Engineering data is a valuable target, and the aerospace and automotive industries are at an increased risk of commercial espionage, theft of engineering intellectual property and cyber vandalism. Testing & Simulation Review has brought together Simon Ordish (Majenta Solutions MX Director) and Charlie Brown (Anzen Technologies cybersecurity architect) experts in their industries, to highlight these issues.

Both MX and Anzen Technologies are premised on the concern that sensitive and valuable data is going missing within the automotive and aerospace industries.

It isn’t entirely unique to just these industries – even military engineering is not immune from these problems. Confidential intellectual property for the military can also be susceptible when its data is outsourced, as one feature that these industries have in common is highly complex supply chains.

According to Simon Ordish “in 2021, the UK government reported that that 6 in 10 medium-sized and larger companies suffered cyber-attacks last year. A quarter of businesses report an astonishing weekly frequency of breaches and 40% of these occurrences result in a material loss to the companies involved.”

The protocol most frequently used to protect data in transit is encryption of various types, but quantum computing is on the horizon, with the potential to break encryption in a matter of minutes. Industries such as automotive and aerospace with long lead development timelines are now within the quantum window. This means that designs being created for cars and aircraft now will reach maturity at a point in time when quantum can break through to that information if it is encrypted.

Charlie Brown warns that “Once your company’s data is out there, even in an encrypted form, you can’t get it back. Encryption might preserve it for the meantime, but not for long and it will likely be cracked while it still has some commercial value.”

The technical approach MX have taken in order to combat this threat – as suggested by the ASR which stands for anonymise, shard, restore – is to take data, and split it into separate elements – or shards. Each shard is stripped of metadata so it is therefore anonymised. We then transfer these shards via different routes through the cloud and then restore it when all of the shards arrive at the destination point. As a result, any intercepted shards will be mathematically impossible to penetrate.

Beyond the risk of malicious actors, the complexity of the supply chain also poses a risk to security. The more access that is needed operationally, the more weaknesses that will be exposed. It is possible that some suppliers within the supply chain as well as the OEM will be spread around the globe in different offices. This means data will need to be moved around and increased liability occurs when data is being moved. Meaning there are lots of complex, valuable data being accessed by hundreds of engineers who are transferring files all over the world, often without any record of who is opening, viewing and sharing the data.

Simon Ordish explains in the article that if companies make security too inconvenient for their employees, more convenient workarounds are likely to be discovered very quickly and embraced. Over-rigid security protocols and systems that are difficult to use are far more of a liability than disgruntled employees stealing engineering designs and sharing them with competing organisations. A tool like MX ASR, which allows user activity to be tracked in granular detail, complements future looking quantum-resistant measures to address the problem of industrial espionage.

If this article highlights anything, it’s that data breaches are a significant problem. “If it hasn’t happened to your company, it is only a matter of time until it does.”

Read the full article here: Stolen! Engineering IP Theft. (testing-simulation.com)