For a week from June 25, the anniversary of the Korean War, South Korea suffered from a wave of devastating cyber attacks on nearly 70 state agencies and news outlets.
Websites and servers of the presidential office and other targets crashed in one of Korea’s largest ever cyber attacks. Seoul pinpointed North Korea as the likely mastermind, but Pyongyang flatly denied responsibility.
Verbal accusations and warnings were all that South Koreans could do, as there are no international binding norms for dealing with digital aggression.
The world has long been alerted to the anarchic state of the global response to cyber threats.
In 2010, Iran’s uranium enrichment facility at Natanz was found to have been attacked by the Stuxnet worm, widely believed to have been created by the U.S. and Israel to slow Tehran’s nuclear programs.
In August 2012, malware called Shamoon hit some 30,000 workstations belonging to Saudi Aramco, destroying data and crippling its computer network.
The cases epitomize cyber attacks ― it can be almost impossible to determine the source, and verification is extremely difficult even with evidence suggesting links to states, terrorists or their proxies.
Major countries, from the U.S. to China, are beefing up their cyber warfare capabilities, but no agreement has been reached on establishing an international framework to respond to hacking and malicious attacks and resolve conflicts in the virtual world.
South Korea ― one of the world’s most wired countries, and thus one of the most vulnerable to digital terrorism ― hopes to lay the groundwork for consensus on Internet governance at a large-scale conference this week that will gather representatives of the world’s major cyber powers, international organizations, businesses and civic groups.
Under the theme of “Global Prosperity through an Open and Secure Cyberspace,” the two-day Seoul Conference on Cyberspace 2013 beginning Thursday will deal with crucial issues related to the virtual world ― security, crime, the digital divide, economic growth, social and cultural benefits and capacity building.
The forum, the third of its kind, will build on the agenda from the first conference in London in 2011 and the second edition in Budapest in 2012.
International cyber security is expected to top the agenda, and a greater support for developing countries to build online infrastructure will also figure prominently during the event, according to organizers.
Though any binding international agreement remains unlikely due to wide gaps between major powers, the gathering will offer ample opportunities for about 90 countries to discuss the way forward and share best practice, said Choi Sung-joo, chief of its preparatory secretariat and ambassador for international security affairs.
“The conference is significant in that all the multi-stakeholders gather and look into the benefits of information technology and cyberspace, renew their perception together and pull out a minimum political common denominator,” he told The Korea Herald in a recent interview.
The meeting will bring together a record 1,500 high-level officials from governments, multinational bodies, businesses and civic groups.
Among the participants are foreign or science and technology ministers of the U.K., Hungary, Sweden, Indonesia, Australia, Bangladesh, Kenya, Qatar, Costa Rica and Tunisia.
The forum is expected to adopt an outline of global guidance for how to work together in coping with cyber security challenges, along with a chair’s summary and a supplement on best practices at the close of the meeting.
“Cyber issues emerged as a global subject just a few years ago but each country has very different views on how to deal with them,” the senior diplomat said.
“But cyber security is an issue that the international community ought to follow up on. As time goes by and discussions become more concrete, something weightier may be possible such as the drawing up of international norms at settings like a summit in which the U.N. and the whole international community takes part.”
In line with rising risks of unintended miscalculation, there has been heated debate at the U.N. and elsewhere on the need for international rules on cyber warfare and confidence-building measures similar to existing conventions on traditional arms control.
Countries led by Beijing and Moscow have indeed presented draft resolutions but no consensus appears conceivable due chiefly to substantial differences with Washington.
The Chinese-Russian proposal is aimed at establishing rights and responsibilities of states in safeguarding cyber networks, stressing sovereign authority over the content and flow of information.
The West, in contrast, deems non-state actors as the main challenge to its online national security, and calls for global efforts to ensure the free flow of information.
But the two camps are showing signs of reaching consensus this year as they are stepping up consultations and trying to find common ground as cyber threats are becoming increasingly more powerful, frequent and diverse.
“I think it’s still possible for global players to build cases by looking into when and what leads to misunderstanding and clashes in cyberspace and, if that happens, which existing rules can be applied,” Choi said.
“During the process, they may find loopholes and feel the need to devise new norms to plug them. That’s for the legal part, and in Seoul this time, we’re just seeking common political understanding and hoping to provide a beacon for future directions.”
To help bridge technical gaps between developed and developing worlds, the Korean government launched a new session on capacity building. The participants review examples of database protection and technology transfer and discuss how to support vulnerable countries to boost cyber security.
A number of ministries and state-run IT organizations including the Korea Internet Security Agencies have also been operating programs in Thailand, Kenya, Uganda and other developing countries to help them formulate cyber security policy, better respond to attacks and enhance information management.
“As one of the world’s most wired countries, Korea can easily be a target of cyber crimes, and many other countries should be interested in how we react,” Choi said.
“Cyber security may sound pricey but it’s an area in which we can offer tailored assistance in comparison to the costs required, given our potent IT technologies and rapid development experience.”
Choi, Korea’s top arms control expert
Choi Sung-joo, chief of its preparatory secretariat and ambassador for international security affairs, is known as one of the best arms control specialists at the Foreign Ministry and boasts hands-on experience in multilateral diplomacy spanning over three decades.
The 55-year-old veteran diplomat is also a member of a board of advisers to U.N. Secretary-General Ban Ki-moon on disarmament, nonproliferation of weapons of mass destruction and international security for the 2013-2016 term.
Since joining the ministry in 1980, he has served in key posts, including ambassador to Algeria, embassy minister in Brazil, deputy director general for international organizations, and director of disarmament and nuclear energy.
By Shin Hyon-hee (firstname.lastname@example.org)