Are manufacturing businesses doing enough to protect intellectual property?
Intellectual property (IP) plays an...
Intellectual property is the lifeblood of innovation, but are manufacturing businesses doing enough to protect it?
Intellectual property (IP) plays an essential role in innovation in the manufacturing sector, with new ideas fuelling continued progress in many different areas of the economy. Information is a real commodity, of interest to competitors and third parties and has a high profile on a wide scale, particularly shown by recent interest around Huawei.
Some businesses believe that their IP isn't of much interest to anyone outside of their business, and that their competitors aren't a concern. However, what if the IP was simply harvested via a third-party, who picked it up as part of a wide scale security breach, and then sold on the dark web or to targeted firms internationally? Even if your IP isn't of much interest in terms of flat-value, it causes other issues, including reputational damage. It can also bring significant financial penalties through regulatory breaches, i.e. GDPR and Sarbanes-Oxley.
IP theft is on the rise, and the threat landscape is way beyond the old days of targeted corporate espionage. There are potentially tens of thousands of entities who want a business’s data and can profit from it, one way or another. This undercuts the potential success of its rightful owners and damages the future of the business. The good news, however, is that there are several strategies which can be deployed to protect IP, and these lessons can be applied across the entire business.
Ideas under attack
The first step of this process is understanding the nature of security threats to IP. Technological development and the interconnected nature of the digital world has made IP theft far easier than ever before, especially given that the majority of security breaches that go undetected.
The most common strategy employed by an IP thief is spear phishing, which involves using fake emails and other messages to lead a target to leak information, take detrimental action, or to open a security hole that allows the malicious third-party access to a corporate system. They can then see the network landscape, find vulnerabilities, and exploit them to view and steal intellectual property.
Other less common methods are also used such as zero-day vulnerability exploitation, which involves taking advantage of a vulnerability in software code that has been identified but not published widely and thus hasn’t been security patched. Additionally, ‘man in the middle’ attacks are widely used and occur when hackers insert themselves between the communications of a client and a server (typically over a wireless connection), allowing the interception of these transmissions while password attacks, involve obtaining passwords to gain relatively simple access to a company’s system.
These advanced persistent threats (APTs) can go unnoticed for months, and even years, giving hackers the ability to harvest information on an ongoing basis. Manufacturing companies can repeatedly go through entire design cycles, believing that their innovation is private and protected, while it is actually being illegitimately viewed all along.
APTs are hard to detect because most antivirus software depends on lists of known malicious software (malware), but advanced attackers can often adapt their techniques to circumvent security measures, ensuring their malware isn’t added to these lists. Most businesses only realise they are falling victim to an APT thanks to a third party, such as a partner, security consultant, or law enforcement agency, who brings it to their attention.
It’s also important to remember information accessed outside of the controlled network, such as personal devices connected to corporate systems. Businesses must make sure sensitive information isn’t being left on printers or simply dropped in a paper bin. If you want to breach a company, being on the cleaning staff is an easy way to get access.
Defending against thieves
The threats facing IP are clearly significant, but there are steps which can be taken to effectively repel attackers and minimise the risk that innovative ideas are stolen. Identifying and assessing IP and continuously updating a catalogue of all valuable information should be the first port of call. It’s also important to look at where and how it is stored, how it’s transferred within a company network, and crucially, who has access to it.
The next step is to ensure that any information categorised as IP, or potentially valuable to competitors or cyberthieves, is afforded higher levels of protection than standard data. In short, businesses should be considering all of the threats to that information and then assigning controls to those risks. This can include encryption, time-limited access, multi-factor authentication, data leak prevention, security incident management, and much more.
It’s also essential to develop and test an incident response strategy. This should include operational processes such as identifying how a breach has occurred, assessing its impact, recovering systems and data, and communicating with key parties. Businesses should nominate a response team comprising of IT, Legal, Operational, PR/Marketing, HR and Risk Management personnel, who will each take responsibility for different areas of this strategy. It’s important to test this plan at least once a year and update it in line with any significant changes to the business, such as new technology or additional locations.
Finally, businesses should also be prepared to work collaboratively with law enforcement, sharing what they know about the breach. Regardless of whether IP was stolen by a criminal gang, in a state-sponsored attack or by a competitor, the business is a victim of a crime.
But beyond technological defences, there are additional steps that can be taken to benefit the business. Educating employees on a continual basis about threats such as spear phishing and social engineering can entrench a healthy scepticism and critical approach which can not only prevent IP theft, but cyber breaches of any kind. This also applies to protecting customer data, which has taken on increased prominence thanks to the recent introduction of the General Data Protection Regulation (GDPR).
Above all else, instilling a positive attitude towards continuous vigilance and process improvement will deliver significant day-to-day benefits for a manufacturing business, which will extend far beyond protecting IP. Defending innovative ideas is vital, but it doesn’t have to be done in isolation. Instead, it should form part of a broader IT security strategy that continually evolves and develops. A good way to ensure this continual improvement is to invest in implementing the ISO 27001 standard – not doing so could be considered negligent in the current climate.
Robert Rutherford is the CEO of IT consultancy QuoStar
Siemens: Providing the First Industrial 5G Router
Across a number of industry sectors, there’s a growing need for both local wireless connectivity and remote access to machines and plants. In both of these cases, communication is, more often than not, over a long distance. Public wireless data networks can be used to enable this connectivity, both nationally and internationally, which makes the new 5G network mainframe an absolutely vital element of remote access and remote servicing solutions as we move into the interconnected age.
Siemens Enables 5G IIoT
The eagerly awaited Scalance MUM856-1, Siemens’ very first industrial 5G router, is officially available to organisations. The device has the ability to connect all local industrial applications to the public 5G, 4G (LTE), and 3G (UMTS) mobile wireless networks ─ allowing companies to embrace the long-awaited Industrial Internet of Things (IIoT).
The router can be used to remotely monitor and service plants, machines, as well as control elements and other industrial devices via a public 5G network ─ flexibly and with high data rates. Something that has been in incredibly high demand after being teased by the leading network providers for years.
Scalance MUM856-1 at a Glance
- Scalance MUM856-1 connects local industrial applications to public 5G, 4G, and 3G mobile wireless networks
- The router supports future-oriented applications such as remote access via public 5G networks or the connection of mobile devices such as automated guided vehicles in industry
- A robust version in IP65 housing for use outside the control cabinet
- Prototypes of Siemens 5G infrastructure for private networks already in use at several sites
“To ensure the powerful connection of Ethernet-based subnetworks and automation devices, the Scalance MUM856-1 supports Release 15 of the 5G standard. The device offers high bandwidths of up to 1000 Mbps for the downlink and up to 500 Mbps for the uplink – providing high data rates for data-intensive applications such as the remote implementation of firmware updates. Thanks to IPv6 support, the devices can also be implemented in modern communication networks.
Various security functions are included to monitor data traffic and protect against unauthorised access: for example, an integrated firewall and authentication of communication devices and encryption of data transmission via VPN. If there is no available 5G network, the device switches automatically to 4G or 3G networks. The first release version of the router has an EU radio license; other versions with different licenses are in preparation. With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and autoconfiguration of the devices,” Siemens said.
Preparing for a 5G-oriented Future
Siemens has announced that the new router can also be integrated into private 5G networks. This means that the Scalance MUM856-1 is, essentially, future-proofed when it comes to 5G adaptability; it supports future-oriented applications, including ‘mobile robots in manufacturing, autonomous vehicles in logistics or augmented reality applications for service technicians.’
And, for use on sites where conditions are a little harsher, Siemens has given the router robust IP65 housing ─ it’s “dust tight”, waterproof, and immersion-proofed.
The first release version of the router has an EU radio license; other versions with different licenses are in preparation. “With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and auto-configuration of the devices,” Siemens added.