Who controls product development security?

Manufacturing companies are the leading target of cyber crime. Tom Lansford takes a look at what you can do to protect product development data.

By Tom Lansford

Do we really have control over the information in our company? Companies in manufacturing are the main target for hackers and industrial espionage. Security breaches cost companies and our economies hundreds of billions of dollars every year.

Consider this:

Manufacturing was the most targeted segment of the economy for cyber attack in 2014. (Source: Statista)
Manufacturing was the most targeted segment of the economy for cyber attack in 2014. (Source: Statista)

Protecting physical assets, and limiting access under such conditions would be a natural reaction.  And physical security is an important part of best practices, in the data center, for the desktop system, and especially with mobile workstations. However manufacturing companies in general and automotive companies in particular, have global projects, joint partnerships, and dispersed, multi-tiered supply-chains. Additionally, collaboration is critical to innovation which is key to competitiveness. The German start-up, StreetScooter, created a revolutionary electrical vehicle in record time through the collaborative efforts on nearly 30 suppliers.  Security measures must be implemented recognizing these realities of today’s design projects.

 The average cost of a cybercrime attack in the US in 2014 was $12.6 million. (Source: Statista)
The average cost of a cybercrime attack in the US in 2014 was $12.6 million. (Source: Statista)

 

Protecting your sensitive design data

Where to begin? First, build on the  security systems in place and look at best practices to find potential holes in your systems and processes. Lists of best practices abound. Common features include educating employees and applying good technology.  I’ll focus on the technology aspects.

To apply technology, consider the points of attack. Client devices, if breached, have multiple weak points. We often think of disabling USB devices to enhance security, however, if a client device such as a mobile workstation is compromised, then the possibilities to extract information are many. The main memory, storage and screen contents can all be read. The integrated camera can be manipulated. The mouse and keyboard can be monitored. The BIOS can have weak points. Consoles such as a PlayStation, Wii, or Xbox with gesture control and which are connected to the network can be used to create real-time 3D images of a room.  

Use reliable identification controls

Clearly, access control for a mobile workstation is critical. Some companies use a PIN and smart card combination. Others use voice pattern identification or fingerprint identification. Fujitsu has developed a palm-vein-scanning technology for identification. Using the palm for vein-scanning identification is the most reliable method of these choices. Since it doesn’t require any physical contact, it is also very simple, easy, and unobtrusive for the user.

Fujitsu’s new palm vein scanning technology does not require physical contact to verify identity. (Source: Fujitsu)
Fujitsu’s new palm vein scanning technology does not require physical contact to verify identity. (Source: Fujitsu)

Both fingerprint and palm-vein-scanning identification are simple for the user, secure, and avoid the issue of lost, stolen, or shared smart-cards & passwords. These are important, additional steps beyond classic security measures.   The additional security software protecting applications, monitoring the workstation, and logging security related events is required to analyze events in the case of a security breach as well as for traceability and compliance with ISO security standards.

Keep design data in the data center

One way to avoid exposing sensitive company data is to not have it on mobile workstations or on off-site desktop workstations. Automotive companies are interested in remote workstation solutions for this reason, among others. Remote workstation technology today can deliver a full-powered desktop graphics workstation performance to any client device inside or outside the company.

Automotive companies appreciate the flexibility, graphics performance, and computing performance that rack-mounted workstations deliver. The solution supports their global projects, external partnerships, and global supply chain. Security is another benefit. The design data for the project never leaves the server room. This adds another layer of security to the protected client device in the field.

Secure your data center from in-house and remote security breaches

The data center also has certain weak points regarding industrial espionage. Physical access to the data center – and to the data contained within – is as important as the access to the client device. IT administrators need access to the systems. And sometimes they also need access to the data itself. Other times they do not. How you manage physical access is important.  

Up to now, all data centers have open ports with a range of security options to hinder port scans by hackers.    Like data protection, the best means of protecting open ports is to not have open ports. Impossible? No longer.

One solution which solves both physical and remote security is the Fujitsu “Stealth Data Center”.  This product is a combination of hardware and software. It is a standard size, secure server rack. 7U are dedicate to the rack control system and the remainder is available for your computing. Physical protection is assured through the Fujitsu “PalmSecure” vein-scanning identification product. Access can be configured for multiple levels of access and paired-access. Access to individual bays can be controlled as well. This is useful to allow access to computing resources, yet control access to storage and data to those times when it is really required.

The Stealth Data Center has continuous monitoring including monitoring of doors and shock sensors. This assures a good level of traceability and reporting. A secure middleware solution is responsible for closing the external ports and encapsulating sensitive applications on the server.   This makes your servers invisible to hackers.

While the Stealth Data Center hardware and software solutions can be used with Fujitsu server and Celsius rack-mounted workstation products, they are compatible with existing company server resources. This essential feature allows an easy migration to an extremely secure computing solution.  

The same flexibility is true for Fujitsu’s end-client security products. The monitoring, protection and management software runs on existing computing resources as well as on specialized Fujitsu products.   This removes the need to upgrade hardware in order to improve security. Obviously, some clients may chose to upgrade specific mobile workstations for sensitive projects. They might, for example use a “PalmSecure” equipped mobile workstation or an alternative brand with fingerprint of face recognition identification.

Evaluating your security infrastructure

Evaluating the actual level of security in your company can be done in a standardized way with the help of industry groups. The Common Vulnerability Scoring System or CVSS is now in its 3.0 version and allows companies to rate their security solutions in a standardized fashion. According to First.Org, which has created the CVSS:

CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world.

Additionally, the ISO 27000 series of standards have been created to address information security issues. Many of these documents have been released and additional standards are scheduled for publication.

Security must be practical for users

It is worth repeating that security controls must be practical, appropriate, and as unobtrusive as possible for users.  Both fingerprint and palm-vein scanning are reliable as well as more convenient than iris scanning, and therefore more applicable for secure identification on mobile workstations. On the other hand, multi-level security and paired access security are completely appropriate in a secure data center environment.

Good security pays off

We can see that good security has important costs. It takes a focused team to design, implement, and maintain a good security system. I’ve addressed different technologies, and yet training your teams in security and developing employee awareness for security issues is also important.

Manufacturing companies in general, and those in the automotive industry in particular,  are the most targeted companies for industrial espionage. Implementing reliable security systems is critical for these companies. But more than that, excellence in IT security goes hand-in-hand with the automotive sector’s needs in global development projects with more, deeper technology partnerships, globalized automotive platforms, development, and manufacturing, as well as a significant, multi-tiered supply-chain. Excellence in security systems enables broader and deeper collaboration which in turn supports competitiveness and innovation.

Tom Lansford is a regular contributor to GraphicSpeak. He is editor of CADplace.fr.