Supply Chain IP Security Best Practices

Cybercrime in manufacturing is very real and becoming increasingly common. How can you secure your design IP while sharing it throughout your supply chain? 

By: Scott Collins

According to Sikich, a technology services provider, in 2019 more than half of US manufacturers surveyed had experienced a security breach or attack on their systems. 

Cyber attacks come in many forms – phishing, Denial of Service (DOS), ransomware – but our customers tell us repeatedly that the most damaging is theft of engineering and product IP. Supply chain IP security is essential to a high performing supply chain. The bigger and more distributed your supply chain is, the greater the risk of malicious attacks through any weakness in the chain. That risk stretches from the exchanging of sensitive information during initial RFx, negotiation, and the bidding process, and through order to remittance during production. 

Digital supply chain security risks

As an OEM, you have to supply technical data packages (TDP) to your suppliers. But by sharing files, you are opening vulnerabilities. Once transferred they can be taken out of a secure network, and traceability evaporates. To combat this, OEMs are investing in document-based digital rights management tools. But to increase security further your best option is to deliver traceable content access to your supply chain without providing the files. A file-less web content approach provides the information but does not require the file transfer. By providing web content only, you can better maintain the security of the information. 

There are several other advantages to using file-less web content. File-less web content lends itself naturally to graphical collaboration and markup, as well as live discussion feeds. These real-time collaboration capabilities support workflows that deter people from transferring the files, preventing them from ever leaving the secure network. File-less web content does not require expensive file-based viewer applications for viewing 3D CAD, drawings, schematics, and other sophisticated technical data. Instead, you can publish technical data into file-less, open-standards-based web content that can be easily shared through a secure browser on any device. This approach enables the use of session-aware markings for an added level of security and traceability.  

Supply Chain Cyber SecurityFurthermore, with file-less web content, redacting data from shared information can be an integral part of the publishing process and is one of the best ways to prevent that data from being leaked. For sophisticated technical data, like 3D CAD, where some of the most sensitive data can appear, recipe-based publishing services that allow the automatic redaction of sensitive IP are essential. 

Anark empowers its customers to securely connect their people to the digital thread. Anark is helping market leaders such as Boeing, GE, Lockheed Martin, Ericsson, Cisco, and government agencies provide secure content access and collaboration within the extended enterprise. In partnership with Anark they are able to easily transform, publish, and manage critical engineering, manufacturing and operational data as powerful, role-specific TDPs and connected digital workflows that can be safely consumed and access controlled on virtually any desktop, mobile or wearable device.