Most of the time we work under the premise that people are well intended – error-prone but well intended. So we talk about enforcing consistency and repeatability in our process by minimizing needed human intervention and maximizing automatic software enforcement. However, once in a while we also need to turn our attention to the darker side of business – IP theft, corporate espionage, hacks, and sabotage. Since Additive Manufacturing (AM) is highly digital, it is highly prone to all these vulnerabilities, not only that but you can sometimes use a weakness in one part of the corporation to access the rest of its digital assets and network. This is an area where people maintain silence and when they perceive that something is wrong it is often after quite a while and quite a bit of irreparable damage and still they’re not sure where or what the breach is exactly. At that point corporations discretely reach out to Incidence Response companies for help (my personal recommendation in this category is Sygnia, an Israeli Incidence Response company that was acquired by Temasek a couple of years ago. I was on their board of directors until the acquisition, so I know just how amazing they are first hand). This may prevent further damage but often the existing damage is done.
Cyber breaches are hush hush but their effects can be far reaching. According to Accenture, the average hacked company suffers over $2mm direct cost per attack. Of course, these are averages including many small companies – the average for Fortune 1000 companies is many fold higher. Accenture also says that the average annual cost of cyber crimes to a company is $13mm (so much more than the direct cost from a single attack) and the biggest part of that (about $6mm) is information loss or theft (see Accenture chart below).What can we do to avoid all this nastiness, what is needed to secure AM in the corporation? In this post we will concentrate on the preparation needed for knowhow and IP protection and next week we will consider breach prevention and mitigation of the damage.
Preparation is the Key to Success
When corporations have found a security incidence they hurry to put security measures in place but this is too late – advance preparation can save the cost, damage, reputation hit, and embarrassment (internal toward our executives and sometimes external toward our customers and partners). In additive manufacturing, we have to prepare by actively securing our AM digital assets. Secure digital assets are the key to a secure AM workflow (though the workflow software must have some security features as well), and secure AM production. It is important, however, to use security measures that are as seamless as possible so as not to disrupt the manufacturing operations and nicely co-exist with policies and procedures (including security) already in place in the corporation. Security measures that require digital vaults, and other disruptions to the workflow people are accustomed to, often create antagonism and individuals find inventive ways to circumvent the disruption thereby compromising the security measures just to enable them to work effectively. Preparing a parallel yet seamless or even transparent lane to the manufacturing workflow that will secure the digital assets from end to end will give the adopted security measures the best chance to be effective if anyone tries to hack these secure digital assets. At LEO Lane we do this with a cloud solution, which is flexible, cost effective, and works for remote workers as well, but there is also the possibility of a private cloud solution. Alternatively, some companies offer solutions that are exclusively on-premise for those companies where 100% of the work is done in-house and in-person.
For IP protection, some companies also put legal measures in place by patenting their designs. This acts as a deterrent for serious corporations not to copy your 3D printable designs as they are. On the other hand, it requires full disclosure of all the greatness in your design – something corporations may balk at. Specifically, this is an exposure as a competitor may take the know how inherent in the design and design their own item based on that. The patent may not prevent that and the disclosure of the design details could reveal months or years of R&D giving the competitor a leg up. In addition, some lawyers warn that care must be taken when drafting design patents for AM and even for all manufacturing technologies, in light of AM. It isn’t just the physical part that should be patented, its digital origin should be addressed as well.
Next – Prevent and Mitigate
Next week, in part 2 of this post, we will talk about prevention and mitigation – what can be done to prevent theft and breaches and what can be done if a breach has happened to mitigate the damage and improve our position for the future. Meanwhile, if there are any questions on IP protection for additive manufacturing and digital supply chain, you can email them to our security experts (info at leolane.com) and mention this post, we’re happy to share our knowledge whenever possible.
For more insights and information follow us on LinkedIn or subscribe to our newsletter for weekly updates. Pictures from top to bottom: 3D printed combination lock used ineffectively doesn’t lock anything; What-Me Worry cutting board (not 3D printed); Chart from Accenture.