The Normative Enactment of International Cybersecurity Capacity Building Assistance: A Comparative Analysis on Japanese and South Korean Practices

The international community encourages states to embrace the international cooperation to support and assist each other in reducing risks stemming from the digital divide. However, they cannot agree upon how international norms apply to cyberspace, let alone shaping and regulating international cybersecurity capacity building (CCB) assistance. States use international CCB assistance to impose cyber-norms based on their perceptions. It results in different forms of assistance provided by each donor country. Using social constructivism theory and the CCB concept as international assistance, this paper compares the practice of CCB assistance from two donor countries: Japan and South Korea. It emphasises the role of each donor country’s normative structure in shaping their identities, roles, interests, and behaviours in international CCB assistance. Japan’s international cybersecurity cooperation normative structure shapes Japan’s identities and roles that prioritise security-dominant normative and material interests. Meanwhile, South Korea’s developmental focus constructs the country’s identities and roles that shape developmental normative and material interests. This research finds that Japan’s assistance is highly security-oriented while South Korea’s is less security-oriented. Their differences highlight the fragmentation of global cyber-norms caused by different perception processes.


INTRODUCTION
The UN General Assembly adopted Resolutions A/RES/68/243 and A/RES/70/237-based on several reports from the United Nations Group of Governmental Experts or UN GGE (2010; and the United Nations Open-ended Working Group or UN OEWG (2021)-on the importance of the international assistance on cybersecurity capacity building (CCB) for tackling the digital divide and its risks. The importance of such agreements is twofold. First, the international community has successfully securitised the digital divide problem, a state of inequality among countries in cybersecurity capacity and its advancement to benefit from the internet (Smith, 2002). Data from the International Telecommunication Union or ITU (2020) shows internet penetration in developing and least developed countries in 2019 (44.4% and 19.5%) is still below the world average of 51.4%, let alone developed countries' (86.7%). As the global economy is getting digitalised, some countries lacking digital development cannot benefit from advancements in information and communications technologies (ICTs). Such a shortcoming will make countries more vulnerable to any cyberrelated threat that can disrupt or destroy critical infrastructures-both physical and virtual (Hohmann, Pirang, & Benner, 2017, pp. 8-9;van Puyvelde & Brantly, 2019). Moreover, insecure networks in one place can be abused to disrupt infrastructure around the globe (Hohmann & Pirang, Why Policymakers Should Care About Weak Digital Infrastructure Abroad, 2017).
Second, such securitisation results in contesting discourses of CCB in addressing the digital divide problem. It is clear that UN GGE preferred international CCB assistance to "reduce risk and enhance security [and to] promote a peaceful, secure, open, and cooperative ICT environment" (UN GGE, 2015, pp. 10-12;2013, p. 2). However, the discussion moves to the realm of politics of international cooperation. The practice of international CCB assistance-another term is "cybersecurity sharing"-is no different from international assistance. Both resemble the requirement of a voluntary transfer of resources from one government or other agencies to support the general development of others (Williams, 2020).
In short, international CCB assistance is being politicised.
Patryk Pawlak's study (2016) that illustrates this notion by arguing that CCB is a politicised foreign policy instead of the technocratic process becomes the cornerstone for further studies in the field. It derives into two categories of focus: the practical dynamics and the normative dynamics of international CCB assistance. The former focuses on the donorrecipient relationship in shaping international CCB assistance. It includes each donor and recipient's role in driving international CCB assistance and challenges and obstacles in matching their interests (Schia, 2016;Muller, 2015;Pawlak & Barmpaliou, 2017). Further studies illustrate such dynamics in specific countries and international/regional organisations in conducting CCB assistance (Contreras & Barrett, 2020;Calandro & Berglund, 2019;Crespo, Wanner, & Ghernaouti, 2018;Hitchens & Goren, 2017). The latter focuses on norm constructions behind international CCB assistance itself. In general, there have been numerous studies about global cyber norms. There are studies on the theoretical prospect of constructing global cyber norms and its deadlock within the international community (Grigsby, 2017;Henriksen, 2019;Hurwitz, 2014;Finnemore & Hollis, 2016). However, only Zine Homburger's study that narrows its discussion specifically to the dynamics of international CCB assistance. He (2019, p. 2) argued that the lack of global cyber norm causes the politics of international CCB assistance to become a fragmented arena; each donor country will use CCB assistance to impose its cyber norms preferences toward recipient countries. Nevertheless, studies conducted by Homburger, and others within this category, overly focus on the structural level of analysis ("international society-centric") (Hobson, 2000, p. 149), while studies taking a state-centric approach is still rare. There should be a study in the field to reveal how cyber norms motivate the donor countries to advance and implement international CCB assistance towards recipient countries in addressing the digital divide problem.
Based on this literature gap, this paper posits the research questions: what do the digital divide and cybersecurity mean for states? How do states interpret their own identities and roles in international cybersecurity cooperation? What motivates them to implement international CCB assistance? How do they similarly and differently implement international CCB assistance? Using social constructivism theory and the concept of CCB as international assistance, it will comparatively analyse how normative focuses of the two donor countries-Japan and South Korea-are reflected in different forms of CCB programmes or projects with recipient countries. It argues that one's cybersecurity normative structure would define its identity/role and normative-material interest in conducting international CCB assistance.
As a result, the corresponding orientation, dimension, and forms of CCB assistance will follow. However, as Japan's security-oriented normative structure differs from South Korea's non-security-oriented (developmental) one, their identities/roles, normative-material interests, and practices also differ. This difference highlights the fragmentation of global cyber-norms. This paper is structured as follows. First, it will introduce two analytical frameworks that will be used-CCB as international assistance and "hybrid" social constructivism theory-along with their operationalisation. It will also introduce the methodology-a qualitative, case-based comparative research design based on a "pragmatic-constructivist" research paradigm. Next, it will compare the normative structure of Japan and South Korea regarding their perception of the digital divide, cybersecurity, and international CCB assistance at the domestic and international levels. Then, it examines how Japan and South Korea's differing normative structures shape their identities/roles and normative-material interests regarding international cybersecurity cooperation. Those analyses will assess how the actual practices of Japan's and South Korea's international CCB assistance reflect their respective normative structure, identities/roles, and interests. A brief, additional comment on reproducing fragmented global cyber norms will conclude this study. UN GGE and UN OEWG reported in 2010 about the mainstreaming of CCB as a practice of international assistance. Those reports consistently recommend that states provide international assistance that includes cooperation to improve ICT stability and security while preventing harmful pertinent practices, careful consideration on how best to cooperate in addressing cyber-related threats, and responsiveness to appropriate requests from the international community for assistance in addressing cyber-related issues.

CCB as International Assistance
Many scholars have attempted to formulate a definition for CCB that fits with the international assistance context. Muller (2015, p. 7), Homburger (2019, p. 4), and Hohmann et al. (2017, p. 12) emphasise the words like "support," "assistance," and "provision" in their definition of CCB. The definitions imply the relations between donor and recipient states.
They also reflect the development and security perspectives inferred from the very definition of cybersecurity. The development perspective is about "how to provide developing nations with increased access to, and the ability fully benefit from the Internet and cyberspace more generally." Meanwhile, the security perspective is about "[…] reducing digital security risks stemming from access and use of ICTs." This duality can be flexible because it can be linked and utilised in approaching security and development issues. Donor countries can impose political interests through international CCB assistance. Such political imposition can take forms in the conditionality for the assistance to be delivered, the contested norms, culture, approach, and institution regarding the CCB governance, or issue linkage.
By combining key points from each definition from the existing studies, this study proposes the following definition of international CCB assistance: a set of activities, be it knowledge, technical, or institutional, from donor countries in supporting and assisting recipient ones to provide, build, and develop their cybersecurity capacity and capability so they can reap benefit while also reducing risks stemming from access and use of ICTs.
This research also combines findings from several previous studies related to the definition and typology of international CCB assistance. First, Alexander Klimburg and Hugo Zylberberg (2015) segmented and dichotomised CCB activities into security-related and non-security-related official development assistance (ODA) according to the Development Assistance Committee of the Organization for Economic Cooperation and Development (OECD-DAC). Second, the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford made numerous guidance in developing cybersecurity capacitycalled Cybersecurity Capacity Maturity Model for Nations (CMM). The list is derived from five CCB dimensions as follows: (1) policy and strategy, (2) cyberculture and society, (3) educational training and skills, (4) legal and regulatory frameworks, and (5) standards on organisations and technologies (GCSCC, 2021, pp. 5-6). Third, Theresa Hitchens and Nilsu Goren (2017, pp. 5-6) focused on the typology of CCB activities in a framework called "information sharing agreements," ranging from training, research, policy, informationexperience sharing, military, cyberoperations, cyber-exercises, cybercrime, and best practice.

Social Constructivism
Social constructivism argues that social normative structure determines a state's identity and interest, resulting in the state's behaviour in international politics. The normative structure itself is a set of autonomous and constitutive norms which exist independently from the state (Hobson, 2000, p. 148). For constructivists, the state's behaviour follows the "logic of appropriateness" (March & Olsen, 1989). Hobson (2000, p. 148) identifies three variants of constructivism: (1) international society-centric, (2) state-centric, and (3) radical or postmodern (further exploration will focus only on the first two variants). In international society-centric theory, the international realm becomes the "realm of obligation" consisting of two sub-structures or tiers: the principal socialising norms and international organisations (Hobson, 2000, p. 150). Any dynamics from the international level will affect the state's behaviour to conform to what becomes internationally recognised "appropriate" behaviours. International society and its principal normative structure will reproduce themselves (Hobson, 2000, p. 150). Meanwhile, statecentric theory rarely focuses on the international level. There is a dynamic interaction between domestic normative structure and domestic institutionalisation or state-building (state-society relations and state-transnational linkage). This "domestic realm focus" affects the state's identity, interest, and behaviour (Hobson, 2000, p. 167). This study aims to combine both variants by integrating the "international realm" variable with the "domestic realm" variable and framing them as a new normative structure.
This structure concerning international cybersecurity governance and cooperation affects the state's identity, interest, and behaviour in international CCB assistance. Table 1 illustrates this paper's analytical framework operationalisation.

RESEARCH METHOD
This study follows what David L. Morgan (2007, p. 67), Thi Tuyet Tran (2017, and John W. Creswell (2013, pp. 9-10) termed a "pragmatic-constructivist" research paradigm. It seeks the "middle ground" of tension between the objectivity of observable phenomenon of CCB as international assistance as part of inter-state behaviours (e.g., the network of actors, institutions, material capabilities) and its inherent tendency to be driven by "nonmaterial/intangible factors" (e.g., norms, identities, and ideas). It manifests in a case-based comparative analysis design, which tries to compare a limited number of cases in return for more exploration of numerous "variables" to thicken the description. The definitive conceptualisation or theorisation within the research is constructed simultaneously with the research progress, and the case selection would be very paradigmatic according to the research purpose (della Porta, 2008, p. 208).
There are several reasons behind the selection of Japan and South Korea in this study.
First, this research attempts to make a breakthrough by departing from mainstream studies in the field whose focus is on Western cybersecurity profiles-e.g., US, UK, European Union (EU), Council of Europe (CoE), Russia, and others. Second, according to Global Cybersecurity Index (GCI) in 2018, ITU (2019a, pp. 14, 62) categorised Japan (with GCI 0.880) and South Korea (with GCI 0.873) as countries with a "high-level commitment" toward cybersecurity. The third is that Japan and South Korea, as developed countries, have This research obtained data that consisted of two referent sets: (1) the general national cybersecurity profile of Japan and South Korea and (2) international CCB assistance activities/programmes/projects conducted by Japan and South Korea. The data are primarily qualitative from primary or secondary sources (see Table 2) found through desk-study activity (Lamont, 2015, pp. 79-91). The method of the data analysis will be qualitative, with a tendency to go to both content and discourse analysis (Johannesson & Perjon, 2014, p. 65).
The data will be positioned and analysed based on this paper's analytical framework and writing structure.

International-level Normative Structure
Japan and South Korea have several similarities in their international normative structure. consideration of how best to cooperate against cybercrime; (3) responding to appropriate requests for assistance by another State whose critical infrastructure is vulnerable. These cyber norms simultaneously "teach" UN member states, including Japan and South Korea, to participate in international cybersecurity cooperation, particularly international CCB assistance, to narrow the digital divide.
Second, both countries are active members of ITU, an UN-backed ICT agency.
Membership in ITU has "encouraged" countries like Japan and South Korea to prioritise conducting CCB cooperation, particularly with developing countries. It is shown by two ITU events regarding spam-combating and computer incident response teams (CIRTs) facilitation

Japan's Perceptions of the Digital Divide and Cyber-Norms
The Japanese perspective on the digital divide combines infrastructural and socio-economic (i.e., intergenerational) perspectives. The problem of the digital divide Japan is experiencing is caused by the fact that internet penetration in Japan is centralised in Honshu Island (Nishida, Pick, & Sarkar, 2014, pp. 1000-1003. Moreover, the number of older people using the internet is far fewer than the younger population (Chen & Wellman, 2004, p. 23 (2020, p. 30) said that these governmental bodies create more innovation in cybersecurity governance than private sectors or civil society. On the other hand, the role of private or civil society is weak and less self-incentivised. Japanese business leaders lack the technical expertise and experience necessary to make good cybersecurity decisions (Matsubara, 2018).
They view cybersecurity as corporate social responsibility practice instead of an asset or investment to improve competitiveness (Matsubara, 2018).
Norms regarding cybersecurity governance adopted by the Japanese Government are also highly securitised for two reasons. First, the Japanese governmental bodies previously mentioned are all elites of the Japanese "security community" and "intelligence community." Despite the presence of METI in the policy-making process, its influence is still undermined by the higher government bodies like the Ministry of Defence and the National Public Safety Commission (Soesanto, 2020, pp. 20, 22-24). Consequently, policy areas specialised by Japan's cybersecurity governance are mainly around cybercrime, cyber terror, and cyber defence. Japanese cybersecurity strategy and laws reflect what Lene Hansen and Helen Nissenbaum (2009, pp. 1163-1165 refer to as "hyper-securitisation." The Japanese security community used past cybercrime events, cyber terrorism, and cyber defence incidents and even imagined the worst cyber-threat scenario to justify the sophisticated evolution of national cybersecurity strategy. They evolved from the 2000 Basic Act and Special Action Plan to two National Strategies on Information Security to three Cybersecurity Strategies between 2013 and 2018, introducing the Basic Act on Cybersecurity in 2014. Japanese cybersecurity governance also refers to National Defence Guidelines and Japan-US Defence Guidelines to narrate a "toward-militaristic" approach to cybersecurity (Soesanto, 2020, pp. 12-17, 24-25).
Second, geopolitically speaking, Japan expands its "defence perimeter" in cyberspace to cover neighbouring actors, both states and regional organisations, while avoiding a direct cyber-dialogue with China. Japan-ASEAN CCB cooperation becomes an instrument to foster the Japan-ASEAN security community and environment amidst the growing cyber threat from China (Larasati, 2018, pp. 92-93). The trilateral meeting between US, Japan, and South In short, Japan's security-oriented cybersecurity governance at the domestic level and cooperative approach and security orientation on cybersecurity influence Japan's normative structure for international CCB cooperation to be security-oriented.

South Korean Perception of the Digital Divide and Cyber-Norms
The socio-economic perspective has dominated South Korea's experience with the digital divide. Its digital divide seems to be increasing along the lines of income and education (Chen & Wellman, 2004, p. 23). Despite the 97% rate of national internet penetration in January 2021 (Kemp, 2021), the rate for the physically disabled, elderly, people living in rural areas, and low-income earners is far slower (Yonhap News Agency, 2020). Moreover, the deployment of ICTs in the various socio-economic frameworks, such as education, happens because Korea has limited natural resources and depends on a knowledge-based economy to remain economically viable and competent (Sedimo, Bwalya, & Plessis, 2011 First, public-private partnership in South Korean cybersecurity governance is minimal (Kim D. , 2019, pp. 79-80). Second, South Korea's administrative system and legal framework in cybersecurity affairs are scattered without the proper mechanism to integrate them into a more unified governance. There are many governmental bodies including the National Cyber Security Centre ( Norms regarding cybersecurity governance in South Korea are a mixture of securityoriented and economic development-oriented. South Korea's cyber defence to deter the imminent threat, mainly from North Korea and China, and the presence of a "security community" that holds responsibility for governing cybersecurity, such as NCSC, KISA, NCC, and Cyber Bureau, strengthen the notion of security orientation (Bartlett, 2018, p. 29).
However, the degree of securitisation of South Korean cybersecurity is not as high as Japan.
The main factor lies in the competing economic development orientation of cybersecurity governance. MSIT, playing a vital role in South Korean cybersecurity governance, represents the national legacy of economic and financial guidance and bureaucratic-political interest in promoting South Korean science and technological advancement. "National legacy" means a political-economic culture during the 1970s-1980s that played a "stronger" interventionist role, relying more on top-down orders (Bartlett, 2018, pp. 30-31). The "bureaucratic-political interests" mean that MSIT's aim to assure South Korea's cybersecurity policy can promote South Korean science and technological advancement which would also serve the interests of the ICT industries (Kim D. , 2019, p. 68;Bartlett, 2018, pp. 31-32).
In short, South Korea has fostered a "developmental" orientation of cybersecurity governance while embracing a cooperative-with-low-securitisation approach to cybersecurity and CCB. These made the South Korean normative structure for international CCB cooperation "developmental."

Japan's Identity and Role Conception in International Cybersecurity Cooperation
It is generally agreed that Japan's international identity changed from a pre-war "warmonger" nation to a post-war "pacifist" one. Pre-war Japan held several identities, such as "militarist" and "authoritarian," "imperialist," and "aggressor" or "bullying country" or "a strong country" (Katzenstein, 1996;Hobson, 2000, pp. 167-169;Hagström & Gustafsson, 2015, p. 9). All those identities and role enactment dramatically changed after the defeat of Japan in World War II. The rest of the twentieth century saw a slow yet incremental reverse of those identities and roles to become a "post-war pacifist" Japan: "anti-militarist," "economic power," "developmental state," a "cooperative" member of the international community, and "weak" at some point (Tonami, 2018(Tonami, , pp. 1211(Tonami, -1212Kono, 1999;Yasushi & McConnell, 2008;Hagström & Gustafsson, 2015, pp. 12-14). The contemporary period of Japan's international relations, particularly during the second term of Prime Minister Shinzo Abe (2012-2020), witness another change in Japan's identity within international politics. This study proposes the term "revisionist" identity, inspired by Abe's effort to reinterpret Article 9 of the Japanese Constitution to benefit the Japanese SDF's remilitarisation. He embraced this kind of identity to seek a balance between two previous contrasting identities. He tried to present Japan as a nation that is (1) "cooperative" yet "assertive," (2) "strong" yet "not a bully," and (3) becoming a "military and economic power" yet "democratic and human rights champion." By linking the pertinent evolution of Japan's identity with the context of international cybersecurity cooperation, the security-oriented normative structure has shaped Japan's identity/role into a "responsible global cybersecurity stakeholder" in promoting peaceful and secure global cyberspace. Through bilateral and multilateral cyber diplomacy, Japan has become one of the responsible countries in shaping international collective action to ensure a free, fair, and secure cyber-space (Matsubara & Mochinaga, 2021, p. 25). To be "responsible" globally, Japan needs to be "digitally strong" as a regional and global cyber power. As the cyber threat is growing and even militarised, strengthening cyber defence capabilities is a viable option for Japan. It mainly deters advanced persistent threats (APTs) to Japanese cyberspace from China, North Korea, and Russia (NIDS, 2014, pp. 52-53).
Moreover, due to its "cooperative/assertive" identity/role that cannot be achieved alone, Japan needs to embrace international cybersecurity cooperation. Such an urgency has been supported by Japan's reputation for being a country with high capabilities of being a partner and even donor in much international cooperation and assistance and a thrust to become a globally responsible cybersecurity stakeholder (Menocal, 2011).
In short, Japan's security-oriented international cybersecurity cooperation normative structure combined with previously discussed "revisionist" identity and role in foreign policy results in Japan's strive for the following identity and role within international cybersecurity cooperation: a "cyber-power" with urgency and responsibility to contribute towards peaceful and secure global/regional cybersecurity on behalf of Japan's security interests.

South Korean Identity and Role Conception in International Cybersecurity Cooperation
South Korea was initially a minor power. The most popular proverb to describe South Korea's position within international politics is "a shrimp among whales," describing its role in the past as the geopolitical pivot for great power politics throughout history (Park S. J., 2015, p. 3). South Korea was also a "developing nation" due to its identity as an "international development beneficiary nation" of ODA by OECD. After the 1990s democratisation and post-1997-crisis national economic development consolidation, South Korea has become more stable internally. Jeffrey Robertson (2007) agreed that South Korea has transformed into a middle power. Flamm (2019, pp. 136-141) identified three identities/roles of South Korea as a middle power: "Rising Korea," "Leading Korea," and "Righteous Korea." "Rising Korea" indicates South Korea's rising role in international relations. The roles derived from such identity range from being a "bridge between worlds," "responsible middle power," and "economic power." Starting from President Roh Tae-woo's pursuit of South Korean status as a "mediator" between developing and developed countries or Western and Non-Western countries (Karim, 2018, p. 356), South Korea aims to become a "responsible middle power." In doing so, President Lee-Myung-bak's terminology of "Global Korea" in harmonising its interests with other global actors (Lee M.-b. , 2009) and South Korea's recent economic prowess become the foundation for "Rising Korea." "Leading Korea" means South Korea wants to be a global role model (Flamm, 2019, pp. 138-140). Combined with the "Global Korea" identity, it refers to South Korea's national image and brand-building and exportation of South Korean culture to a global audience. People-oriented soft power diplomacy is vital for South Korea's global popularity-e.g., Hallyu and the innovation model (Hermanns, 2013, pp. 75-76;Jamrisko & Wei, 2020). "Righteous Korea" refers to South Korean international identity/role as a "peaceful and cooperative" nation contributing towards world peace, security, and order (Flamm, 2019, pp. 140-141). Its role enactment involves South Korea's activism in international cooperation-whether it is security issues or economic development and cooperation issues-and becoming an agenda-setter (Mo, 2016, p. 594).
For example, South Korea successfully changed its "beneficiary" status to a "benefactor" and If we link South Korea's identity evolution with its normative structure of international cybersecurity cooperation that is "developmental," we can see that the identity of "Rising Korea" has shaped South Korea's identity into one of the "world ICT leaders." It was testified by ITU (2018) while describing how government interventions and investments in modern technology since the 1950s have been responsible for South Korean recent digital economic boom. The international community expects South Korea, now leading the world's ICT advancement, to play a contributive role in the cybersecurity sector (Kim S. , 2014, p. 324). From the "Leading/Rising Korea" identities, there are three recognisable roles: "strong internet nation," "pioneer of the digital "new deal," and a "leader in cyber-diplomacy." South Korea is home to several giant ICT corporations, such as Samsung, LG, SK, and KT, the fastest internet connection in the world (Pulse, 2020), a global pioneer for a "digital new deal," according to President Moon Jae-in (2020), and a reputable country for its e-Government. South Korean cyber diplomacy is directed into two segments of the "Righteous Korea" identity/role. The first one is to incorporate South Korean cultural assets with their diplomatic goals to promote the national brand/image to the global audience. In this context, South Korea is better than Japan in incorporating its cultural assets with its diplomatic goals in the international community (Park, Chung, & Park, 2019, p. 1481. The second one is cyber diplomacy to set the agenda of international cybersecurity cooperation, such as promoting peaceful and secure global cyberspace, mediating cyber conflicts, and other forms of cybersecurity cooperation, namely international CCB assistance.
In short, South Korea's "developmental" international cybersecurity cooperation normative structure combined with its "middle-power" status results in the following identity and role within international cybersecurity cooperation: a "cyber middle power" for the mutual development of the international community's cyber capabilities.

Japan's Motives
Japan's normative structure, identities, and roles in international cybersecurity governance discussed in the previous section contribute to Japan's normative and material interests in conducting international CCB assistance. There are three normative interests (Vosse, 2019, p. 3). First, Japan wants to ensure that the international community approaches international cybersecurity governance through multilateral and bilateral partnerships. Second, Japan aims to proliferate the norms of cooperative approach in building cyber capacity towards recipient countries. Third, being the party to the Budapest Convention, Japan is obliged to govern its cyberspace with respect for democracy, human rights, and the rule of law. Japan explicitly combats any cyber related crime within its cyberspace and within its capacity. Consequently, Japan aspires to ensure that other countries follow a similar path as active players in international cybersecurity governance.
There are several material drivers for Japan's international CCB assistance. The first is related to "prestige." Conducting international CCB assistance will help Japan build such an image in which recipient countries will perceive Japan as a role model in CCB that should be followed and preferred for future CCB projects. Second, in terms of "politico-diplomatic" concerns, international CCB assistance is a good option for Japan's confidence-building measures (CBMs) (Maiese, 2003). It means that if Japan cooperates and even assists developing countries in building cyber capacity, Japan's own cyber capabilities will not be feared even if Japan's cybersecurity is getting militarised. Third, regarding "security" consideration, Japan considered international CCB assistance as an instrument to promote a better way to build cybersecurity capacities following what donors idealise as "peaceful and secured cyberspace." Because Japan's national cybersecurity depends on international dynamics, helping other countries build their cyber-capacity will also strengthen Japan's national security. Lastly, in terms of "commerce," if Japan helps CCB in developing countries, it can simultaneously promote it socio-economic development and create a market for foreign economies. Moreover, international CCB assistance allows Japan to export its defence mechanisms to other countries.

South Korean Motives
Like Japan, South Korea's international CCB assistance has its normative and material components that constitute its interests worldwide. In terms of normative components, South Korea's international CCB assistance aims to promote international partnerships and cooperation in cybersecurity by enriching prevalent bilateral and multilateral cooperation systems (National Security Office of the Republic of Korea, 2017, p. 23). The international community, including the UN GGE and UN OEWG, has "taught" South Korea to conduct CCB cooperation with other countries to develop cyber capacities together and reproduce the cyber-norms toward other countries (Ebert & Groenendaal, 2020, p. 25). South Korea's international CCB assistance also promotes developmental norms. South Korea is committed to conducting CCB assistance toward other countries to narrow the digital gap that results in cyber risks, poverty, and economic stagnation (Ebert & Groenendaal, 2020, p. 23;.
There are also South Korea's material interests in international CCB assistance: "security," "prestige," and "politico-diplomacy." Like Japan, South Korea's cybersecurity profile is enmeshed in Asia-Pacific dynamics, involving considerable risk of cyberconflict with technically advanced countries like China, North Korea, and Russia and the prevalence of regional disputes. By conducting CCB assistance towards recipient countries nearby, South Korea can geopolitically assure its cybersecurity within the region from any cyberrelated risk from the external realm. Nevertheless, "security measures" do not necessarily affect or shape its normative interest like Japan. Because it is not a party to the Budapest Convention, South Korea does not internalise security-oriented cybersecurity governance, let alone CCB. Instead, it creates a more "developmental" orientation. In terms of "prestige," South Korea's National Security Office (2017, p. 24) aims to expand foreign assistance projects for cybersecurity capacity building to developing countries in a reciprocal manner and share cybersecurity technologies and systems. By conducting CCB assistance with other countries, South Korea aims to enact its "Global Korea" role in CCB governance and build a reputation as an international role model for CCB governance. In terms of "politicodiplomatic" interests, international CCB assistance can be used to make issue linkage. South Korea's ODA combines non-traditional security concerns, such as development, with cybersecurity (Kim S. , 2014, p. 7). In collaboration with the World Bank, one obvious result of South Korea's cyber diplomacy is to establish two CCB assistance projects: "Combatting Cybercrime: Tools and Capacity Building for Emerging Economies" and "Global Cyber Security Capacity Program."
The ratio between security-oriented and non-security-oriented projects is fifteen to nine. Most of the projects are conducted through engagement between Japan's cyber security bodies and their counterparts, proving the linearity of security-oriented approach with its material and normative interests, identity/role, and normative structure.

An Explanation for South Korean Performance
South Korea has around sixteen international CCB projects without forms of technology transfer, legal and judicial development, security system management and reform, cyberexercise, and military. The recipient countries are diverse, ranging from the Balkans to South Korea established a cybersecurity centre at the Bandung Institute of Technology to research and promote development awareness (Kusumastuti, 2015). It is similar to ASEAN Cyber University which is also South Korean programme (ACU Project, 2012). South Korea also cooperate with China and India on information and best practices-sharing, particularly in CIRTs (Hitchens & Goren, 2017, pp. 70, 99).
The ratio between security-oriented and non-security-oriented projects is fourteen to two. It proves that the South Korean approach to CCB projects is less security-oriented.
Instead of cyber security bodies, they engaged more with economic and development institutions in conducting the projects. Henceforth, South Korea's performance in international CCB assistance established the "developmental notion" and consistent with its normative structure, identity/role, and material-normative interests. Table 3 summarises the previously discussed comparison between Japan's and South Korea's international CCB assistance over the last decade based on their project quantity, orientations, dimensions, and forms. It collects any international CCB project that shows two attributes: (1) any resource transfer related to CCB assistance activities, tangible or intangible, from Japanese and South Korean Governments or official agencies and (2) the status of recipient countries, which can be considered developing if measured by their economic development and ICT advancement. They reflect policy orientation or behaviour related to international CCB assistance. Therefore, both countries' engagement with, for example, China and India, despite the latter's economic prowess, still counts in this manner. the former mainly focused on cooperation with SEA counterparts, data from the latter show more diversity in terms of regional partners.

Additional Discussion
Such "unfair comparison" can be justified. Empirically speaking, Japan has more region-focused international CCB assistance than South Korea's, which is more diverse.
Most of Japan's international CCB recipients come from the SEA region, namely ASEAN member states. It happens because Japan realises the importance of the region's cybersecurity capacity and its impact toward regional cybersecurity governance more than South Korea does. SEA have several issues regarding the digital divide, in terms of internet penetration (Ingram, 2020, p. 8;World Bank, 2021), digital gender gaps (ITU, 2019b, pp. 4, 6), unequal distribution of ICT skills (ITU, 2019b, p. 10), exploitable unsecured infrastructures (Raska & Ang, 2018, p. 2), insufficient strategic mindset, policy preparedness, and institutional oversight (Ingram, 2020, p. 18), business community's reluctancy to deal with cyber-risks, lack of human resources and infrastructures, and infancy of cyber-culture within society and state. In this case, Japan takes geopolitical measures into account more than South Korea does. Such findings are consistent with the initial analysis this study has explicated in previous sections, concerning the linearity between the normative structure, identities/roles, normative-material interests, and state policy (i.e., international CCB assistance). Therefore, the data difference precisely confirms the initial premises and analyses this study proposes.

CONCLUSION
Based on the conceptualisation of CCB as a practice of international assistance and social constructivism theory, this study concluded the role of normative structure, identity/role enactment, and interest configuration in shaping states' orientation in international CCB assistance. When specific normative structure-a combination of the international "realm of cybersecurity obligation" and domestic "realm of national cybersecurity institution"interacts with the country's preceding identities and roles in general foreign policy, the process configures pertinent country's normative and material interests that genuinely drives a country to conduct international CCB assistance. Thus, the orientations, dimensions, and forms of activities/programmes/projects will manifest and reproduce the given normative structure and perceived identities/roles.
The two study cases from Japan and South Korea justify the argument. Japan's security-oriented normative structure in international cybersecurity has shaped Japan's identity and role in international cybersecurity governance to be a country with securitydominant normative and material interests. Therefore, Japan's international CCB assistance has been highly security-oriented. Meanwhile, South Korea's "developmental" international cybersecurity normative structure embraces South Korea's well-known reputation in the international development realm so that the country puts more emphasis on the mixture of international CCB assistance with "developmental" normative and material interest.
Henceforth, many programmes/projects of South Korea's international CCB assistance take a non-security orientation. Eventually, both countries reproduce different normative structures of international CCB assistance imposed on them in the first place. This comparison perfectly asserts the notion of fragmentation of global cyber-norms caused by a different process of perceiving them by countries worldwide.

ACKNOWLEDGEMENT
This study is a summarised version of the author's master's final thesis with a similar title for Corvinus University of Budapest. This achievement cannot be accomplished without the academic guidance by author's supervisor, Beáta Paragi, PhD, and financial support from the Stipendium Hungaricum Scholarship by Tempus Public Foundation.