With over 35 years of practical experience in computer systems and security, we invited Professor Golden Richard III, LSU Associate Director for Cybersecurity and American Academy of Forensic Sciences Fellow to host a virtual Power Meal. To unpack the current state of cybersecurity protection for intellectual property, we gathered a small group of cybersecurity professionals from different industries to share their unique perspectives.
Intellectual property (IP) covers a wide variety of business assets, including customer information, trade secrets, proprietary software or hardware, and literary works. The news is constantly full of headlines about massive data breaches, with ransomware and data exfiltration threats on the rise.
When it comes to most American consumer products and commercial hardware, manufacturing is handed off overseas after the design process is completed stateside. The common concern expressed across the board was about how malware can be injected in the manufacturing process completely undetected. “We design these pretty impressive processors, FPGA’s and complicated systems, and then send those designs to China or Taiwan to get them fabricated,” shared Ryan Tortorich, who works as the Operations Lead at Radiance Technologies. “How can you trust that what you get back is exactly what you designed?”
“On the global scale it has become clear that there are countries that simply won’t abide by the laws we create,” Professor Richard III added. “[Aside from government sanctions,] we don’t have much recourse against these countries. [Manufacturers in] China, for example, are common offenders, stealing network equipment, intellectual property and rebranding them as their own products.”
Ever since the transition to manufacturing processes began in the Industrial Revolution, the trend of jobs being replaced by machines has only gone upwards. More humans are being replaced by automation in the interest of efficiency and lowering the margin for error. This consequently opens up more cybersecurity vulnerabilities in processes that are largely operated by automated control systems. “Take oil and gas systems for example. We take humans out of the loop to let the programmable logic controllers and valves operate themselves based on control parameters,” Tortorich explained. “The fact that someone can remotely operate valves immediately adds attack factors that can directly affect critical infrastructure. As we transition to other things like automated 18-wheelers to solve supply chain issues, new attack factors rise up everyday.”
The healthcare industry is certainly no exception when it comes to cybersecurity threats and data breaches. Oleander Medical Technologies is a biotech company based in Baton Rouge that develops systems and devices to help facilitate cancer treatment. “We have equipment that can be operated remotely and involves a patient sitting in a device that delivers a post-magnetic field,” Hank Mills, Managing Member at Oleander MedTech shared, “So we’d be concerned if someone [unauthorized] is operating it remotely, possibly causing fatal harm to that patient.”
“We literally have almost no way of protecting systems that operate in a remote fashion from a dedicated adversary,” Professor Richard III revealed. “This is the reason that, for example, top secret facilities don't have any connectivity with anything.” He explained that these vulnerabilities can be mitigated to a large degree, as long as product developers truly put security first instead of rushing to market.
As for data breaches, HIPAA’s 2019 Healthcare Data Breach Report showed last year as a particularly bad year for the industry, with an average rate of 42.5 data breaches per month. Realistically, Professor Richard III suggests that operating backwards from a “100% security is impossible” stance is important. “The only way we can ever have secure communication is to find some remote place on earth under a tree where no one has been before and meet them there,” he concludes. “We need to start at the most pessimistic view and work backwards, because we can’t simply give up and do nothing. We need to operate this way because the offensive capabilities are now at the point where the average person simply can't imagine what is possible.”