MISSION STATEMENT CYBER-SECURITY BUSINESS DEVELOPMENT MISSION TO JAPAN, SOUTH KOREA AND TAIWAN. Date: May 16-24, 2016

Transcription

1 MISSION STATEMENT CYBER-SECURITY BUSINESS DEVELOPMENT MISSION TO JAPAN, SOUTH KOREA AND TAIWAN Date: May 16-24, 2016 MISSION DESCRIPTION The United States Department of Commerce, International Trade Administration (ITA), is organizing an Executive-led Cyber-security Business Development Mission to Japan, South Korea and Taiwan. The purpose of the mission is to introduce U.S. firms and trade associations to East Asia s information and communication technology (ICT) security and critical infrastructure protection markets and to assist U.S. companies to find business partners and export their products and services to the region. The mission is intended to include representatives from U.S. companies and U.S. trade associations with members that provide cyber-security and critical infrastructure protection products and services. The mission will visit Japan, South Korea and Taiwan where U.S. firms will have access to business development opportunities across East Asia. Participating firms will gain market insights, make industry contacts, solidify business strategies, and advance specific projects, with the goal of increasing U.S. exports of products and services to East Asia. The mission will include customized one-on-one business appointments with pre-screened potential buyers, agents, distributors and joint venture partners; meetings with state and local government officials and industry leaders; and networking events. COMMERCIAL SETTING Cyber-security ensures realization and control of vital security properties of an organization s, as well as users, intellectual, financial, and infrastructure assets against relevant security risks in the cyber environment. In addition, critical physical infrastructure systems (i.e., safety, security, electrical, water, energy, and traffic management systems) essentially interact with, and cannot be separated from, the critical information infrastructure. With the ascending growth and sophistication of cyber-attacks in recent years, strict compliance and unified security packages are in demand to protect the critical data, infrastructure, and safety of governments, military, public utilities, banking, financial services, ports, hospitals, and other businesses. The damaging effects of cyber-threats can be felt on many levels from the business to the individual and can spill over across borders. Therefore, authorities in East Asia, such as Japan, Korea, and Taiwan, are currently dedicating an increasing amount of resources at the national level, as well as at the private sector level, in order to deal with these complex cyber threats. These resources have been well utilized as is evident from the innovations and demand for cyber defense equipment and service technologies. Recent events and well publicized cyber-attacks in the region have also heightened the importance of improving cyber-security protection. Governments have made cybersecurity a policy priority, creating task forces and engaging with the United States Government (USG) to improve their defensive capabilities in the cyber-security area. Recognizing that national and economic security depends on the reliable functioning of critical infrastructure, the U.S. National Institute of Standards and Technology (NIST) released the Cybersecurity Framework consisting of standards, guidelines, and practices for reducing cyber risks to critical infrastructure in February The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical

2 infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk. While the Framework was created in the United States, it provides important standards that have been adopted by industries across the globe and lays the groundwork by which governments have formulated their own framework. Private sector stakeholders have made it clear that the global alignment of cyber security protocol is important to avoid confusion and duplication of effort, or even conflicting expectations in the global business environment. These needs have been reiterated by multi-national organizations. Many countries in East Asia are currently considering adopting an approach that is compatible with the framework established by NIST. NIST has been holding discussions with several nations across the East Asia region, such Japan, Korean and Taiwan, making noteworthy internationalization progress in the cyber-security field. The potential adoption of important sections of NIST s Framework by industries such as healthcare, financial and critical infrastructure sectors across East Asia can facilitate convergence, adoption and internationalization of a common set of IT operation and security controls, which provides market access opportunities in Japan, Korea, and Taiwan to U.S. firms with cyber security expertise and solutions. Recent large scale data breaches are strong drivers for the adoption of strict data protection requirements across the region and recent revisions in privacy laws across the Asia-Pacific region should also be noted by cyber security firms. In Japan, efforts to update the country s data breach notification and privacy laws have nearly concluded their legislative development and should be in effect by the beginning of The updated Japanese law will include strict notification requirements as well as limitations on cross-border data flows. The new legislation will make it challenging for foreign firms to transfer data out of Japan for processing, but specific mechanisms for legal transfers such as the APEC Cross-border Privacy Rules systems are in place to securely move corporate and consumer data. Efforts are also underway to strengthen data breach laws and stiffen penalties for security failures in South Korea. Recent large scale data breaches are strong drivers for the adoption of strict data protection requirements across the region. Some nations are moving towards data localization in an effort to curb cyber breaches. While Taiwan has existing data breach laws and cross-border data flow restrictions, no notable efforts are underway to incorporate more restrictive legislation in the near term. Japan According to the International Data Corporation (IDC), the Japanese cyber-security market was estimated at $2.6 billion in 2014, with a growth rate of around 4.7%. That same year, IDC measured that the security software sector grew by 4.1% and was worth $2.1 billion, while the market for mobile applications rose by 7.5% to a value of $442 million. The IDC has also projected that from 2013 to 2018, Japan s Compound Annual Growth Rate (CAGR) will slow to about 4%. By 2018, the estimated value of the country s cybersecurity market is expected to reach $3 billion. The Japanese government revisited its cyber-security strategy in 2013, in response to growing threats to the country s critical security infrastructure. According to the current cyber-security strategy, Japan aims to double the size of its information security market by Moreover, several agencies within the cabinet of Prime Minister Abe see the potential for Japan to leverage its nascent resources in the cybersecurity realm to build a competitive, export-oriented technology and services field within the Japanese economy.

3 The 2020 Tokyo Olympics and Paralympic Games present Japan with particular vulnerabilities and challenges on the cyber-defense front, and thus also represent a special opportunity for U.S. exporters. The Japanese Government is increasingly aware of the scope of the potential threats its faces and the lag in its capabilities vis-a-vis the United States and other nations in this field, and has taken numerous organizational steps to redress the situation. The U.S. Embassy and the Commercial Service Japan team see opportunities for U.S. expertise and solutions and are actively looking to provide entree and support. The collaborative relationship between Japan and the United States in the areas of cyber-physical systems, cloud and network security has been a positive influence on market access. The United States, through NIST, has had a long standing information dialog (over 15 years) with Japan s Ministry of Economy, Trade and Industry (METI) that has enabled exchanging information about developments in documentary standards and conformity assessment. This dialog has also matured to enable more effective action through coordinated responses between NIST and METI on standard and conformity assessment issues of mutual interest. In partnership with Japan s Information-technology Protection Agency (IPA), NIST has worked closely with the Japanese government on cybersecurity, which has translated several NIST publications on cybersecurity to Japanese. This includes the Cybersecurity Framework from the President's Executive Order and several keystone NIST Special Publications. The United States and Japan held their first official government to government bilateral joint Cyber-Security Dialogue conference in May The second U.S.-Japanese Cyber-Security Dialogue conference was held in Tokyo in July The purpose of the U.S.-Japan Cyber Dialogue is to exchange cybersecurity information, align international cyber-security policies, compare national cyber-security strategies, cooperate on planning efforts to protect critical infrastructure, and discuss cooperation in the areas of cyber-security and national defense. Furthermore, the U.S.-Japanese Cyber Defense Policy Working Group (CDPWG), established in October 2013 by the Japanese Ministry of Defense and the U.S. Department of Defense, continues to promote cyber-security cooperation between both countries. The CDPWG joint statement in May 2015 reaffirmed the commitment to improving intergovernmental information sharing and operational coordination. Protecting critical infrastructure is a top priority for Japanese government. Japan has been developing polices that are focused on Critical Information Infrastructure (CII) since The third edition of the CII Action Plan (2014) was published by the Information Security Policy Council (ISPC) and identified thirteen key CII industry sectors: information and communication services financial services aviation services railway services electric power supply services gas supply services government and administrative services (including municipal government) medical services water services logistics services chemical industries

4 credit card services petroleum industries Japan is a major importer of U.S. goods because the country is a technological and economic powerhouse. There are opportunities for U.S. companies in cyber-security training and education. The country also has a growing need for highly skilled cyber-security personnel, many of whom are employed by U.S.-based firms. According to a government sponsored report published in 2013, it was estimated that the country needs some 80,000 cyber-security and defense specialists. Among the estimated 265,000 government-employed security personnel in Japan, roughly 60% require additional training or education to adequately perform their duties. The Ministry of Internal Affairs and Communications also plans to launch a national certification system for cybersecurity personnel in the spring of 2016 as part of efforts to foster experts across the public and private sectors. It is ultimately in the best interest of the United States to maintain a strategic cyber-security ally in the region, considering the frequency of cyber-attacks in East Asia. South Korea South Korea is a target for cyber-attacks due to the country s high network connectedness, advanced use of mobile devices, significant intellectual property and rapid economic growth. As of the 1 st quarter of 2015, around 95% of South Korea s population had internet access. According to Akamai, a U.S. based information technology cloud provider, South Korea has recently experienced a 25% growth rate in internet connection speeds. South Korea leads the world in mobile broadband penetration rate with over 110% of the population as of 1 st quarter of The Korean government projects that the speed of the internet will be 1,000 times faster by 2020, which will transform technological capabilities in the country and make Korea an ultra-connected nation. South Korea has recognized that cyber-security is an issue of national defense. Although the country boasts one of the world s most wired, fastest and most mobile IT infrastructures, it also has an insecure infrastructure that is vulnerable to cyber-attacks. The country has heightened security protocols in recent years, following several high-profile hacking cases. Hackers have previously targeted government agencies in South Korea, which has compromised sensitive information and endangered the welfare of government officials and civil employees. From June 25 through July , a series of cyber-attacks paralyzed 69 government offices, including the President s official website, and several other news outlets and public institutions. In 2014, critical information was stolen from one of the country s nuclear facilities. Though facility operators maintain that the cyber-attack was not as detrimental as initially perceived, it illustrates the vulnerability of security systems in the country. The frequency and gravity of cyber-attacks has therefore prompted the South Korean government to reevaluate its cyber-security strategy. There are three agencies in South Korea that are equipped to handle issues of cyber-security: the National Cyber-security Center, Korea Internet & Security Agency and the National Police Agency s Cyber Terror Response Center. These agencies are responsible for identifying, preventing and responding to cyber-attacks and security threats. In addition, the country recently announced that the government will create a new presidential post that will exclusively handle issues of cyber-security. The Blue House has since appointed the country s leading expert on cybersecurity as a Chief of the National Security Council. In this position, the Chief of the National Security Council oversees 15 different agencies and influences cybersecurity in the protection of land, sea and air. A school specializing in cyber-warfare was chartered with the intention of increasing the current 400

5 security experts to 5,000 experts by South Korea seeks to train more cyber-security experts in order to counter professional hackers in North Korea, which number at a purported 3,000. Recent talks between the United States and South Korea have focused on cyber-security. The U.S. has been a diplomatic ally of the country for decades, and stood behind South Korea after the government accused its military rivals of cyber-terrorism. The United States also partners with the Korean government and private sector experts in multi-lateral fora, to support the development of standards and conformity assessment tools. In May of 2015, Secretary of State John Kerry, along with key technology companies, visited the country and extensively discussed NIST s cyber-security framework and industry opportunities with South Korean officials. Kerry vowed to have an open dialogue with the country, and support South Korea s efforts to implement stricter cyber-security protocols. These include partnerships in organizations such as the International Organization for Standardization (ISO), the International Electro-technical Commission (IEC) and the International Telecommunications Union s Standardization Sector (ITU-T). Furthermore, cyber-security ties directly into US-led talks regarding nuclear proliferation across East Asia. NIST has also collaborated with the South Korean government on specific cyber security issues. Cyber-security in South Korea is therefore a major issue for the United States, which makes it a prime location for U.S. security firms. The convergence between ICT and other industries has posed serious security issues. Consequentially, the South Korean government is focused on implementing stricter protocols in order to combat said security issues. Since Korea is a major manufacturer of ICT products, automobiles and shipbuilding, there are opportunities to integrate cybersecurity products into new generations of these products. The Korean government plans to have an ultra-connected society by 2020, so cybersecurity is one of the most important elements in protecting economic and social assets. According to industry experts, the convergence security market is expected to grow to approximately $12.23 billion USD by 2018, which is triple the 2014 sum of $ 4.2 billion. The average annual is projected to be somewhere between 10 to 15% by There are a myriad of opportunities for U.S. firms in South Korea, considering the country s growing economy. Government agencies are the primary buyers of innovative technology products and system integration services. U.S. companies are encouraged to monitor government procurement plans and establish partnerships with prime Korean contractors. Government buying is strongly influenced by past sales track records, timely provision of parts and post sales service. Furthermore, both government and private sectors plan to significantly improve security systems in the country. Since Korea is one of the best ICT infrastructures in the world, it is therefore an ideal market for U.S. firms that seek to test cutting-edge cybersecurity technologies before deployment in other markets. Taiwan As of 2015, Taiwan s National Security Bureau (NSB) is in the process of establishing a cybersecurity branch. Though IT security teams are currently employed by the Ministry of Justice s Investigation Bureau and the Ninth Investigation Corp of the Criminal Investigation Bureau, the Ministry of National Defense s Office for Communications, Electronics and Information is the only department in Taiwan equipped to handle issues of cyber-security. Said issues have been a policy priority in Taiwan since 2001, as eight sectors have been defined as critical infrastructure. Considering recent security breaches and cyber-attacks, Taiwan has recognized that there needs to be an integrated

6 approach of government coordination, public and private-sector partnerships, as well as international cooperation for the promotion of cyber-security. Taiwan is extremely vulnerable to cyber-attacks, considering how Taiwan authorities are in the early stages of developing advanced security protocols. There have been several high-profile hacking cases in the past few years, as it is threatened by cyber-espionage from outside parties. Foreign companies have also been accused of infiltrating security systems in Taiwan over the past decade. Domestic companies, on the same token, are ill-equipped to handle system-wide security breaches. Taiwan authorities further maintain that all departments face the risk of cyber-attacks. Taiwan will formally begin to implement sweeping cyber-security reforms in 2013, with the first large-scale central cyber-security exercise. Taiwan wants to join the United States in the biennial Cyber Storm Drill, and seeks to establish partnerships with U.S. security firms in the cyber-security field. There are excellent prospects for U.S. cyber-security firms in Taiwan since authorities see the United States as a strategic ally in the cyber-security field. Taiwan has a thriving IT market and is a major trading partner with the U.S. Opportunities lie in the crisis management field, as the market size for information security in Taiwan has grown significantly over the past few years. There are also opportunities for firms specializing in data leakage prevention, information security solutions and security and vulnerability management software. Furthermore, U.S. companies specializing in IT service and security are in high demand. There are many U.S. cyber-security associations focused on protecting critical information and infrastructure in both private and public sectors, which can fulfill Taiwan s market demand. Taiwan authorities have also recognized how computer software development and service industries are the most promising sectors of the Taiwanese economy. Other Products and Services The foregoing analysis of the cyber-security opportunities in Japan, South Korea and Taiwan is not intended to be exhaustive, but illustrative of the many opportunities available to U.S. businesses. Applications from companies selling products or services within the scope of this mission, but not specifically identified, will be considered and evaluated by the U.S. Department of Commerce. Companies whose products or services do not fit the scope of the mission may contact their local U.S. Export Assistance Center (USEAC) to learn about other business development missions and services that may provide more targeted export opportunities. Companies may call , or go to to obtain such information. This information also may be found on the website: MISSION GOALS The purpose of this trade mission is to introduce U.S. firms to the rapidly expanding market for cybersecurity products and services in East Asia. The mission will help participating firms and trade associations to gain market insights, make industry contacts, solidify business strategies, and advance specific projects, with the goal of increasing U.S. exports to Japan, South Korea and Taiwan. By participating in an official U.S. industry delegation, rather than traveling to Japan, South Korea and Taiwan on their own, U.S. companies will enhance their ability to secure meetings in those countries and gain greater exposure to the region. MISSION SCENARIO

7 The business development mission will include one-on-one business appointments with pre-screened potential buyers, agents, distributors and joint venture partners; meetings with national and regional government officials, chambers of commerce, and business groups; and networking receptions for companies and trade associations representing companies interested in expansion into East Asian markets. Meetings will be offered with government authorities that can address questions about policies, tariff rates, incentives, regulations, projects, etc. PROPOSED TIMETABLE: *Note: The final schedule and potential site visits will depend on the availability of host government and business officials, specific goals of mission participants, and ground transportation. Sunday May 15 Trade Mission Participants Arrive in Tokyo Monday May 16 Tuesday May 17 Wednesday May 18 Thursday May 19 Friday May 20 Saturday- Sunday May Monday May 23 Welcome and Country Briefing (Japan) One-on-One business matchmaking appointments Networking Lunch One-on-One business matchmaking appointments Networking Reception at Ambassador s residence (TBC) Cabinet and Ministry Meetings National Center of Incident Readiness and Strategy for Cybersecurity (NISC) Networking Lunch One-on-One business matchmaking appointments or Ministry Meetings Travel to Korea Welcome and Country Briefing (Korea) One-on-One business matchmaking appointments Networking Lunch One-on-One business matchmaking appointments Networking Reception at Ambassador s residence (TBC) Ministry Meetings Networking Lunch One-on-One business matchmaking appointments or visit to Government Cyber- Security Center Travel to Taiwan Welcome and Country Briefing (Taiwan) One-on-One business matchmaking appointments Networking Reception at AIT Director s residence (TBC)

8 Tuesday May 24 Wednesday May 25 Cabinet and Ministry Meetings with selected delegates Sightseeing tour (optional, paid by delegates) Trade Mission Participants Depart PARTICIPATION REQUIREMENTS All parties interested in participating in the trade mission must complete and submit an application package for consideration by the DOC. All applicants will be evaluated on their ability to meet certain conditions and best satisfy the selection criteria as outlined below. A minimum of 15 and maximum of 20 firms and/or trade associations will be selected to participate in the mission from the applicant pool. FEES AND EXPENSES After a firm or trade association has been selected to participate on the mission, a payment to the Department of Commerce in the form of a participation fee is required. The participation fee for the Business Development Mission will be $ for small or medium-sized enterprises (SME) 1 ; and $ for large firms or trade associations. The fee for each additional firm representative (large firm or SME/trade organization) is $1,000. Expenses for travel, lodging, meals, and incidentals will be the responsibility of each mission participant. Interpreter and driver services can be arranged for additional cost. Delegation members will be able to take advantage of U.S. Embassy rates for hotel rooms. EXCLUSIONS The mission fee does not include any personal travel expenses such as lodging, most meals, local ground transportation, and air transportation from the U.S. to the mission sites, between mission sites, and return to the United States. Business visas may be required. Government fees and processing expenses to obtain such visas are also not included in the mission costs. However, the U.S. Department of Commerce will provide instructions to each participant on the procedures required to obtain necessary business visas. CONDITIONS FOR PARTICIPATION An applicant must submit a completed and signed mission application and supplemental application materials, including adequate information on the company s products and/or services, primary market objectives, and goals for participation. If the Department of Commerce receives an incomplete application, the Department may reject the application, request additional information, or take the lack of information into account when evaluating the applications. Companies must provide certification that its products and/or services are being manufactured or produced in the United States or, if manufactured/produced outside of the United States, its products and/or services are marketed under the name of a U.S. firm and have U.S. content representing at least 51 percent of the value of the finished good or service. In the case of a trade association or trade 1 An SME is defined as a firm with 500 or fewer employees or that otherwise qualifies as a small business under SBA regulations (see opportunities/sizestandardstopics/index.html). Parent companies, affiliates, and subsidiaries will be considered when determining business size. The dual pricing reflects the Commercial Service s user fee schedule that became effective May 1, 2008 (see for additional information).

9 organization, the applicant must certify that, for each company to be represented by the trade association or trade organization on the mission, the products and services the represented company seeks to export are either produced in the United States or, if not, marketed under the name of a U.S. firm and have at least fifty-one percent U.S. content. The following criteria will be evaluated in selecting participants: Suitability of the company s (or in the case of a trade association/organization, represented companies ) products or services to the mission goals and the markets to be visited as part of this trade mission. Company s (or in the case of a trade association/organization, represented companies ) potential for business in each of the markets to be visited as part of this trade mission. Consistency of the applicant s (or in the case of a trade association/organization, represented companies ) goals and objectives with the stated scope of the mission. Balance of company size and location may also be considered during the review process. Referrals from political organizations and any documents containing references to partisan political activities (including political contributions) will be removed from an applicant s submission and not considered during the selection process. TIMELINE FOR RECRUITMENT AND APPLICATIONS Mission recruitment will be conducted in an open and public manner, including publication in the Federal Register, posting on the Commerce Department trade mission calendar ( and other Internet web sites, press releases to general and trade media, direct mail, notices by industry trade associations and other multiplier groups, and publicity at industry meetings, symposia, conferences, and trade shows. Recruitment for the mission will begin immediately and conclude no later than March 4, The U.S. Department of Commerce will review applications and inform applicants of selection decisions periodically during the recruitment period beginning August 17, All applications received subsequent to an evaluation date will be considered at the next evaluation. Applications received after March 4, 2016, will be considered only if space and scheduling constraints permit. CONTACTS Gemal Brangman Project Officer U.S. Department of Commerce Washington, DC Tel: Fax: Gemal.Brangman@trade.gov Erick Kish Commercial Attaché US Embassy Tokyo U.S. Department of Commerce

10 Tel: Doug Jacobson Commercial Attaché U.S. Embassy Seoul, Korea U.S. Department of Commerce Tel: Henley Jones Commercial Officer American Institute in Taiwan US Department of Commerce Tel: +886 (2) ext.386

11