South Korea Cracks Down on IP Thefts 

South Korea is cracking down on intellectual property (IP) theft. Today, authorities indicted an executive who used to work at Samsung Electronics, charging him with stealing computer chip IP and using it to build a computer chip manufacturing plant in China.

In a statement, a South Korean prosecutor said the case against the unnamed defendant in the China chip case was “a grave crime that could deal a heavy blow to our economic security by shaking the foundation of the domestic chip industry at a time of intensifying competition in chip manufacturing.”

The defendant had worked at Samsung and another South Korean chip technology company for 28 years, underscoring the ever-present need for security to address insider threats.

Over the weekend, South Korean national police announced the arrest of 77 people in 35 cases of industrial espionage. A similar set of operations last year netted roughly half as many arrests, according to Reuters. South Korean news organization Dong-a Ilbo reported that 27 of the 35 cases in the 2023 operation were technology leaks between domestic companies; eight cases involved international IP theft, including the Samsung case.

The fact that the highest profile South Korean case involved allegations against China is not surprising. Earlier this year when the U.S. government formed a Disruptive Technologies Task Force, which identified several countries that supported brazen IP theft activity while singling out China as being both especially aggressive and effective at stealing corporate secrets.

One of the task force’s first accomplishments was identifying and working to disrupt an alleged Chinese attempt to steal information from Apple’s work on autonomous vehicles. Authorities apprehended two of three suspects, while the other fled to China, according to an indictment unsealed last month.

Just earlier this year, a U.S. court sentenced a former GE employee to a two-year prison term for attempting to steal proprietary design models, engineering drawings, configuration files, and material specifications in connection to GE gas and steam turbines” and sending them to a relative in China.

Prior to the COVID-19 pandemic, the U.S.-China Economic and Security Review Commission delivered its seminal report to Congress. A January 2023 in depth look at Chinese industrial espionage from The New York Times described the report as an examination of “the myriad ways in which Chinese companies, often backed by their government, help transfer strategic know-how from the United States to China. The maneuvers range from seemingly benign (acquiring American firms with access to key intellectual property) to notoriously coercive (compelling American companies to form joint ventures with Chinese firms and share trade secrets with them in return for access to the Chinese market) to outright theft.”

In April this year, Security Management released a package of content devoted to mitigation of insider threats. In “Operational Strategies for Today’s Insider Threat Environment,” Robert Achenbach, Ed.D, CMAS, and Deb Andersen, PSP, CISSP, provided several specific actions companies can take to support insider risk detection:

Employee surveys. These are an opportunity to leverage human resource partners to help assess the organization's stressors. Developing an employee survey is a terrific way to test the temperature with change and stress within the workplace. Surveys are great tools to help collect information to identify risk.

Security site surveys. Conducting security site surveys is a great strategy to help assess operational risk that can support an insider risk program. The frequency of the critical area tours must be identified so appropriate information can be shared with the monitoring team.

At a minimum, annually assess users’ access to secure areas in the building and secure files on the network, and then adjust as necessary to prevent privilege creep. Employ the principle of least privilege to ensure that a user only has access to the specific data, resources, and applications needed to complete a required task.

Information sharing. Should be considered a crucial information sharing strategy because it is an essential element to an insider risk program. Threat management in any organization should include HR, legal, risk management, physical security, and cybersecurity.  Confidentiality and non-disclosure agreements should be reviewed and agreed upon before sharing confidential records, business processes or even an internal tour of a business or plant. This helps to protect company secrets and proprietary property.

Training. Conduct security awareness training, which includes access control, confidentiality, active shooter, and suspicious email topics, at least once a year. Enforce cyber concepts by conducting frequent phishing campaigns. Education is the best prevention.

Data sharing. Communication between systems to provide situational awareness should have priority. The relationship between the physical identity access management (PIAM) systems and cyber-centric security incident event management (SIEM) systems is especially important because we want to establish a holistic view of the environment for the potential threats that surround us.