South Korea Signs Up to Cyber Theft Pledge

On Friday the Obama administration secured its second win toward establishing a new norm in cyberspace. The Joint Fact Sheet published by the White House includes the following language:

"no country should conduct or knowingly support cyber-enabled theft of intellectual property, trade secrets, or other confidential business information with the intent of providing competitive advantages to its companies or commercial sectors;" (emphasis added)

This excerpt, as well as other elements of the agreement, mirror words which I covered in my Brookings piece To Hack, Or Not to Hack? I recommend reading that article to get my full take on the importance of this language, including the bold elements.

It's likely many readers don't think of South Korea as an economic threat to the US. While South Korean operations are conducted at a fraction of the scale of their Chinese neighbors, ROK spies still remain busy. In January Shane Harris wrote a great story titled Our South Korean Allies Also Hack the U.S.—and We Don’t Seem to Care. It contains gems like the following:

From 2007 to 2012, the Justice Department brought charges in at least five major cases involving South Korean corporate espionage against American companies. Among the accused was a leading South Korean manufacturer that engaged in what prosecutors described as a “multi-year campaign” to steal the secret to DuPont’s Kevlar, which is used to make bulletproof vests...

All of the cases involved corporate employees, not government officials, but the technologies that were stolen had obvious military applications. South Korean corporate spies have targeted thermal imaging devices and prisms used for guidance systems on drones...

But South Korea has gone after commercial tech, as well. A 2005 report published by Cambridge University Press identified South Korea as one of five countries, along with China and Russia, that had devoted “the most resources to stealing Silicon Valley technology.”

I commend the administration for securing a "cyber theft pledge" from another country. Whether it will hold is another issue. Just today there is reporting claiming that China is still targeting US companies in order to benefit Chinese companies. I believe it is too soon to make a judgment.

I'm also watching to see which countries besides the US approach China, asking for similar "cyber theft pledges." With President Xi visiting the UK soon, will we see Prime Minister Cameron ask that China stop stealing commercial secrets from UK companies?

On a related note, I've encountered several people recently who were not aware of the excellent annual Targeting US Technologies report series by the US Defense Security Service. They are posted here. The most recent was published in August 2015.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics