Open side-bar Menu
 The PLM Insider
Jyotirmoy Dutta
Jyotirmoy Dutta
Jyotirmoy Dutta works as a PLM Lead Consultant at Infosys with more than 13 years of expertise in PLM Strategy Consulting, Solution Architecting, Offshore Project Management and Technical Leadership. He has led several full life-cycle PLM implementations, in the Consumer Products, Electronics & … More »

Industrial Espionage and PLM Security

September 15th, 2012 by Jyotirmoy Dutta

A few days back there was this article in Reuters “Samsung’s advanced TVs go missing en route to Berlin” – big deal? Well presumably so – because it’s being suspected as a case of industrial espionage – “… it may have been a theft aimed at stealing the advanced TV technology, whose loss could cost the firm billions of dollars.” Just to set the background these sets have gone missing while on their way to the IFA consumer electronics trade show which opened to the public on Aug. 31 (and ran till Sept. 5) in Berlin. Samsung’s advanced OLED TV’s that were being debuted in this show were touted as the successor to LCD TV’s with a rumored price tag of $10,000 for the 55-inch model.

Investopedia explains “Industrial Espionage” as “…describes covert activities, such as the theft of trade secrets, bribery, blackmail and technological surveillance. Industrial espionage is most commonly associated with technology-heavy industries, particularly the computer and auto sectors, in which a significant amount of money is spent on research and development (R&D).”  The Independent in its recent article “The art of industrial espionage” puts this succinctly as “…in a world where the biggest corporations easily outstrip the GDPs of small nations, corporate intelligence is almost as grand a game as its government-run counterpart”. In the US the situation is so bad that the FBI has stepped in with a new campaign that targets corporate espionage. The Office of the National Counterintelligence Executive in its October 2011 report to the US Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011 reveals some startling figures:

  • Estimates on the losses (to the US economy) from economic espionage range so widely as to be meaningless—from $2 billion to $400 billion or more a year—reflecting the scarcity of data and the variety of methods used to calculate losses.
  • Germany’s Federal Office for the Protection of the Constitution (BfV) estimates that German companies lose $28 billion-$71 billion and 30,000-70,000 jobs per year from foreign economic espionage.
  • South Korea says that the costs from foreign economic espionage in 2008 were $82 billion, up from $26 billion in 2004.

And one of the most worrisome trends is the Chinese Boom in Corporate Espionage. Apparently as per this ZDNet article which cites Richard Clarke, a former cybersecurity and cyberterrorism advisor for the White House, China has hacked every major US Company!

Some more data

The 2012 Data Breach Investigations Report by the Verizon RISK Team (with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service) highlight some interesting details on this topic:

So what’s the point?

The reason I choose to highlight security issue in this article was because many PLM champions espouse of just “good enough” security for the PLM infrastructure or the application for that matter and may IT managers don’t seem to be too much bothered by that fact, which I think is not right. A PLM system has the information of the entire lifecycle of a product from its conception, through design and manufacture (and to probably service and disposal) – you don’t want that data stolen away like it happened for American Superconductor Corp. or Renault. And if you think it cannot happen anywhere near home read about the ACAD/Medre.A worm that steals AutoCAD Designs and sends to China.

PLM Security?

When it involves PLM security, there are a number of things to consider. You might want to consider securing the data (by implementing role based access), securing the application as a whole, securing the database and even securing the data center. Last year I had published a detailed post on various ways to affect this outcome – you can read it here. Essentially several security standards exists (like PCI SSC Data Security Standards and ISO/IEC 27001:2005) and companies should work towards security their “bread and butter”.

Tags: ,

Categories: PLM, Security

6 Responses to “Industrial Espionage and PLM Security”

  1. Amedar…

    I do consider all of the ideas you’ve offered to your post. They are very convincing and can certainly work. Nonetheless, the posts are very quick for beginners. May you please lengthen them a bit from next time? Thanks for the post….

  2. Hakan Karden says:

    Dear Jyotirmoy,
    interesting reading.

    Just want to brief you about one PLM SW that is aimed for Secure Collaboration – Eurostep’s Share-A-space. It is used in Aerospace, Defence, Automotive, Power generation etc and in the supply chain/network. When moving beoynd the 1st tier supplier to 2nd, 3rd etc things get hard to control. PLM in the extended/virtual enterprise is a federated system because companies design together. Many big organisations hesitate to let others than 1st tier into their internal systems. Still much of the innovation is with smaller companies.

    So, besides the fact that we are using MSFT Windows Identity Foundation, ADFS2, role based access, security on object level etc, Share-A-space is a separate system, where the data to be shared is stored (or just metadata). Inhouse systems such as Teamcenter, Windchill, SAP etc are kept as they are and so are internal process.

    We have several cases with OEMs in Europe and supplier/partners in China. Also defence suppliers having support portals for fleet management accessed by MOD staff.

    PLM and security is important, PLM collaboration requires new thinking, not just a web interface to inhouse systems. More info at

    I will pass your post onto some of my colleagues.

    CEO Eurostep Group

  3. Jun Yang says:

    Hi, I’m a journalist working on a story about this topic. Would you mind giving me your email address to

Leave a Reply

Kenesto: 30 day trial

Internet Business Systems © 2018 Internet Business Systems, Inc.
25 North 14th Steet, Suite 710, San Jose, CA 95112
+1 (408) 882-6554 — Contact Us, or visit our other sites:
TechJobsCafe - Technical Jobs and Resumes EDACafe - Electronic Design Automation GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy PolicyAdvertise