Threats in cyberspace present some of the greatest challenges of the twenty-first century. They expose the vulnerability of electoral systems, critical infrastructure, and the global economy. With the global cost of cybercrime estimated to reach $10.5 trillion annually by 2025, both non-state and state-sponsored hackers pose a growing security threat in the military realm and beyond. There are many daunting examples of the real-world impact of cyber-attacks. For example, a new study shows that the massive power outage in Mumbai last October was most likely caused by Chinese malware, which found its way into the Indian power grid amid a flare-up in the long-running border dispute between China and India. And the latest Microsoft hack has underscored the vulnerability of communications infrastructure everywhere from small businesses to the US government.
There is an emerging consensus between countries that China is the most significant source of cyber threats. To respond to these threats, the European Union launched in December 2020 its new Cybersecurity Strategy. The document recognises that cyber security has emerged as one of the most important non-traditional security issues for the EU, and that the bloc’s capacity to address these immense challenges is, so far, underdeveloped. By acknowledging that the EU will not be able to tackle such challenges alone, the strategy lays the groundwork for the bloc to strengthen its cooperation with like-minded partners.
Making cyber security an integral part of a European approach to the Indo-Pacific could provide a framework for cooperation with EU partners in the region. Given that cyber security cooperation is a sensitive issue, it will be important for the EU to identify key partners that share the same fundamental values and that have proven to be trustworthy allies.
One of these natural partners is Japan. By creating the world’s largest area of safe data flows, the EU and Japan reaffirmed their strong trust in each other’s legal and protective systems – showing why the country is often described as the “one of the EU’s closest and like-minded partners”, as the European Commission put it. The Strategic Partnership Agreement they signed in 2018 specifically calls for sectoral cooperation in the digital sphere. And Japan and the EU set up in 2019 a partnership on standards for 5G, trusted services, and quantum communications.
Japan’s prime minister, Yoshihide Suga, has made the digital transformation a priority of his administration and is gearing up to establish an agency that will serve as the core of national cyber power. Japan’s cyber security policies have been advancing since it began preparations for the Tokyo 2020 Summer Olympics and published its vision for ‘Society 5.0’. The country released in 2018 a cyber security strategy that aims to protect “a free, fair and secure cyberspace … the free flow of information, the rule of law, openness, autonomy, and collaboration among multi-stakeholders”. In the same year, the Japanese government established cyberspace as a new defence domain and published a defence strategy that assigned a more important role to cyber issues.
However, while both Japan and the EU have taken steps to improve their cyber security, they have been relatively slow and reactive in implementing their strategies. The increasing complexity, speed, and global reach of cyber threats overwhelm EU and Japanese defences.
At the same time, China has capitalised on global connectivity more than any nation other than the United States, the only one to surpass it in independent rankings of the “most comprehensive” cyber powers. As part of its most recent five-year plan, Beijing aims to become a self-sufficient technological superpower. Therefore, the Chinese Communist Party has placed its plans in science, technology, and innovation before all other sectors for the first time in its history. This is a clear sign that cyber espionage will remain a centrepiece of China’s strategy to achieve these goals and to improve its offensive capabilities. The blackout in Mumbai suggests that China is not only capable but also willing to use that power against others.
Both Japan and the EU need partners to address these challenges on an international level. To enhance their defence capabilities, Japan and the EU will need to strengthen their bilateral cooperation, enhance their operational interactions in response to cyber-attacks, and become leaders in shaping international norms and standards in cyberspace. Establishing a common framework of information and procedures – and building up their trust in, and capacity for, coordination on issues such as the free flow of data and data localisation – would give both Japan and the EU a major advantage in these areas.
The European Council on Foreign Relations does not take collective positions. ECFR publications only represent the views of its individual authors.