Issues & Insights Vol. 20, WP 3 – The role of regional organizations in building cyber resilience: ASEAN and the EU

160406_issues_insights_logo.jpg
here

ABSTRACT

This paper explores the role of regional organizations in crafting solutions that are able to address both the scale and cross-border nature of cyber threats, as well as the challenges inherent to an anarchical international system. It focuses on the Association of Southeast Asian Nations (ASEAN) and the European Union (EU) and the cybersecurity frameworks they have developed in the last few years. The EU has significantly improved regional cyber resilience and cooperation by setting out ambitious goals, enhancing information sharing and harmonizing practices across its member states. In contrast, ASEAN has a lack of a strong unifying governance or legal framework, which limits the collective capability of the region to capitalize on shared knowledge to prevent and mitigate cyber threats. The paper aims to elaborate on relevant measures that could be implemented in ASEAN based on a comparative analysis with the EU. Despite the stark differences between the two organizations, there is common ground in some areas for the development of policy recommendations aimed at enhancing ASEAN’s cyber resilience, eliminating the need to reinvent the wheel in key policy areas. To this end, this paper analyzes the two organizations’ cybersecurity frameworks in line with the four pillars of cyber capacity building identified by the European Institute for Security Studies (EUISS) and adjusted to a regional context: overarching regional strategy, institutional framework for cyber threat prevention and response, harmonization of cybercrime and data privacy legislation, and cyber awareness and hygiene.

PacNet #13 – Keep an eye on North Korean cyber-crime as the Covid-19 spreads

Pacnet image.jpg
here

The Covid-19 outbreak continues to cause tumult in the global economy, with countries like South Korea and Italy reporting a rapid increase in diagnoses and many companies requesting that employees work from home to keep the virus from spreading.

In North Korea’s case, it has had its Chinese borders closed for over a month, long before the rest of the world began to react to the virus. Even if it were, as its state media claims, coronavirus-free, how long could their economy sustain total global isolation? By sealing their border with their largest economic partner, North Korea has effectively placed itself at the mercy of UN sanctions.

Kim Jong-un knows that his country cannot last like this for very long, and with so much of his power stemming from the support of Pyongyang’s elite, we must prepare ourselves for their reaction. Learning from the DPRK’s past behavior, national security leaders should be less concerned about military action and focus their attention on shoring up their cyber defenses.

Jonathan Corrado, policy director for the Korea Society, noted in a recent article the extreme lengths North Korea has gone to prevent the spread of coronavirus in the country. These border closures, although necessary to reduce the chance of viral contagion, will have a lasting impact on their already minuscule economy.

Even prior to the closures, UN Security Council sanctions already heavily impacted North Korean exports. Yet, despite the cuts to the DPRK’s exports, World Bank data indicates that North Korea’s GDP has been slowly rising since 2015. This financial discrepancy can be explained primarily through North Korea’s burgeoning international crime economy.

According to the 2017 Global Initiative against Transnational Organized Crime’s 30-page report entitled Diplomats and Deceit: North Korea’s Criminal Activities in Africa, North Korean diplomats travel “regularly to Pyongyang and Beijing in China with diplomatic bags filled with contraband.” These members of diplomatic missions to countries on the African content would smuggle illegal items such as diamonds, gold, and ivory back to the DPRK and China, where they sell for exorbitant prices.

In 2016, Angolan leaders had been meeting with North Korean liaisons to collaborate on national security projects. This collaboration did not come as a surprise—Angola has long been militarily linked to North Korea. A 2015 Washington Times article identified a number of UN sanctions that Angola had violated by engaging in business with the DPRK. Angola was found to be purchasing military training, weapons, and over 4.5 tons of ship engines and parts, to service the naval boats they had purchased from Pyongyang in 2011. North Korean arms are also believed to be regularly supplied to Ethiopia, where they have been providing and manufacturing weapons since the mid-80s.

North Korea has not limited its illegal activities to Africa. DPRK embassies have long been (correctly) accused of facilitating the international trade of crystal meth, taking advantage of the high premiums their products can garner and abusing diplomatic channels to smuggle the drug into foreign countries.

However, thanks to Covid-19, protecting the elites of Pyongyang has become such a priority that the state has sent all Chinese diplomats back to China, while simultaneously suspending all flights, trains, and travel with the outside world. The shutdown means North Korea will no longer be able to rely on its diplomats returning from trips abroad to produce the much-needed cash for the economy.

To ensure that their country can continue to function while they weather the global crisis, North Korea may very likely double down on cybercrime. While smuggling and other forms of illicit trading require the physical moving of goods and/or services, cybercrime can be committed from anywhere, even a sealed North Korea.

North Korea has already proven itself adept at infiltrating computer systems around the world. Bureau 121, an elite cyber warfare agency in North Korea, has been named the leading suspect for many famous cyber-attacks, including the Sony hack in 2014, the SWIFT banking hack in 2015, and the Bangladesh Bank Robbery in 2016. All together, these operations are estimated to have cost over $100 million in stolen funds, and billions of dollars in cybersecurity damages.

The most alarming of North Korea’s alleged cyberattacks is the 2017 WannaCry ransomware attack. This ransomware—which locked 200,000 devices in a single day and demanded ransom payments in bitcoin—caused severe disruptions among businesses around the globe. But WannaCry did not just target private corporations. The attack also infected the National Health Service (NHS) in England and Scotland, causing NHS services to divert ambulances and turn away patients.

Fortunately, May 2017 was not a time of global health panic. However, as the Covid-19 continues to spread, the DPRK’s vice minister of public health declared that the Chinese border will remain shut indefinitely until a cure is completely ready. We must prepare ourselves for attempts to disrupt healthcare systems. An economically strangled North Korea has much to gain from global disruptions, and we must brace ourselves and develop our cyber defenses accordingly.

Todd Wiesel (tjw2144@columbia.edu) is a student at Columbia University completing his bachelor’s in Political Science and East Asian Studies. He is also an MBA candidate at London Metropolitan University, where his research focuses on the impact and effects of corporate social responsibility on capital markets. He previously earned a master’s degree in Innovation, Leadership and Business Management from Oxademy Business School, and is a former Kim Koo Fellow at the Korea Society, focusing his research on the inter-Korean negotiation process. Before enrolling in Columbia, he worked as the managing director of The Negotiation Institute. Prior to his tenure at TNI he served as an urban warfare and counter-terror specialist in the Israel Defense Forces.

PacNet commentaries and responses represent the views of the respective authors. Alternative viewpoints are always welcomed and encouraged. Click here to request a PacNet subscription.

YL Blog #26 – Extended Deterrence in the Age of Trump: Hardware, Software, and Malware

YLBlog_image1.jpg
here

2019 US-ROK-Japan Trilateral Strategic Dialogue offered an excellent forum to gauge the current strategic thinking and debates in Washington, Tokyo, and Seoul. The event comprised experts’ remarks apropos the extended deterrence in the Asia-Pacific and trilateral cooperation, as well as a two-move tabletop exercise (TTX) that brought alliance management issues to light.

The “hardware” component of extended deterrence was discussed at length, particularly the post-INF developments and implications for the region. The majority of participants agreed that INF withdrawal, albeit problematic in its execution and style, will positively contribute to countering Russian and Chinese previously unchecked advances. Putting aside the basing question, participants agreed that new missiles would strengthen the deterrence posture.

The second element, the “software,” which relies on assurance and credibility, needed more discussions and deliberations. Assuring allies that the United States will honor its treaty obligations in case of an attack is infinitely more challenging than developing a certain type of military equipment. This is what strategists and policymakers grappled with throughout the Cold War. They succeeded by supporting allies economically and politically, and by signaling unified positions despite serious disagreements that were dealt with behind closed doors. In regards to adversaries, the United States consistently communicated that an attack on an ally will automatically precipitate a devastating American response. This, indeed, is the underlying logic of deterrence: an aggressor-state is dissuaded from launching an attack on an ally, knowing that the United States will retaliate on its behalf which would negate any potential gain from launching an attack in the first place.

Since it is a part of the red theory of victory, it comes as no surprise that China, Russia, and North Korea are working hard to break the U.S. alliance structure. What is frustrating to watch is our commander-in-chief making comments that undermine allies’ confidence and play right into our opponents’ hands. For lack of a better analogy, I treat these comments as “malware.” One tweet might not unravel the alliance structure per se, but allow enough of them to roam in your system, and soon enough one will have to scrap the old and install a new infrastructure altogether.

In the recent past, few instances stand out. First, President Trump continues to downplay the importance of North Korea’s short-range missile launches, even though these missiles threaten Japan’s and ROK’s survival and security. Second, bickering over trade deals and troops cost-sharing underscores Trump’s transactional approach to foreign policy and skepticism of alliances writ large. Third, adopting North Korean lexicon and calling defensive military exercises “war games” is not just a diplomatic gaffe, but an insult to men and women in uniform. Put together, these blunders create a dangerous situation and invite aggressors to test our will to defend allies, particularly on the sub-conventional level.

As we are upgrading hardware, Trump unwittingly inserts malware into the trilateral relationship. Particularly unhelpful has been “public-shaming” of South Korea and its contributions for military cost-sharing. Koreans are already overly sensitive when it comes to the U.S. troops and the move to Camp Humphreys. Fueling the anti-American sentiments in the South facilitates North Korean long-held strategic thinking that once the U.S. troops out of the peninsula, South Korea will be ripe for reunification on the DPRK’s terms. Undoubtedly, Kim Jung Un is enjoying the new reality show.

TTX was designed to discern how the U.S., ROK, and Japan would react and respond to Beijing’s and Pyongyang’s coordinated assault on the rules-based international order. Japan and South Korea correctly calculated that the adversaries were seeking to alter the status quo, and that the situation merited a strong response. To demonstrate firm resolve and commitment to the alliance structure, all allied states, in fact, expressed willingness to “escalate to de-escalate.” Moreover, a component of the final move was North Korea’s wielding its nuclear card: a nuclear explosion in the Pacific Ocean as well as a missile launch over Japan. Allies unequivocally conveyed that they will watch the reaction and comments from the White House closely, and that their subsequent steps will be guided by what they observe.

Relatedly, neither Japanese nor South Korean delegates raised issues with Trump’s style of diplomacy, and only a handful of American experts acknowledged Trump’s malign effects on the U.S. standing in the world. One participant alluded that we need to brace ourselves for the partial or complete U.S. troop withdrawal from Korea, given Trump’s intransigence with cost-sharing and his record. The fact that the U.S. credibility was not openly questioned is perhaps a good sign. However, Trump’s foreign policy track record was the elephant in the room. (Remember Paris Accords? JCPOA?).

The extended deterrence framework has played an essential role in ensuring peace in Northeast Asia, but currently it is undergoing major shifts. Allies have a decent understanding of an appropriate response to revisionist states’ attempts to overthrow the status quo. However, Japanese and Korean participants (American as well, for that matter) remain unsure how to deal with self-inflicted wounds. Explicit signaling needs to be a priority; there should be no doubt in Beijing, Moscow, or Pyongyang that regardless of the domain and intensity, the United States and allies will respond and inflict unacceptable damage on the adversary’s forces. More hardware in the region will certainly alleviate some allies’ anxieties. However, returning to basics-updating the software and protecting it from malware-will deliver more bang for the buck.

Disclaimer: All opinions in this article are solely those of the author and do not represent any organization.

 

YL Blog #25: The Advancement of China’s Tech Industry and Their Attitude of Self-Reliance

YLBlog_image1.jpg
here

For the past 33 years, the Asia Pacific Roundtable (APR) has been a primary convention for policy makers and opinion drivers to engage in meaningful discussions on strategic issues and challenges for the Asia Pacific region. As a first-time attendee, what was most enriching was to learn more from other countries on their perspectives on China in the region and from Chinese scholars on issues like Hong Kong, the trade dispute, and Huawei, China’s top telecommunications equipment company.

China was a hot topic and one of the liveliest discussions from APR, came during the plenary session on The People Republic of China @ 70: Establishment, Evolution & Expectations. Professor Bates Gill, from the Macquarie University in Australia, set the context in which we view China, from the first phase of nation building 70 years ago, to Tiananmen Square, and now, with the constant leadership of Xi Jinping, China is a country that has defied traditional understanding. Moving forward, Professor Gill warned of the increasing tensions that exist within China, its system that the party views to be a real success and a doubling down of party state authority. We can already see this occurring through the Chinese Government’s forced detainment of the Uighur population in Xinjiang and the attention from leaders in the Politburo Standing Committee on the events in Hong Kong and their protests for freedoms they view as being eroded by the central Chinese government. As tensions, both domestically and internationally, build in China, their government seemingly struggles to learn and be accepted.

As Professor Aileen Baviera, President, Asia Pacific Pathways to Progress Foundation in the Philippines mentioned, China as great power is still undefined. As they try to define themselves on their own terms, it is unlikely that they will be successful or accepted because they are not understood. The lack of understanding, across cultures and between nations, was evident to myself, as an American listening to this discussion and throughout APR.

If there is one thing I gained from my APR experience, it is the increased understanding of the Chinese perspective, how the Chinese articulate their own narratives, and how to understand the dialogue in the greater context. Professor Gao Jian, from the Shanghai Academy of Global Governance and Area Studies, spoke extensively on the need that the international community understand China and talk about China in the “Chinese Way”. That the country’s unprecedented rise is viewed as a trail, similar to the Chinese proverb, “We must cross the river, but we still do not know how deep the river is.”

During the concurrent session on Technological Rivalry and National Security, I reflected on these new insights, as speakers discussed the threat of the global 5G value chain due to the US turning Huawei into a ban entity and the impact on consumers, suppliers and giant telecommunication operators. For the Asia Pacific region, Huawei is a reliable company in telecommunications and technology, with almost half the market in China for mobile devices, and is the 3rd largest vendor in the global smartphone market. The company’s expansive network of telecommunications in the region, along with the heavy reliance by countries on the services provided by Huawei, made me think about the precarious situation that they must find themselves in. I felt very fortunate to be a part of the APR Young Leader Delegation, as my peers provided lively discussions on China, technology, and how commentary from the speakers could be interpreted from an American’s perspective.

The theft of IP that has brought Huawei to where they are now, as the US contends, and the US’s position that they pose a threat to security, are more wide-reaching then I initially gave credit. The current Administration’s efforts to limit US company engagement with Huawei and restrict the sales of components have had cascading impacts on the market. When I visited China this past month, and had the opportunity to assess some of Huawei’s hardware, was impressed by their capabilities and advancements in comparison to competitors like Samsung and Apple. The conflicts and legal actions that Huawei faces, also leaves the US companies that once supplied them with components for their devices at a great disadvantage. Huawei is building their own self-reliance. A message that resonated with me after hearing from Professor Gao at APR. The Chinese philosophy is one where they have nothing and no one to rely on. When faced with adversity, the Chinese will look internally for solutions. As Huawei works on developing their own operating systems for their mobile devices, I think the US needs to seriously consider the ramifications and Google executives should be concerned about the loss of market share should such ambitions to fruition.

In a recent interview with Huawei CEO Ren Zhengfei., he spoke extensively about the expansion of 5G and I cannot help but agree with his sentiments that by shutting out Huawei, US will be left behind. It reminded me of my recent visit with another Chinese tech giant, Tencent, at their Shenzhen headquarters. At their facility, one cannot help but feel the true power and influence that these companies hold in the country. The expansive reach to nearly every Chinese citizen and the increasing capabilities that go beyond traditional messaging apps or gaming platforms. What is truly ironic to me is that such companies were able to get to where they are because they mimicked the actions of American tech companies like Apple, Microsoft, and Amazon. The Chinese admiration for Silicon Valley, technology advancement and innovations, seems to have left a bitter taste in everyone’s mouth. As an American, I left China concerned that our technology industry could one day be too slow to keep pace globally, and our society too sluggish in their adoption of new systems and already lacks the technological literacy to stay toe-to-toe with the Chinese. 

Disclaimer: All opinions in this article are solely those of the author and do not represent any organization.