CAD and Intellectual Property Protection in the Supply Chain

Theft of trade secrets is more topical than ever. According to the United States Government, theft of American IP currently costs between $225 billion and $600 billion annually, and part of this stems from cyber attacks.

Technical documentation and CAD designs more shared than ever

The current trend in automation and data exchange in manufacturing technologies are responsible for the major transformation of the industrial sector known as Industry 4.0. The basis of the new smart industry entails thorough automation of factories, digitalization of the production processes and new communication channels. This increases the possibility of organized cyber-attacks since information that used to be kept inside the network security perimeter is now shared with various external systems and agents. R&D investment in this sector is more important than ever before due to the rate of change and the need to adapt to the new environment. Digitalisation also means that there are more and more data in digital format that must be shared not only internally but also with partners, subcontractors, etc. The challenge is to maintain optimum communication processes while ensuring that the company’s intellectual property is safeguarded.

Industrial trade secrets. In the crosshairs of cyber attacks

Just in Europe there are about 2000 companies specialized in manufacturing that employ more than 30 million people directly. The sector is particularly prolific in terms of patenting and R&D. If we look at how data leaks occur in companies, we see that a large part of them come from external suppliers (see Forrester’s Global Business Technographics Security Survey). Through a targeted attack on a partner, or through a security incident at a supplier, our information can be left unprotected, even though we have put in place measures within our organization to secure our working environment. According to the “Data Breach Investigations Report” published by Verizon, in the manufacture/industry sector the main actor behind an information leak is in 93% of the cases an attacker who comes from abroad to attack our company or a supplier, partner, etc., motivated by reasons of espionage in 94% of the cases. In fact, the most common type of data, in 91%, stolen in this sector is Intellectual Property and industrial secrets. It is a complex sector, companies collaborate with a wide variety of suppliers and customers and intellectual property has to travel outside the company. We can have visibility into what is happening with the data within the organisation, but this is much more complicated when it comes to tracing access to our information or protecting it throughout the supply chain. IP leakage is more topical than ever with accusations between different countries of IP theft. According to this Forbes article, the U.S. government, foreign theft of U.S. intellectual property costs between $225 million and $600 million annually, and some of this is derived from cyber attacks. We have also seen a huge global controversy in recent weeks over the possible theft of intellectual property from Covid-19 vaccine research, with the US, UK and Canada directly targeting Russian hackers. In this context, it is critical to protect the intellectual property stored in digital format inside are outside the organization. The sensitive information can be found found in various formats, from Word, Excel or PDF to images and, of course, CAD designs. A good deal of the company’s intellectual property is found in 2D and 3D CAD designs that must be shared both internally and with external collaborators. Protecting this information is vital to avoid the risk of leaks due to internal or external threats. Customers expect that the information they share with their manufacturing and engineering suppliers will meet their information access control and protection criteria. A data-centric protection approach will comply with the strictest audit and protection policy criteria imposed by your customers.

What type of industrial information is at risk?

The following are examples of practical cases in which the data generated by manufacturing, energy, automotive and engineering companies etc. must be protected:

• Support documentation containing details of components, that are exchanged with customers, suppliers or manufacturing partners.
• Results from research that could be patented and we store in every type of digital formats (Word, Excel, PDFs, etc.).
• CAD designs created in tools such as AutoCAD, Dassault Systemes SolidWorks, Siemens NX, SolidEdge, etc., that contain details of components and are shared with internal and external recipients.
• Data related to processes that may be exchanged with distributors in various markets.
• Proposals made to customers to compete with other companies and which contain sensitive information on the company’s competitive advantages.
• Internal quality guidelines that contain know-how related to company’s production processes.
• Compliance with customers’ protection audits and policies, ensuring that the data they share with you are audited and protected by access control.

Download our Datasheet of Data Security in a company in the industrial sector.

“What makes SealPath very interesting is the possibility of revoking the privileges of user access to any file when it is no longer necessary, remotely and wherever the copy of that file is stored” Vittorio Cimin. IT Manager – Bricofer

 

What can we do to protect our more sensitive files?

Below, we outline 6 steps that can be taken to protect our intellectual property and CAD files in our organization and throughout the supply chain: 1) Protecting intellectual property information sent by email to collaborators: One of the main forms of data sharing remains email. We continually send attachments with sensitive information to subcontractors, prospects, partners, etc. Applying rules to emails and attachments that allow us to control who accesses them, when, with what permissions (e.g. only viewing, editing, but not copying and pasting or printing, etc.) will help us keep our data under control, even if it is in the hands of the recipient. 2) Protect CAD designs and documentation in information repositories: In every company, sensitive documentation is stored in repositories such as File Servers, SharePoint, OneDrive, Box, Office 365, etc. Even if access controls are applied to the folder, we know that once downloaded we have lost control over them. It is necessary to have a protection that travels with the data so that, even if they have been downloaded, I can still have control over them in the same way I have when they are in the repository. 3) Protect the sensitive corporate data you share via collaborative work applications such as Slack or Microsoft Teams: It is an alternative communication channel to email and is becoming increasingly widespread for intra-corporate communication. Many sensitive files leave our repositories to our platforms so we must not forget to apply protection to them also when they travel by these means. 4) Protection of files downloaded from corporate applications: There are many applications developed internally in the corporations that allow exporting or downloading data in file format. Applying protection right at the moment the file is downloaded will help us have control over it wherever it travels. 5) Auditing information access: When it comes to our most sensitive CAD or document format files it is important to see who is accessing, with what permissions, at what time or if someone tries to access without having permissions. This well managed information can alert us to possible information leaks. 6) Block/Revoke access to information in case someone should no longer have access: If I have stopped collaborating with a subcontractor, a partner, why should it still be able to access my information? Mechanisms should be used to “destroy” or remove these documents that these ex-partners have in their possession.

“The main benefit SealPath offers is the ability to protect the information that carries the most weight for the company. Knowing that we have control over it both inside and outside the organization is critical because it allows us to send it to third parties without risk.” Alberto Solís. Planning and Strategy of Information Systems Manager. Prodiel

All these protection measures I can apply with SealPath which offers a data-centric approach to protection. SealPath allows you to protect your sensitive documentation and CAD designs regardless of their location. You can control who accesses, when, with what permissions (view the design or modify it, but not print it or save it unprotected). In addition, I can set watermarks on the documentation so that, if someone tries to take a screenshot, it travels with the email address of the person who opened it, IP address and date/time.  Or, for example, set expiration dates on documents and CAD drawings so that after an agreement or deadline has passed, only you have access to the documentation, regardless of how you share your data, where you store it, you can have control of it with SealPath mitigating the risk of loss your intellectual property. In the following articles we will show you specifically how SealPath can protect in CAD format. Specifically in the following applications:

• CAD designs in .DWG, .DWF, DWS, .DWF, or .DWT format, managed in AutoDesk AutoCAD (Electrical Mechanical, Civil, LT, etc.) or in applications such as TrueView.
• AutoDesk Inventor 3D designs in .IPT, .IAM, .IDW, .DWG, or .IPN format so you can limit permissions on content (i.e. view and modify but not extract data)
• Intellectual property contained in Siemens Solid Edge in .ASM, .DFT, .PAR, .PSM or .PWD formats. Check if someone can print it, export it, modify it and audit all accesses.

  SealPath goes beyond the protection of information in office formats and offers a unique solution for the protection of trade secrets and intellectual property in the form of CAD designs. Find out how in upcoming articles or contact us directly for a CAD file protection demo.