eBook - ePub
Cyber Risk, Intellectual Property Theft and Cyberwarfare
Asia, Europe and the USA
Ruth Taplin
This is a test
- 152 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Cyber Risk, Intellectual Property Theft and Cyberwarfare
Asia, Europe and the USA
Ruth Taplin
Book details
Book preview
Table of contents
Citations
About This Book
The desire to steal the intellectual property (IP) of others, be they creative individuals or company teams working in patent pools to create new innovations, remains the same. Political methods have become more sophisticated in terms of devaluing the output of creative humans by creating open- source access, which can be taken freely by all and sundry. What has changed is the new cyber- based technology that allows increased theft of IP. Likewise, warfare for geo- political imperatives is not new but sophisticated cyber- based methods that can actually carry out infrastructural damage through cyberspace are new and are accordingly termed cyberwarfare. How cyber strategies are used in IP theft and cyberwarfare in relation to new complex digital technology such as the Internet of Things (IoT) is explored in relation to particular essential sectors in the economy: marine, smart energy power grids and insurance. Country- specifi c studies based on either being the recipient or perpetrator (or both) of cyberattacks provide analysis in relation to Japan, China and North Korea, Russia, Europe (the UK in particular), Iran and the USA.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Cyber Risk, Intellectual Property Theft and Cyberwarfare an online PDF/ePUB?
Yes, you can access Cyber Risk, Intellectual Property Theft and Cyberwarfare by Ruth Taplin in PDF and/or ePUB format, as well as other popular books in Law & Intellectual Property Law. We have over one million books available in our catalogue for you to explore.
1Introduction
The desire to steal the intellectual property (IP) of others, be they creative individuals or company teams working in patent pools to create new innovations, has not changed. Political methods have become more sophisticated in terms of devaluing the output of creative humans by creating open-source access,1 which can be taken freely by all and sundry. There was furore, for example, after an Open Access Library opened in San Francisco, California that on its own accord stocked well-known books without author permission or intention to recognise or compensate the authors with royalties. It was only when the biggest name authors threatened to sue that it took notice. This also happens with well-known inventors. The renowned British inventor James Dyson won ÂŁ4 million from Hoover, a vacuum cleaner competitor,2 for infringing a Dyson patent, but believes he would have lost the case if his company had been smaller. The other major way to deprive creative people of their rewards for original thinking and innovativeness is through cyberattack, which is on the increase globally and needs to be addressed as this book does. The theft of IP through cyberattack for whatever motivation must not be underestimated. In fact, the new âtsarsâ of the digital age such as those who founded Napster, Facebook and Google wish to have the same control or even more than the corporate capitalists they criticise when it comes to profiting from content creators and the creative process. Sean Parker who founded Napster was one of the earliest examples of someone who created software that digitally extracted the music content of CDs and allowed up to 70 million users to share it on computer networks for free. Parker knew he was breaking copyright law and stealing IP from music content creators. Eventually record companies filed a legal challenge to this blatant copyright infringement and shut Napster down in July 2001. Sean Parker had no regrets becoming a convicted corporate hacker revelling in the fact that he was the inventor of the first technology to steal IP. As shown in the film The Social Network (about Facebook), Parker was eventually appointed President of Facebook by Mark Zuckerberg, the founder of Facebook. Larry Page, the founder and CEO of Google, never had the talent to become a saxophonist or a composer of music so he moved to computer science eventually founding Google. When setting up the governance of this digital corporation Page and his partner at Google Sergei Brin, organised a two-tier stockholder system in which they had ten times the voting power of those who bought publicly offered shares. As Page explained in his first letter to shareholders, ânew investors will fully share in Googleâs long-term economic future but will have little ability to influence its strategic decisions through their voting rightsâ. The underlying philosophy seems to be that it is fine to take creative content without asking permission as Google copied the entire content of the world wide web and indexed it without asking anyoneâs permission. This all follows on from Pageâs initial creation of software to extract music content from CDs infringing copyright and stealing IP without permission from anyone.3
It is not surprising then that hackers and proponents of digital-age corporations such as Napster, Facebook and Google find the stealing of IP and denying the genuine creators of content royalties a natural course of events in the same way as those who support open access. These tendencies are related to other web-based social malaise such as not respecting the private nature of data collection or the interference in the outcomes of elections. This has led to the founder of the world wide web Sir Tim Berners-Lee to battle âdigital dystopiaâ and call for greater regulation and certain standards to be instituted. In November 2019 he proposed through his World Wide Web Foundation a Contract for the Web that would stop election interference by foreign powers, hate speech, abuse of privacy and disinformation.4
As my Managing Cyber Risk in the Financial Sector book noted, when planning to mitigate cyber risk the centre of the enquiry should not be prevention based on statistical modelling or solely on IT packages but on the human-based variables. Hackers cannot steal IP or alter GPS systems connected to ship navigation without human ignorance/error, collusion, grudges, greed, malice and geo-political imperatives. Therefore, it is important to understand not only how the technology works, such as the multi-connections of Internet of Things (IoT) devices that allow through interconnectivity so many more ways for hackers to exploit the weaknesses in so many connections to enter the cyber system, but also it is essential to understand the human motivation for the hacking. It is also crucial to look internally in an organisation to find those with a motivation to carry out cyberattacks to undermine the system without being caught. In an increasingly complex world and particularly with cyberwarfare, we must assess the motivations of the very human global players behind the cyberattacks. Likewise, in a company it is essential to train staff and customers as well as managers in SME supply chains. Those that supply goods to the larger companies are the weakest links because of their lack of human resources. Larger companies are usually the best prepared to counter cyberattack because of an abundance of resources, both human and technological due to economy of scale.
IP theft
As Mike Pompeo, the US Secretary of State noted5 in relation to the current trade problems with China, IP theft is at the heart of most cyber risk/attack problems. âChina steals intellectual property for military purposes,â he said. âIt wants to dominate AI, space technology, ballistic missiles and many other areas.â
This could not be a truer statement as my research visit in March/April 2019 to Japan for this book showed that the greatest cyber risk/attack issues revolve around IP theft. A Japanese survey that took place in 2018 and was published the following year by the prestigious Institute for International Socio-Economic Studies (IISE) showed IP theft to be highest in Japan when looking at institutional targets of cyberattack â 25% in Japan compared to 10% in Asia as a whole and 12% globally. This is why we focus on Japan in this book as IP theft is extraordinarily high. Globally, IP theft is highest in the US, the UK and Western Europe. According to this IISE survey, business interruption (BI) was the main target of cyberattacks on organisations, globally at 30%, in Asia at 27%, while in Japan at 17%. These differences are very significant for assessing the reasons why IP theft is under-studied and why its impact targets few but economically significant countries with often crippling effects. BI can also be crippling for business and government organisations but can be restored, while theft of IP cannot be regained without devastating effects for the organisation or individuals.6 Interestingly, the occurrences of targeted cyberattack for geo-political or state reasons is at 6% for Japan and Asia and 5% globally, which is much less significant compared to the media attention it receives.7 Yet, in industries such as the maritime sector or insurance, which are global in nature due to international trade, state/geo-political cyberattacks are increasing.
IP vulnerability
It is the intangible aspects of IP that makes it so vulnerable to cyber risk and attack affecting business and trade relations worldwide. It can operate at a number of levels and in all types of industries as this book will demonstrate. Levels include industry, government, military defence establishments and businesses of all sizes. The geo-political, trade sectors and finance including banking and insurance are all prey to this 21st-century digital-age menace. Some industries are more prone to IP theft, cyberattack and potential/variants of cyberwarfare, often in unexpected ways, such as shipping, national grids, defence systems and retail banking systems. Examples as in previous books are mainly from Japan, Europe and the USA but in terms of the shipping sector, for instance, it can occur anywhere in the world because of global trade routes.
Cyber risk/attack and IP theft are very broad topics that touch most aspects of our lives but often most of us are not even aware of them or the remedies for dealing with them occurring at all different levels. For example, in the insurance industry, which through underwriting should cover a wide range of cyber risk, is only now dealing with silent cyber risk. Two new London Market model clauses to help underwriters manage cyber losses have been published by the International Underwriting Association (IUA). The wordings have been developed in order to address issues of non-affirmative or âsilentâ cover, where traditional insurance policies may unintentionally suggest protection for undefined cyber risks. The importance of wordings cannot be underestimated as explained in my presentation book launch of Managing Cyber Risk in the Financial Sector in the City of London on 16 March 2016 supported by the IUA. I stated that:
Insurers were left in a difficult position because of the dearth of facts and detail. We are dealing with a new phenomenon where people do not even know the language to use to describe cyberattack, and how can you deal with something when you do not share a common language?
Since then definitions of cyber words used in insurance documents have moved forward.8
First, a Cyber Loss Absolute Exclusion Clause (reference: IUA 09-081) provides market participants with an option to exclude in the broadest possible manner any loss arising from the use of a computer system, network or data â each of which is clearly defined. Meanwhile, a Cyber Loss Limited Exclusion Clause (reference: IUA 09-082) enables only the exclusion of losses directly caused by cyber events, rather than âdirectly or indirectlyâ.
Chris Jones, IUA director of legal and market services, said:
These two new model clauses provide broad policy exclusions which may be utilised as a starting or reference point for underwriters offering cover for traditional business classes that may include an element of cyber risk. By developing class-specific write backs insurers can then explicitly state the extent of any cover provided for such losses.
Both clauses were developed in response to concerns expressed by the Prudential Regulation Authority (PRA) about potentially unintended or unclear provision of coverage for cyber risks in various classes of insurance business. The issue was addressed by the regulator in a November 2016 consultation paper (âCyber insurance underwriting riskâ) and subsequent policy statement (PS 15/17). Companies were urged to actively manage their exposures by considering adjustments to premiums, robust wording exclusions and specific limits of cover.
Mr Jones added:
Silent cyber cover creates uncertainty for both insurers and clients and has been a hot topic in the London company market for some time now. Increasing regulatory scrutiny has, of course, further highlighted the issue, but IUA members have been considering different approaches even before it was first raised by the PRA.Many traditional policies were designed when cyber wasnât a major risk and often do not...