When most IT managers see “IP,” they instinctively think about Internet Protocol. Yet, for those in the manufacturing industry those letters mean Intellectual Property — the lifeblood of their organization. Without exception, IP is the most important asset for manufacturers to protect from data leaks and breaches.
According to a recent study by Enterprise Management Associates (EMA), 30 percent of manufacturing industry information is considered corporate sensitive IP. Together with information governed by regulation, this means that 70 percent of manufacturing information requires some kind of protection.
Yet, this industry is marred by cybersecurity challenges. A good example can be found in China’s attempt to steal the process for recreating white titanium from a major chemical giant. But this is just one high-profile attack in an industry that is plagued by them. For every attack against IP that becomes commonly known, hundreds more may go unreported, or even undetected.
According to one study, China’s attempt to steal the process for successfully creating a certain white tone from titanium dioxide is just a drop in the bucket. It is estimated that China accounted for as much as 80 percent of the $300 billion in losses sustained by U.S. companies from the theft of intellectual property in one year alone.
There’s a reason why so many nation states and hackers are aiming for the manufacturing and chemical industries: there’s a lot of money to be made. Manufacturing is growing exponentially in recent years, and with it is the need to secure manufacturing sites in order to increase the safety of personnel and local environments. According to a study conducted by the American Chemistry Council, considerable investments by companies in this sector are allotted to the designing, building, maintenance and upgrading of facilities to ensure safe operations.
With constant pressures coming from Advanced Persistent Threats (APTs) and turncoat insiders, and issues like integration challenges between industrial control systems and information technology systems, it appears that the prudent approach is to classify cybersecurity spending as another critical investment in safety.
The EMA study shows that 20 percent of employees accidentally share data, and 20 percent of employees are often deceived into disclosing information through social engineering, malware and phishing. Additionally, the EMA study underscores that the greatest common denominator between these internal and external threats is e-mail.
A Credence Research report on the email encryption finds that the proliferation of cloud computing, web-based applications, and enterprise mobility make email encryption solutions “one of the most crucial solutions to drive business processes.” This finding is particularly accurate in sectors like manufacturing where so much sensitive IP exist.
Modern Manufacturing IP Challenges
One of the main cybersecurity challenges within the manufacturing industry is the vast number of devices, items and records that must be monitored and secured. In addition to the main parent organization, manufacturing companies need to secure:
- Standard Operating Procedures;
- Standard Jobs Procedures;
- Maintenance Procedures;
- How organizations rebuild procedures;
- Failure History;
- Operating conditions;
- Distributed control system data;
- Plant drawings;
- Process models;
- Testing results;
- Operating equipment;
- The materials used;
- Instrumentation ranges and settings;
- Control logic;
- Built of material information;
- Network drawings;
- Internet Protocol addresses;
- And Firewall configuration rules.
Adding to these woes is the increase in the number of cyber-attacks made against the manufacturing sector. In 2016, the National Cybersecurity and Communications Integration Center/Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to over 290 incidents. The 2017 edition is in the works, but the indication in newsletters from ICS-CERT points to a far worse year in 2017 for vulnerabilities and incidents.
IP Protection: The Email Security and Encryption Solution
Overwhelming evidence shows that the investment required to protect sensitive data with email encryption pales in comparison to the cost of a data breach.
In manufacturing, unsecured email communications is a common cause of breaches. . Without taking proactive measures to implement scalable, manageable data protection, data leaks will continue to rise. Only by making data inaccessible at the source, with controls placed on the information, can companies finally stem the tide of unauthorized data access and data movement.
For example, one of the key findings in the EMA survey is a fundamental misalignment between organizational focus on IT security resources. Major efforts are often spent on protecting web and e-commerce communications using SSL and TLS without enough effort spent on email encryption. This leads to 88 percent of EMA respondents stating that protecting data with tools that provide encryption is now more important than it was a year ago.
Only by securing intellectual property with security and access controls, including encrypting email, can manufacturing organizations take steps to fully secure their IP, protecting the critical data they rely on from an increasingly hostile world.
IP Protection Resources: