Stolen intellectual property (IP) continues to gnaw at the manufacturing sector. As of mid-2014, 21% of manufacturers reported losing IP to cyberattacks over the course of a year, according to Kaspersky Lab. International software piracy between 2002 and 2012 cost U.S. manufacturers some $240 billion in revenue and more than 42,000 jobs, according to the National Association of Manufacturers and Harvard University. A 2013 report from the Commission on the Theft of American Intellectual Property says the U.S. loses an estimated $300 billion to IP theft each year.

IP infringement is nothing new. Isaac Newton and Gottfried Wilhelm Leibniz clashed in the early 18^th century over who invented calculus. Trademark battles raged over the term “shredded wheat” some 200 years later. Today’s manufacturers face similar challenges; it is just in a completely different environment.

Rod Kinghorn, Michigan State University.Technology such as 3D printing and low-cost manufacturing in regions with minimal IP protection and government regulations “make it a lot easier for counterfeiters to create a product that looks exactly like yours, even if it doesn’t perform exactly like yours,” says Rod Kinghorn. He is the former general director of global security at General Motors and now an outreach specialist for the Center for Anti-Counterfeiting and Product Protection (A-CAPP) at Michigan State University.

Sophisticated attackers want to know more than how to design a one-off product. Advanced persistent threats (APTs), in which unauthorized parties break into a network and hide as they gather up a company’s data over an extended time period, also plague manufacturers.

These threats to IP leave manufacturers struggling to find a balance between safeguarding their trade secrets and delivering a safe, functional product. According to security experts, finding a balance requires adopting a comprehensive strategy that encompasses protections not only at the machine and device levels, but across the supply chain.

Who Can You Trust?

Whether securing the IP of a product or the machine that builds it, companies first need to understand the risks to their proprietary information. Doing so means identifying what specifically requires protection, who is likely to bypass those protections and what the impact would be should the IP fall into the wrong hands, says Clark Case, security platform leader at Rockwell Automation.

To be sure, equipment and product manufacturers each face the threat of external hackers trying to break into their systems to steal design documentation. However, the OEM must contend with a separate quandary as to how much can they trust their customers. After all, the customer uses the machine builder’s IP to make their product properly, “but the customer also might be very interested in figuring out how the machine works so they don’t have to go back to that builder to make the next order,” Case says.

If a product manufacturer does not need to configure the control system, physical security such as cabinet locks and standard IP measures that limit data access likely will suffice, he says. The larger challenge comes when customers expect to write their own code in the control system for a particular machine to help integrate the rest of the system as well as to capture in-depth reporting coming from the machine.

To that end, Rockwell Automation is developing license-based source protection that allows OEMs to restrict access to certain parts of their logic programming. The licenses will live on secure USB devices, minimizing the risk of a third-party retrieving protected content.

At the device level, product manufacturers have many ways to protect their IP through hardware, software and even chemical methods. These options range from embedding or hiding components within layers to releasing chemicals that destroy components upon device tampering, says Melissa Masters, director of electrical, software and systems engineering at Battelle, a science and technology R&D organization.

Melissa Masters, Battelle.However, advanced security techniques, may add cost and time to the design process. Hackers with enough time and money can reverse-engineer most devices. Considering these factors, many medical device companies “are more interested in investing their dollars to ensure their devices are as safe, effective and secure as possible, rather than protecting algorithms,” Masters says.

Supply Chain Matters

For the end-product manufacturer, device-level protections are one piece of the puzzle. Manufacturers need to adopt what A-CAPP’s Kinghorn calls a “total business solution” to safeguard against counterfeits and other IP threats. Some businesses still focus primarily on legal action against IP perpetrators. However, “you don’t have to wait until you see counterfeiting in the marketplace to protect yourself,” Kinghorn says.

A comprehensive strategy requires manufacturers to evaluate their entire supply chain. Specifically, they need to determine whether their business decisions “are making product available to the counterfeiter at low cost that will end up in the marketplace and directly in competition with their own genuine product,” he says.

Kinghorn cites the example of companies selling outdated pharmaceutical pill presses on the Internet. Although the equipment has the markings for making a pill, the counterfeiter “just has to make [the tablets] the right shape and the right color, and then package them to look like the product is from the pharmaceutical company,” he says.

To avoid this type of risk, he recommends destroying outdated machinery, rather than selling it online as used or scrap. The same goes with excess, obsolete and defective materials. Counterfeiters can use these materials to remanufacture products that look legitimate but ultimately do not work.

It is also critical to evaluate partnerships to ensure that suppliers are not introducing opportunities for counterfeiting, whether by inadvertently sourcing inferior materials or “selling a little of the product out the back door,” he says.

Safeguarding IP starts with a corporate culture that implements policies to control information. However, as with all layers of IP security nothing is foolproof. Despite an organization’s best efforts to create a protective IT environment that is sealed from external intrusion, motivated attackers will find a way to penetrate the safeguards.

Threats are not always external, either. An employee could plug in a USB flash drive unaware that it contains a virus or malware that corrupts a network. Or, he or she could use a thumb drive to download critical documents and share them with unscrupulous third parties.

Bigger Commitments to IP Protection

Policy organizations are doing their part to help manufacturers safeguard their IP as thoroughly as possible. The U.S.-based National Association of Manufacturers (NAM) seeks to create a stronger partnership with government agencies when it comes to combating cyberattacks, says Brian Raymond, director of technology and domestic economic policy for the organization.

Brian Raymond, National Association of Manufacturers.NAM has backed a bill in Congress called the Cybersecurity Information Sharing Act. The legislation encourages companies and the government to share real-time cyber strike threats in order to stop the attacks in their tracks.

As they increasingly recognize the value of their IP, manufacturers also are strengthening their resources to protect it. “More companies are hiring chief information security offers, even in industries where you didn’t expect to see them,” Raymond says. These C-suite executives are dedicated not just to the technical expertise necessary for IP protection or counterfeit prevention, but the legal aspect as well.

Ongoing threats to intellectual property have not slowed manufacturers from innovating. Although it is nearly impossible to eliminate the risk of stolen trade secrets or counterfeiting, companies are recognizing how and why they need to evaluate IP protections in machine and device design, and across the entire supply chain.