This article first appeared in the Autumn 2016 issue of The Record.
Striking a balance between being able to share information throughout a company and ensuring it remains secure can be a difficult task.
In an increasingly connected and digitised world, enabling staff to collaborate with internal colleagues and external partners can create a host of opportunities and benefits to a business, with staff able to be more proactive and dynamic in the work they do.
But while seeking to empower its people, companies must do all they can to ensure their sensitive information and trade secrets do not fall into the wrong hands.
The emergence of a global economy has added another layer of difficulty to company operations. With more markets to negotiate, in manufacturing a greater level of management is required for this extended supply chain, which now covers outside partners and suppliers, and applies for everything from product design to manufacturing teams and even post-sales support.
Many manufacturers have set up in new geographies and off-shore to try and boost their economic input. But without a sound critical supply chain risk strategy, problems can arise.
Among the biggest is having intellectual property (IP) stolen or compromised. The risk is high, but too many manufacturers are not prepared and susceptible to attacks.
IP is typically lost or compromised in two ways: theft and leakage. Theft is carried out by an unscrupulous party, but leakage is the unintentional disclosure of company information while sharing files and documents in the normal course of their day-to-day work. This could be with suppliers, customers or even other departments within the same company.
Regardless of how IP is compromised or lost, the ramifications could be massive. Counterfeit versions of company products could be created using design data, and despite bearing the original manufacturers logo, these phony items could be widely sold. Fines can also be imposed, and spells behind bars are not unheard of.
In the aerospace and defense (A&D) industry, a number of companies have fallen foul of IP laws, which govern restricted technologies. The punishments are severe, and penalties go into the millions of dollars for companies found to be out of compliance with these laws, which vary from country to country.
A&D manufacturers and suppliers face a specific set of risks when looking to secure regulated IP. These manufacturers – due to pressure to reduce time and the costs of developing aircraft, communications and weapon systems for example – are being forced to place more responsibility for designing and integrating major subsystems with their suppliers. This however means suppliers can access important data which, from the manufacturers perspective, must not end up in the hands of competitors.
National security is a priority for A&D manufacturers, however it is a challenge to meet government regulations designed to avoid leaking military secrets to unwanted parties. Any company that violates national security regulations around IP can be subject to civil and criminal penalties.
While the US and the European Union have been working to develop a set of common rules, this process is taking time. Therefore companies must still be aware of and adhere to the IP protect laws in each country of operation.
Failing to make the necessary arrangements can be hugely damaging. In the UK, individuals found in violation of export control laws can face up to 14 years in prison. In the US, falling foul of International Traffic in Arms (ITAR) regulations can as high as US$1 million per violation, as well as a 10-year prison sentence.
High-profile violations are not unheard of. In 2008, a military aircraft manufacturer was found in violation of ITAR regulations and received a US$4 million fine for providing technical data about Hellfire missiles to the government of the United Arab Emirates. In 2007, a leading supplier of night vision equipment to the US Department of Defense acquired a US$100 million penalty after sending classified technical information to China, Singapore and Britain without the authorisation of the US government.
While these examples emphasise the importance of a solid IP management and security strategy, developing and executing such a strategy is made more complicated by the global nature of modern supply chains.
The proliferation of counterfeit or fake products have also been a growing problem for high-tech manufacturers. In a 2010 report from the US Commerce Department, in the defense industry alone the number of counterfeit electronic products more than doubled between 2005 and 2008.
This rise in counterfeit products is costing the IT industry around US$100 billion annually according to the Electronic Distributors association, but the problem is not solely financial. The public is placed at risk when products that are not genuine are in the general domain, and are more likely to fail due to a lack of testing in accordance with original design specifications.
When companies first began outsourcing their operations to countries such as China and India, tasks were chiefly labour-intensive assembly. Times have changed though, and the technological and manufacturing capabilities in Asia are higher than ever before. This means more sophisticated parts of the manufacturing process are being sourced to these countries. This presents new IP challenges, as the advanced technologies, protected though they are by IP laws, are more available to potentially unscrupulous parties.
Companies that rely on offshore supply chain partners must ensure their IP implementation is robust enough to secure IP across the extended enterprise.
Typically in the A&D industry, large original equipment manufacturers (OEM) act as primary contractors and engage with a number of other organisations to handle a variety of major aspects. These tiered suppliers who also may serve a competing OEM, require detailed information from the OEM about its products. This means OEMs must maintain detailed records of all data, to ensure only the necessary information is shared with these suppliers. Additionally, each supplier will have a series of subcontractors they need to share sensitive product information with.
The result is the OEM must track information across a large network of companies and suppliers, across various geographies. The challenge gets greater the further down the chain, but the need for the OEM to protect its IP never diminishes.
But how are companies ensuring the requisite levels of IP protection are achieved? At present, two approaches are generally taken. The first involves manual, ad-hoc processes where a document control team monitors usage and data movement. The second sees IT-based processes in place, which segregate data into multiple systems, and only gives certain individuals access to certain systems.
Both of these models have flaws. Manual processes are easily circumvented, while the IT-based approach puts IT staff in charge of IP access, rather than the people who actually use it and are responsible for its security.
In order to tackle these complex challenges and ensure the security and integrity of IP in the A&D industry, Dassault Systemes’ ENOVIA business application portfolio leverages the collaborative innovation advances of the 3DEXPERIENCE platform and helps companies deliver on a number of key best practices.
ENOVIA applications eliminate file-based data exchange, classify IP, enforce security requirements, and maintain a history of data access and downloads for critical IP. Furthermore, the solution tracks IP use across projects and customers, and support the implementation of day-to-day IP rules and controls by putting them in the hands of users. Data is also organised in a number of different ways to provide flexibility around IP for each role or activity.
The ENOVIA applications provide a secure framework for global collaboration, and being able to classify, categorise and secure IP helps reduce company costs in this area.
The risks present around the theft or compromising of IP for companies is huge, but one that can be managed with the right people, process and systems in place.
Share this story