Securing Intellectual Property (IP) in Industry 4.0
Industry 4.0 marks the revolution of cyber-physical systems, where manufacturing has transformed from traditional techniques to well-connected automated technologies that use data from both the physical and digital worlds. While Industry 4.0 is about connectivity and technologies, integrating advanced technologies, such as Artificial Intelligence (AI), the Internet of Things (IoT), and big data into manufacturing and industrial processes. This integration has the potential to revolutionise the way we produce goods and services. However, it raises many concerns related to Intellectual Property (IP), which differentiates one organisation from another and/or gives a competitive advantage.
IP is challenging since it can take various forms, such as product, algorithm, process, etc. The World Intellectual Property Forum defines it as “creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce.” These creations are protected by laws. The IP laws allow creators to get benefits from their work and use their unique ideas to drive businesses, art, and design.
IP can be classified into four types in the Industry 4.0/smart factory.
- Copyright materials: Copyright materials in Industry 4.0 include creative expressions, such as in-house software, confidential computer programmes, critical databases, maps, technical drawings of critical components. These are safeguarded from being used by others without permission.
- Patents: A patent is an exclusive right granted for an invention, which could be a product or a process. This product/process provides a new way of doing something or offers a new technical solution to a problem. Most of the product innovation work done by an organisation’s R&D department would be covered under a patent. In the case of Industry 4.0, this could relate to the processes and technologies used to create the product or services. Some examples include vehicle safety systems, ornamental/design of products, etc.
- Trademarks: A sign used to distinguish one company’s product over another, such as colour, logo, images.
- Trade secrets: Confidential information is private to an organisation. In an Industry 4.0 context, it could be source codes, algorithms, which are not public in nature.
According to the ABI Research forecast1, IP theft will double by 2026 at a rate of 53 percent compounded vis-a-vis the growth in Industrial IoT connectivity, annually.
Table 1 provides a conventional manufacturer’s view of six classes of cyber threat actors mapped alongside seven impact areas. It illustrates where the actors are most likely to operate based on previous incidents. We can see that the actors against IP theft are the most concerned area for the manufacturing sector.
Source: https://www2.deloitte.com/us/en/insights/focus/3d-opportunity/3d-printing-cyber-risk-management.html
According to the Deloitte heat map above, IP theft is a major cyber risk and there are many motivated threat actors across the globe.
There are many examples of cyber risk IP theft across industries. In one of the medical device companies, the hacker penetrated the firewall and stole the 3D printing design files from the cloud. Later, the medical provider sued the cloud provider, manufacturer, and 3D printing maker. In another real-life scenario, an individual pleaded guilty to stealing the source code from a technology company’s supply chain processes.
At present, organisations are dealing with three major concerns. The first concern related to Industry 4.0 is the protection of proprietary technologies and trade secrets. As these technologies are integrated into industrial processes, a risk of sensitive information being shared or exposed to competitors arises. This could lead to the unauthorised use of proprietary technologies and loss of competitive advantage.
The second concern is the potential for patents and other IP rights infringement. Industry 4.0 involves using many different technologies, and it can take time to determine who owns the rights to these technologies and how they can be used. This can lead to disputes over IP rights and potential infringement lawsuits.
The third concern is the potential liability of products or services developed using Industry 4.0 technologies infringing on third-party IP rights. Companies must conduct specific IP due diligence when creating and launching new products and services to ensure that they do not infringe on any existing IP rights.
It is also important to note that IP violations can occur at any stage: design, production, or in the marketplace.
For example, in the Huawei vs. T-Mobile case, a robot ‘Tappy’ heist exposed blindspots in cybersecurity. Tappy was used for testing mobile devices before they went out in the market. It was a proprietary product, which gave the company an advantage over its competitors. The lawsuit claimed that two Huawei employees gained illicit access to T-Mobile’s lab in Bellevue, Washington, photographed Tappy’s robotic arm, tried to smuggle its parts, and sneak back into the lab after they were banned from the facility. According to the lawsuit, this amounted to a case of IP theft, theft of trade secrets, and willful and malicious misappropriation.2
Let’s take some technologies powering Industry 4.0 and look at the possible IP-related issues. While many technologies are included in Industry 4.0, this article will look at 3D printing, Augmented Reality (AR)/Virtual Reality (VR), digital twin, and AI/Machine Leaning (ML).
3D printing uses Computer Aided Design (CAD) files (or other engineering drawings in digital format) for producing the end products and critical parts. These CAD files may be protected under an IP. Insufficient security around these files could lead to IP theft. Examples of these include the absence of data encryption, the absence of access management for the files, etc. Further, if the article to be printed is patented, making a physical replica with a 3D printer without permission would lead to an IP trademark infringement.
As a digital manufacturing technology, 3D printing enables some spare parts to be stored in a virtual inventory and produced at the time of requirement. This decreases storage costs and improves the overall service. Unless the spare part is protected by copyright, there is an increased chance of other players in market to produce spare parts. Before 3D printing is widely adopted within the spare parts industry, both suppliers and Original Equipment Manufacturer (OEM)s, respectively, must establish the security of their IP.3
Even organisations creating these files must protect them from misuse, such as sharing them without authorisation or safeguard, tampering with the design file, etc.
AR, VR, Mixed Reality (MR), and Extended Reality (ER) use images, audios, videos, and brand-protected information. These objects could be IP protected or patented or be under copyright laws, and obtaining or using these objects or data without authorisation or permission from the owner would lead to a violation of copyright, patents, or IP. Some of these technologies would be used across countries, which would lead to the violation of cross-border IP laws.
One of the most popular technologies is the digital twin. The digital twin, by definition, is a prototype of real-world processes, systems, and objects. This prototype, along with real-time data, is used to monitor and replicate the real-world model. Creating a digital twin involves importing models (CAD, Geographic Information System [GIS], etc.) and using know-how or processes, all of which may be IP protected.
AI and ML models are created after a lot of R&D, which is time-consuming and expensive. In the past three years, major companies, such as Google, Amazon, and Tesla have had their ML systems compromised. Since AI models are creative, the European Patent Office (EPO) and the United States Patent and Trademark Office (USPTO) have produced guidelines to clarify what can and cannot be considered patentable inventions in cases of AI.
An organisation’s approach to securing IP depends on the nature of the industry and the value of IP. It would vary from specialist IP protection to spreading awareness to employees. IP is an intangible asset but needs to be secured to avoid thefts, which can be catastrophic to an organisation.
Securing IP is related to cybersecurity and data management. With the shift in Industry 4.0, we would see data as the main driver for IP theft in most cases. New technologies increase the attack surface and expose vulnerabilities and exploit digital weaknesses.
To protect IP, we need to assess the IP that must be covered in the firm (where these are stored), including cloud applications, personal devices, third-party applications, etc. This would also include an evaluation of who has the access to IP. Most organisations have various IPs. Hence, it is important to prioritise the IPs based on cost-benefit analysis to understand where we need to spend our defensive efforts. Spreading awareness is equally important to protect our IP from being inadvertently or maliciously exposed or misused.
To minimise IP theft, all the ecosystem players must take effective measures. The suppliers/vendors must ensure that IP security is embedded into their products or service through encryption, access management, etc. The dealers and consumers must comply with IP agreements and monitor the environment for breaches. The manufacturers should have a stringent cybersecurity solution for IP protection along with technologies, which include anti-counterfeiting, anti-alteration devices, IP management, fingerprinting, and watermarking. These can be deployed per the industry and cost-benefit analysis.
Organisations should work towards defence in depth security and build resilience, which will help to prevent and protect against attacks. This should be combined with robust incident response and monitoring to respond to any IP theft.
However, protecting IP is about keeping information and technology away from competitors and ensuring that companies can access the technology they need to innovate and improve. Therefore, companies should keep an eye on any potential infringement and conduct specific IP due diligence to avoid legal issues. This can include researching the IP landscape to ensure that new products and services do not infringe on existing patents or trademarks and obtaining licenses for any technology protected by third-party IP rights.
Another important aspect to consider when considering IP in Industry 4.0 is interoperability. It refers to the ability of different systems, technologies, or applications to work together seamlessly. In Industry 4.0, interoperability is important to ensure that various technologies, such as sensors, robots, and AI, can work together to create a seamless and efficient manufacturing process. To achieve interoperability, companies should work with industry groups and incorporate standards.
With emerging technologies, it is crucial to have a legal understanding or professional legal help to protect IP works. India has many laws that govern IP rights; some of them are listed below for quick reference.
- Trade Marks Act, 1999
- The Patents Act, 1970 (amended in 2005)
- The Copyright Act, 1957
- The Designs Act, 2000
- The Geographical Indication of Goods (Registration and Protection) Act, 1999
- The Information Technology Act, 2000, IT Amendment act 2008, etc.
(Please note that the above is not an exhaustive list; companies are advised to seek professional legal opinion before ascertaining.)
There are various cross-border and nation-specific IP laws across the globe. As Industry 4.0 is an emerging field, staying informed and up-to-date with the latest developments in the IP law and regulations is important to protect your company’s proprietary technologies and avoid potential legal issues.
References
- https://www.rcrwireless.com/20221215/5g/cyber-risk-doubles-in-smart-manufacturing-as-iot-jumps-53-percent-per-year
- https://www.fiercewireless.com/wireless/t-mobile-wins-4-8m-ruling-against-huawei-over-alleged-theft-smartphone-testing-robot-tappy#:~:text=T%2DMobile’s%20lawsuit%20against%20Huawei,were%20banned%20from%20the%20facility
- https://amfg.ai/2018/05/29/3d-printing-transforming-spare-parts-industry/
Authors:
Praveen Sasidharan
Partner, Risk Advisory
Deloitte India
Praveen is a Partner with Deloitte and focuses on Cyber Risk Services. He has over 20+ years of experience in developing, managing and advising global enterprises on various aspects of Cyber Strategy, Operations and Risk Management. Praveen at Deloitte is an industry leader for Cyber – Automotive sector for South Asia, Cyber Leader for Tamilnadu, Kerala and Sri Lanka and Emerging Technology Leader . Praveen is member of NASSCOM, DSCI, IAPP & ISACA.
Anupa Subrahmoni
Manager, Risk Advisory
Deloitte India
Anupa is a Manager with Cyber Risk Services practice of Deloitte. She has more than 9+ years of work experience in various fields of manufacturing and industrial cybersecurity including Industry 4.0, vehicle security, plant security, cyber security center design and implementation, threat intelligence and SAP security and controls.
Published in Telematics Wire