in a donor-cyber power country could present a significant challenge. More specifically, there are complex and political processes involved in determining the CCB agenda is integrated, prioritized, and implemented within a government’s defense and foreign policy frameworks. It also matters which part of the government is responsible for defining, leading, and managing the initiative. This means that pursuing CCB is not an easy task for its providers, primarily because of its nascency as well as hybridized nature. In that sense, South Korea is a latecomer in this emerging field, despite its national cyber competence and the advanced donorship. For the South Korean government, a major challenge lies with CCB is to establish a good connection between cyber security and development cooperation across various levels of policymaking and implementation.
Case of the U.K.
Among others, the United Kingdom (U.K.) is the case where the link between cyber security and development cooperation appears relatively well defined. Having a strong cyber presence but facing great cyber risks, the nation has come to understand the importance of international cooperation in enhancing cyber security.
The U.K.’s National Cyber Strategy was first published in 2011 and has been updated in 2016 and 2022. Since the introduction of the cyber strategy, cyber security has functioned as a key component of national security strategy. The 2022 National Cyber Strategy has the goal of enhancing national cyber power and advancing national interests by managing cyber-attacks and cybercrimes. Among the top five priorities of the strategy, ‘Pillar 4 (expansion of the U.K.’s global cyber leadership and influence)’ sets out the basis for CCB activities. This includes enhancing the security resilience of over 100 partner countries and creating a safe and secure cyber security environment overseas.
During the initial period of the British CCB operations, its focus was mainly on domestic issues, particularly addressing cybercrimes in the financial sector. However, in recent times, there has been an increased emphasis on the role of CCB in the diplomacy and development sectors. ODA-ized CCB projects have increased by approximately five times since 2017 (as of 2021), and the U.K. is responsible for approximately 30% of all CCB projects worldwide, amounting to EUR 15 million in 2020.[2]
Apart from CCB well-outlined in high-level national security strategy documents, the nation’s strong linkage can be explained by its recent structural change as well: the 2020 integration between the Foreign Ministry (FCO) and the Department for International Development (DFID). After DFID’s merge into FCDO, CCB has been applied to all projects under Digital Access Program (DAP), a sub-policy field of British development cooperation. The greater participation of the private sector in CCB also brings about a difference. Microsoft, Citi Group, and Templar Executives have increasingly participated in CCB projects, as part of promoting public-private partnership.[3]
One representative CCB scheme is the Digital Access Programme (DAP) (2018-2023), introduced jointly by the FCDO and the Department of Digital, Culture, Media & Sports (DCMS). DAP is different from Cyber & Tech ODA because its main objective is to raise awareness about the importance of digital transformation and cyber security in developing countries, specifically targeting government officials. Also, the government has developed a set of evaluation criteria that can be specifically applied to CCB projects. The Oxford University's Capability Maturity Model (CMM) was applied to evaluate DAP projects regarding cyber capacities. The results were employed to devise cyber security strategy for partner countries and to determine their individual priorities for cyber cooperation.
Lessons for South Korea
South Korea is among the world's top IT powerhouses, with a robust cyber security system.[4] At the same time, the country is an influential aid donor whose total aid volume per annum is USD 2.9 billion (about KRW 4 trillion) in 2021. South Korea’s ODA contributions to the ICT sector, which make up 9% of total ODA (as of 2021), have made it the biggest contributor for digital development in the developing world. In light of the rising cyber-attacks allegedly from China, Russia and North Korea, CCB could be a beneficial tool to reduce cyber risks and foster cyber partnerships with like-minded countries in the global South. The need for international cooperation is emphasized in the ‘National Cyber Security Strategy’ document (2019). But it does not yet mention for specific policy linkages or the inclusion of CCB. Moreover, the fragmented policymaking structure leads to difficulties assigning weight to multi-sector policy decisions like CCB.
First, it is necessary to lay a legal-institutional foundation for promoting CCB at the strategic and policy levels. Second, in order to ensure a successful integration and strategization of CCB into the national security papers, a suitable governance must be established to foster the connections and collaborations across the sub-sectors of diplomacy, defense, and development, specifically including that between cyber security and development cooperation. Third, selecting a group of countries that are strategically important for South Korea’s cyber security cooperation could also be helpful. Fourth, in addition to bilateral CCB cooperation, South Korea will be able to take the lead in promoting the CCB agenda on a regional level through various schemes of triangular cooperation or multilateral cooperation. Fifth, South Korea should develop a specific evaluation methodology to determine the need for projects and prioritize resource allocation.
*This draft (short essay) is prepared as a contribution to Korea on Point published by the Korean Association of International Studies.
[1] EU-ISS, 2021, “International Cyber Capacity Building: Global Trends and Scenarios.” The European Union Institute for Security Studies. https://www.iss.europa.eu/content/international-cyber-capacity-building-global-trends-and-scenarios (Accessed 27 Nov. 2023)
[2]EU-ISS (2021). p.16.
[3] Willers, J.O., 2021. “Seeding the cloud: Consultancy services in the nascent field of cyber capacity building.” Public Administration.
[4] The country ranks fourth in the International Telecommunications Union (ITU) Global Cyber Index.
Dr. YI Jisun currently works as Research Fellow at Department for Korean Unification and Future, Institute for National Security Strategy (INSS). She earned a PhD degree in Development Studies from the Dept. of International Development, King’s College London in 2018. She studied law (B.A.) and international studies (M.A.) at Ewha Women’s University. Previously, she served as a consultant (2016~2017) at the Fragility, Conflict & Violence (FCV) Team, the World Bank Group. Dr. Yi participated in research projects as Guest Researcher at the Empirical Studies of Conflict Project, Princeton University. She recently publishes academic journals: “National Donors’ Legalization for International Development Cooperation: The Emerging Case of South Korea (Sep. 2021, Korea Observer)” and “Famine and Regime Response in Post-Cold War Communist States: Political Commitment, Food Distribution, and International Aid in Cuba and North Korea (Apr. 2022, Asian Perspective)” Her research interests are rested on global food security, food crisis and regime stability in North Korea and other authoritarian regimes, famine theory, communist aid, humanitarian assistance to North Korea, peace-development nexus, sustainable development, etc.
