Semiconductor IP News and Trends Blog
Top 10 Ways to Outwit an IP Spy
To catch an IP thief, you must think like one. CEO Ted Miracco tells us 10 ways to protect semiconductor IP.
By John Blyler, Editor – IP Insider
During his keynote at the last IP REUSE conference, Ted Miracco, CEO of SmartFlow Compliance Solutions, said the best way to safeguard one’s intellectual property (IP) was to think like a spy. If you’re conjuring up images of romance, intrigue and things blowing up, then you have the wrong idea.
Most spies are very inconspicuous and rather unassuming. They really don’t want to be detected but do want to establish trust and gain access. Most spies don’t act alone or on impulse but are guided by an outside contact on what kind of information to collect. Once obtained, the information is analyzed and new data objectives are given by the contact. It is a very methodical and requirements-driven process, explained Miracco.
He provided a ten-point list that U.S. and European companies can use to protect them themselves from such spies and the subsequent theft of IP:
- Don’t use pirated software. It’s often laden with malware that, once installed, can spread out and open your entire network to various vulnerabilities. Plus it’s ethically wrong as many talented people and companies have spent a lot of time and effort creating the software.
- Protect your network. This isn’t easy as networks have so many areas that are vulnerable to attack. As cliché as it may seem, having a strong password is your first and best defense. Also, try to avoid using USB sticks to input data and files into your networked-based PC. Check out the videos of Kevin MitNick, the world’s most famous hacker, if you want to see how easy it is to gain complete access to a computer network with a USB stick.
- Remember that protection is over-rated. This may seem like a contradiction to the above comment on the need for a strong password, but it isn’t. Most IT budgets get spend on protection but any network can be hacked. Thus, detection and the countermeasures must be given as much attention as protection.
- Humans are the weakest link. No matter how much time and money you spend on technology, the weakest link is the human one. People can be surprisingly gullible. If the incentive seems attractive, people will click a link. And don’t be afraid to question why someone wants access to the network. Don’t just assume someone has the authority without double-checking with your supervisor.
- Use strong license agreements. Contracts are important. I think we over trust some of the customers. Often, there aren’t very strong incentives to comply with contracts. Also, negotiate the jurisdiction for disputes. The courts in the US are going to be far more open to you in the US.
- Leave digital fingerprints everywhere (for later forensic data analysis). If/when your IP is infringed, you’ll need to have evidence to prove it, e.g., tracking downloads, access system logs, monitor deliverables, track updates, etc. Also, configure your IP with license managers. Make sure you record when clients agree with the license agreement in the license registry. Use tags wherever possible.
- Use tools like the Chip DNA Analysis. The capability to fingerprint your IP, document it and perform analysis on the fingerprint as needed is critical for IP protection.
- Provide awareness training for all employees. People don’t realize how much IP piracy is really taking place. Companies should create a strong “awareness” culture within their organization to encourage employee’s behavior to challenge someone who as access to data, information, the network, etc.
- Hack your own organization. Remember the famous Motorola hack back in the days of the flip-phone. A hacker wanted to prove how easy it was to access critical data at Motorola in Arlington Heights. He followed up on an “out-of-office” message from a key Motorola engineer, which instructed him to contact an administrator. The hacker called the administrator and asked for all the software on the Star-Tac flip phone. The administrator complied. This was an instance of penetration testing. It still happens with alarming frequency. So rather than wait around for somebody to hack you and steal your IP, pay somebody to do it and learn from the experience.
- Work with foundries, which are a key to stopping semiconductor IP theft. In our industry, there are only a few foundries left, through which all IP has to flow in order to build chips. The US semiconductor manufacturers could play a much more prominent role in actually examining the DNA of the IP being used in all of their activities.
In closing, Miracco emphasized that IP is definitely worth protecting. All of us make our living off of IP. There is now better time to get serious about IP protection, especially with the semiconductor industry in the cross-hairs of countries like China and other nation states. Don’t wait for the US government to help. It’s not going to happen. It’s up to us!