Intellectual Property (IP) theft, including industrial trade secrets, is one of the costliest security breaches costing the U.S. economy, which is between US$225 billion and US$600 billion annually. Most IP forms are stored as IP-rich data via digital mediums, including cloud platforms, servers, and laptops. ABI Research, a global technology intelligence firm, forecasts that manufacturing Internet of Things (IoT) connections will increase by a CAGR of 53% globally, significantly expanding the vector of attack to obtain IP-rich data. While this is a potential opportunity for cybersecurity vendors, they must explicitly showcase that their usual IT/OT solutions can also help protect IP. Vendors that provide Identity and Access Management (IAM) or those providing encryption services contribute to IP security but need to emphasize that IP security is embedded in their solutions.
“In the manufacturing sector, IP breaches happen in three stages, namely during design, production, and post-manufacturing when a product is in the market and can be reverse-engineered, jailbroken, or copied. Most breaches happen via access to compromised data. Companies with higher R&D spending should especially be vigilant. A few clicks can neutralize many years of costly research to benefit from the first mover advantage. With the embrace of Industry 4.0 comes opportunities and threats, including an expansion of cyberattacks. Manufacturing IoT connections increase exposure to IP theft by contributing to more points of entry and expanding the attack surface. In such an environment, cybersecurity providers act as IP gatekeepers by securing sensitive data,” says Michael Amiri, Senior Industrial Cybersecurity Analyst at ABI Research.
Protecting sensitive data is a primary strategy for protecting IP. Protecting data can be achieved by identifying, managing access, and encrypting sensitive data. Vendors like Spirion discover and classify sensitive data, while others like Utimaco or Thales encrypt critical data. “Encryption is a very effective tool to protect IP, especially when IP is on the cloud and shared between a host of users. But encrypting all data and servers could impede workflows. More importantly, encryption does not work against insider threats, as we saw in the Edward Snowden case. All he needed was the required credentials to access the encrypted files. Case in point to why access management is so important for securing sensitive data,” Amiri stresses. Data protection providers, such as Fasoo, secure sensitive data by applying document rights policies to control data in use. “The best way to protect sensitive data is to limit the data to those who need the data the most, and even then, to deploy zero-trust strategies,” he adds.
After the production phase, other measures need to be adopted to secure IP. This is especially important because when counterfeit products enter a product line, they cause subpar final production, resulting in serious financial and reputational loss. An array of anti-counterfeiting technologies such as DNA and glue coding, laser engraving of parts, security threads, anti-alteration devices, and Radio-frequency identification (RFID) will help avoid this. In digital products, confidential computing technology protects data by leveraging a Trusted Execution Environment (TEE) in a Protected Central Processing unit (CPU), thus protecting business logics, algorithms, and analytics functions. Confidential computing is especially useful in protecting proprietary software and can be used to secure IP in gaming and software technologies. Authentication Integrated Circuits (IC) are another form of verification typically used in printers, where an embedded IC allows only authentic ink cartridges to work with the machine. Rambus’ CryptoFirewall Anti-Counterfeiting System provides another layer of security by delivering chip anti-tamper protection that secures printing machines against counterfeit ink cartridges. Authentication ICs are increasingly used in other products, such as smart home devices and charging stations, to authenticate car batteries.
“Securing IP in industrial settings is increasingly related to cybersecurity, data management, and securing chips design. Counterfeiters will still try to reverse engineer molds and steal industrial equipment designs, but the shift toward Industry 4.0 means data is the main driver of IP theft. Molds can be made in the United States or Europe instead of China to secure them, but internet connections can’t be shut down and brought back to the United States,” Amiri concludes.