U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

  1. Home
  2. News
  3. Speeches

Was this page helpful?

Remarks by Deputy Secretary of Commerce Don Graves at the U.S.-Korea Cybersecurity Cooperation Forum

AS PREPARED FOR DELIVERY

Thank you, Andrew, for the kind introduction, and thank you, Second Vice Minister Park, for being here today and for co-hosting this important forum.

The Ministry of Science and ICT is one of the U.S. Department of Commerce’s primary Korean partners, cooperating and consulting with us in a range of areas, from cybersecurity standards to semiconductor R&D, telecommunications, and the digital economy.

I also want to recognize the executives of 15 top U.S. cybersecurity firms that have joined our Department of Commerce Cybersecurity Trade Mission to Korea. I would like to ask the delegation members to briefly stand so everyone here can see who you are. Thank you.

I know the delegation is interested in learning more about the cybersecurity market in Korea, opportunities to enter the market and pursue contracts, identify business partners, and perhaps establish operations here to sell, service, and meet the needs of customers in a range of sectors.

Please take the time today to meet the delegation members – they and their companies, and their products and services, are very impressive, and they are eager to meet you.

Today’s topic – cybersecurity – is timely and important to both the U.S. and Korea’s national security; the economic security of our private sectors and workers; and the livelihoods, security, and privacy of our citizens, their data, and their finances.

For many individuals and small businesses, the costs of paying for cybersecurity can seem too high. But the consequences that come from being hacked and losing meaningful, sensitive content can be catastrophic. For a small business, this content could be critical to their operations – like the taking and fulfilling orders – and to the salaries and livelihoods of their workers. 

For large companies, particularly those that invest millions or even billions of dollars in R&D on the next blockbuster drug or electric battery, competitors, criminals, and foreign adversaries may seek out cyber vulnerabilities to steal, exploit, and use to gain market dominance.

And for governments and their national security agencies, which typically require the most sophisticated cybersecurity protocols to protect lives, diplomatic communications, and defense secrets, the weakest link can instantly threaten the health, unity, and security of the country.

From seaports, airports, and power generation and distribution systems to water filtration plants, the security of our infrastructure is what we require to function from day to day. But many of these systems rely on outdated operating systems, software, and security protocols. And because our infrastructure is interconnected, one company’s security can be undermined by another company’s weaker security protocols down the grid, or perhaps upstream.

When President Yoon was in Washington in April, he and President Biden signed the U.S.–Korea Strategic Cybersecurity Cooperation Framework. The Framework recognizes these risks and commits us to talking, as we are doing here, and sharing, identifying, and jointly addressing cyberthreats that put not only the United States and Korea at risk, but other partners as well.

The Department of Commerce is also eager to share the Cybersecurity Framework 2.0 draft from our National Institute of Standards and Technology, or NIST, which is replacing an earlier, 2018 version. The NIST Framework provides standards, guidelines, and best practices to help industry, government agencies, and other organizations reduce their cybersecurity risks.

While created by the U.S. government, its approaches and recommendations can equally help foreign governments and companies alike.

Its scope has expanded — explicitly — from protecting critical infrastructure, such as hospitals and power plants, to providing cybersecurity for all organizations regardless of type or size.

And in our post-COVID world, it now includes added emphasis on Cybersecurity Supply Chain Risk Management, highlighting the importance of risks associated with the distributed and interconnected nature of product and service supply chains.

I look forward to discussing the NIST Cybersecurity Framework 2.0 with my Korean counterparts during my visit to see how we can  share and learn from our respective national cybersecurity strategies, implementation plans, and standards.

As hackers and criminals know, no national strategy is perfect – a point they freely exploit. But by learning from, and leveraging our respective best practices, from cryptography standards to identity verification, we can collectively strengthen both national and global cybersecurity postures that will benefit governments, the private sector, and citizens alike.

As you continue to discuss how we can work more closely together – both government to government and private sector to private sector – to address cybersecurity, remember: while cybersecurity provides a competitive advantage to those companies and institutions that best employ the best cybersecurity practices to deter, monitor, identify, and eliminate threats, we all benefit when cyberthreats and criminals can no longer hold any individual, company, or government hostage.

The global threats of today require us to redouble our efforts to share, cooperate, research, and explore current and emerging cyber threats together, recognizing that our collective efforts will be more effective in defeating both the cyberthreats of today, and those threatening our tomorrow, than our individual work.

I apologize in advance that following my remarks and those of Second Vice Minister Park, we will need to excuse ourselves for a bilateral meeting to discuss how we can increase our cooperation to collectively strengthen both national and global cybersecurity postures.

As the group here continues its discussion, let’s all consider the reality that cyberthreats cross borders – and so, too, must our willingness to partner with one another to enhance our respective cybersecurity capabilities and keep our systems resistant and resilient to cyberthreats.

Let’s take advantage of the Cybersecurity Business Development Mission that I am leading to gain a better understanding of, and to consider how best to integrate, the world-class cybersecurity products and services that our respective private sectors offer as a means of strengthening American and Korean capabilities.

Thank you for being here today, and I look forward to meeting many of you at the reception that is being held for our Cybersecurity Trade Delegation at the end of the program.