Why cyber security should be a key part of Europe’s Indo-Pacific strategy

Making cyber security an integral part of a European approach to the Indo-Pacific could provide a framework for cooperation with EU partners in the region

EU-Japan Summit 2019, Backstage

Threats in cyberspace present some of the greatest challenges of the twenty-first century. They expose the vulnerability of electoral systems, critical infrastructure, and the global economy. With the global cost of cybercrime estimated to reach $10.5 trillion annually by 2025, both non-state and state-sponsored hackers pose a growing security threat in the military realm and beyond. There are many daunting examples of the real-world impact of cyber-attacks. For example, a new study shows that the massive power outage in Mumbai last October was most likely caused by Chinese malware, which found its way into the Indian power grid amid a flare-up in the long-running border dispute between China and India. And the latest Microsoft hack has underscored the vulnerability of communications infrastructure everywhere from small businesses to the US government.

To load the audio player provided by Soundcloud, click the button below. This means Soundcloud will receive technical data about your device or browser, as well as information about your visit on this page. Soundcloud may use cookies and may transfer your data to servers outside the EU, where the level of data protection may not be equivalent to that in the EU. For more information visit our privacy policy.

Load player

Dr Janka Oertel invited ECFR’s Visiting Fellow for Japan, Dr Elli-Katharina Pohlkamp, as well as Bonji Ohara from the International Peace and Security Department at the Sasakawa Peace Foundation to talk about the opportunities and challenges of cooperation in the field of cybersecurity and emerging technologies.

There is an emerging consensus between countries that China is the most significant source of cyber threats. To respond to these threats, the European Union launched in December 2020 its new Cybersecurity Strategy. The document recognises that cyber security has emerged as one of the most important non-traditional security issues for the EU, and that the bloc’s capacity to address these immense challenges is, so far, underdeveloped. By acknowledging that the EU will not be able to tackle such challenges alone, the strategy lays the groundwork for the bloc to strengthen its cooperation with like-minded partners.

Making cyber security an integral part of a European approach to the Indo-Pacific could provide a framework for cooperation with EU partners in the region. Given that cyber security cooperation is a sensitive issue, it will be important for the EU to identify key partners that share the same fundamental values and that have proven to be trustworthy allies.

One of these natural partners is Japan. By creating the world’s largest area of safe data flows, the EU and Japan reaffirmed their strong trust in each other’s legal and protective systems – showing why the country is often described as the “one of the EU’s closest and like-minded partners”, as the European Commission put it. The Strategic Partnership Agreement they signed in 2018 specifically calls for sectoral cooperation in the digital sphere. And Japan and the EU set up in 2019 a partnership on standards for 5G, trusted services, and quantum communications.

Japan’s prime minister, Yoshihide Suga, has made the digital transformation a priority of his administration and is gearing up to establish an agency that will serve as the core of national cyber power. Japan’s cyber security policies have been advancing since it began preparations for the Tokyo 2020 Summer Olympics and published its vision for ‘Society 5.0’. The country released in 2018 a cyber security strategy that aims to protect “a free, fair and secure cyberspace … the free flow of information, the rule of law, openness, autonomy, and collaboration among multi-stakeholders”. In the same year, the Japanese government established cyberspace as a new defence domain and published a defence strategy that assigned a more important role to cyber issues.

The increasing complexity, speed, and global reach of cyber threats overwhelm EU and Japanese defences.

However, while both Japan and the EU have taken steps to improve their cyber security, they have been relatively slow and reactive in implementing their strategies. The increasing complexity, speed, and global reach of cyber threats overwhelm EU and Japanese defences.

At the same time, China has capitalised on global connectivity more than any nation other than the United States, the only one to surpass it in independent rankings of the “most comprehensive” cyber powers. As part of its most recent five-year plan, Beijing aims to become a self-sufficient technological superpower. Therefore, the Chinese Communist Party has placed its plans in science, technology, and innovation before all other sectors for the first time in its history. This is a clear sign that cyber espionage will remain a centrepiece of China’s strategy to achieve these goals and to improve its offensive capabilities. The blackout in Mumbai suggests that China is not only capable but also willing to use that power against others.

Both Japan and the EU need partners to address these challenges on an international level. To enhance their defence capabilities, Japan and the EU will need to strengthen their bilateral cooperation, enhance their operational interactions in response to cyber-attacks, and become leaders in shaping international norms and standards in cyberspace. Establishing a common framework of information and procedures – and building up their trust in, and capacity for, coordination on issues such as the free flow of data and data localisation – would give both Japan and the EU a major advantage in these areas.

The European Council on Foreign Relations does not take collective positions. ECFR publications only represent the views of their individual authors.


Subscribe to our weekly newsletter

We will store your email address and gather analytics on how you interact with our mailings. You can unsubscribe or opt-out at any time. Find out more in our privacy notice.