A few days back there was this article in Reuters “Samsung’s advanced TVs go missing en route to Berlin” – big deal? Well presumably so – because it’s being suspected as a case of industrial espionage – “… it may have been a theft aimed at stealing the advanced TV technology, whose loss could cost the firm billions of dollars.” Just to set the background these sets have gone missing while on their way to the IFA consumer electronics trade show which opened to the public on Aug. 31 (and ran till Sept. 5) in Berlin. Samsung’s advanced OLED TV’s that were being debuted in this show were touted as the successor to LCD TV’s with a rumored price tag of $10,000 for the 55-inch model.
Investopedia explains “Industrial Espionage” as “…describes covert activities, such as the theft of trade secrets, bribery, blackmail and technological surveillance. Industrial espionage is most commonly associated with technology-heavy industries, particularly the computer and auto sectors, in which a significant amount of money is spent on research and development (R&D).” The Independent in its recent article “The art of industrial espionage” puts this succinctly as “…in a world where the biggest corporations easily outstrip the GDPs of small nations, corporate intelligence is almost as grand a game as its government-run counterpart”. In the US the situation is so bad that the FBI has stepped in with a new campaign that targets corporate espionage. The Office of the National Counterintelligence Executive in its October 2011 report to the US Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011 reveals some startling figures:
- Estimates on the losses (to the US economy) from economic espionage range so widely as to be meaningless—from $2 billion to $400 billion or more a year—reflecting the scarcity of data and the variety of methods used to calculate losses.
- Germany’s Federal Office for the Protection of the Constitution (BfV) estimates that German companies lose $28 billion-$71 billion and 30,000-70,000 jobs per year from foreign economic espionage.
- South Korea says that the costs from foreign economic espionage in 2008 were $82 billion, up from $26 billion in 2004.
And one of the most worrisome trends is the Chinese Boom in Corporate Espionage. Apparently as per this ZDNet article which cites Richard Clarke, a former cybersecurity and cyberterrorism advisor for the White House, China has hacked every major US Company!
Some more data
The 2012 Data Breach Investigations Report by the Verizon RISK Team (with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service) highlight some interesting details on this topic:
So what’s the point?
The reason I choose to highlight security issue in this article was because many PLM champions espouse of just “good enough” security for the PLM infrastructure or the application for that matter and may IT managers don’t seem to be too much bothered by that fact, which I think is not right. A PLM system has the information of the entire lifecycle of a product from its conception, through design and manufacture (and to probably service and disposal) – you don’t want that data stolen away like it happened for American Superconductor Corp. or Renault. And if you think it cannot happen anywhere near home read about the ACAD/Medre.A worm that steals AutoCAD Designs and sends to China.
When it involves PLM security, there are a number of things to consider. You might want to consider securing the data (by implementing role based access), securing the application as a whole, securing the database and even securing the data center. Last year I had published a detailed post on various ways to affect this outcome – you can read it here. Essentially several security standards exists (like PCI SSC Data Security Standards and ISO/IEC 27001:2005) and companies should work towards security their “bread and butter”.