2 hours 39 minutes
welcome back to acid security course. And in this video I'm going to talk about talk about protecting intellectual property.
So let's first talk about what you will see in this video, and I'm going to talk about types of intellectual property. And then I'm going to talk about protecting manufacturing process, protecting proprietary technology and its development and protecting people.
So when you talk about types of intellectual property,
first of all, their patents,
then there are manufacturing processes which are included in itself the proprietary technology that can be used by competition or somebody militias.
And then we have proprietary technologies which are not part of manufacturing process. For example, some kind of documentation explaining How do you produce certain material or certain product if it's some kind of mechanical device? What kind off
terminal treatment is used, what kind off materials are have to be used? What are the margins during manufacturing or during the product production that are allowed in order to achieve the quality that is needed and stuff like that?
Eso these things that can be Justin paper, not part off actual manufacturing process
and then you have are in D,
which is ah, part off
the whole process of generating intellectual property, and in the end, you have people who are involved in that
whole process of generating intellectual property. So sometimes you'll just have to find a way to protect not physically them, but the things that that they're working on in terms of things that they have on themselves, which is crucial to development in the intellectual property.
So patents let me just make sure they're kind of
things of public knowledge. So they're essentially protected by laws and they're protected by government agencies, so you don't have to protect them. The
you have the paper saying that physical piece of paper saying that you're to have right to a patent. But this is also recorded in the
the Patent Office. On the whole content of that patent is there. So the fact that you have these things on paper in your cell, your company, it's just eso you can claim the right to it, but it's not something that you need to protect because there is somebody else doing that instead of you.
So what we're talking going to talk about today with in terms of protecting intellectual property, starts with protecting manufacturing process.
And what you have today is that most of manufacturing processes air protected, controlled so in the protected by i o T devices of some kind of SCADA
array of devices, which are controlling by computer ways off using computers and sensors, your machines that are meant actually manufacturing the products. Of course, there are people mending these machines, but
the whole process off information flow. Data gathering is done by Iot devices, and these are notoriously insecure
eso the wire. They're insecure because people who are manufacturing these devices they don't usually issue security updates sometime. It's usually not even remembered by people maintaining the manufacturing processes to do the updates.
And the reason is very simple. Sometimes when you install the security of there is something might stop working and people who are in charge of manufacturing they are. Primary goal is to make sure that manufacturing is operating at optimal level in terms of productivity and the production. So
the last thing they want is to do the update of fervor of Iot devices in and something stops working. So this is this is absolute nightmare for them,
and it's usually not being done
sometimes is being done if they have redundant devices that they can test and see if everything is working. But it's very expensive, and most of the companies simply avoid that thing.
So what to do in case of protecting manufacturing process?
Um, you put the whole manufacturing process on an island or in their gap?
What does it mean? What the air gap means means that the network on which the all these Iot devices controlling machines in manufacturing process
are separated from the outside world. There on the separate network, they're not community with anything else from the outside
for convenience purpose. Sometimes people leave the connection to the corporate network in case they need, for example, to change something in the manufacturing process. So they devise that in the in the R and D or some kind of department inside the company,
and then they just push it down to the manufacturing.
This is wrong.
The biggest advice is to avoid any kind off connection between the island off manufacturing and the other a rest of the world, and to communicate or to transfer any changes.
Why are portable memory devices and when I say portable memory devices. I'm not thinking about USB flash drives because thes air notoriously known to be able to infect the networks.
what I'm suggesting in this case and I know it sounds crazy because nobody's using them anymore is to use optical drives like CDs or DVDs and to transfer all data to the authorities. In most of the cases, one CD or one D the is has enough size to transfer all of the data you need, because
in most cases these are not big things. These air, for example, some changes in programming is a couple off lines, or we just need to change everything on software on all I I I o tease. It's still not much so it Zmeskal erred in megabytes, not in gigabytes. And you can do that easily.
I know that optical device is an optical media is going out of style, but they're still there just for these purposes,
and I strongly suggest that they are being used in that way.
When we're talking about protecting proprietary technology, we have two types. We have already developed technology, and essentially then it sits in the storage and you protect it in the same way. Like you protect storage, you limit access,
you control access, you control access from outside the network.
keep it turning in a separate storage. And that's it,
When we talk about the things that have not all been fully developed,
then we're talking about protecting R and D,
and when we're protecting R and D, the best way to do it
is the same thing with like with manufacturing.
So to put it in on the island, in the air, gapped environment and people in R and D, if they need to communicate with the outside world, they need to switch to the other PC, which is on the corporate network. So it's the best way. Sometimes it's too expensive or
simply people cannot work in that way.
Then, at the best way, is to force the access to the Internet through virtualized environment that is separated from the harder. So there are browsers. For example, if you go to the Internet, which browsing them in in micro virtual environment
and so once you switch off the brother, if you caught any kind of malware drew during browsing or if some of the tried to access it. They cannot access your actual physical machine or date on it. They're accessing just that. That small virtual space within the browser, which is separated for dead browsing session.
Also, in that case, you need special procedure for exchanging files over mail. It can be automated, but it doesn't have to be So, for example, if if there are some some Softwares that doesn't don't allow
you to open the email attachment, it has to be first saved to a hard drive
and then scanned by anti virus and then open. So that's it.
yeah, when we talked about the air gap, it's simply not possible all the time.
so, uh, also, when you talk about protecting our Andy, we have to protect people who are doing the R and D,
and we're not talking about physical security off them and their families. That is
the subject off responsibility of people doing physical security. It's a whole different ball game.
We're talking about,
for example, issuing them with cryptic mobile phones. So if they're reading their email when there somewhere, they're still protected because even if their mobile phone is stolen, it's pretty much protected from
any kind of intrusion except on a very high level slash government level.
And then then you don't have to worry about it. So, for example, fishing mobile phones, which are encrypted,
uh, companies don't issue these phones to everybody because they're quite expensive. But to some crucial people in R and D or in management, they can be issued,
then a word using no books.
Uh, because notebooks can be stolen. And yeah, OK, Big locker corruption
is good thing, but date that can be accessed even if the hard drive is encrypted. There are ways. If they're not simple, they're expensive. But if you're talking about developing multi $1,000,000 technology than somebody might decides to invest a lot of money into breaking into your encrypted drive and a lot of money, you can do it.
If no books are have to be used, then use only one that are fully protected with hard based security. Like I was speaking about in protecting data on the section about protecting data on a PC.
And the final step is that if needed, if these people work a lot of from home than the whole thing, is to secure their home network. So
people have their home networks. They get whatever to get from there the Internet provider. And it's very below security quality for somebody working with sensitive or crucial data for a company.
So in this case, you should go to their home and install equipment that can make sure that
a t least there call network is not easily,
attacked. And in that case, you need also probably to install some kind of video surveillance. Because even if you put the highest level pregnant in their homes, somebody can break in and simply replace it with the same looking devices, which are
which are not protected because the protection has to be turned on.
So in this video, I have been talking about what different types of fight intellectual property exist in a company and accept patents, which are
no, they don't need any kind of protection. All other kinds of intellectual property are subject to whitey securities focus, and they need to be protected,
and I also talked about how to protect each of these types of intellectual property
on the The biggest thing is to convince your management that convenience and ease of faxes, convenience of use. And he's a praxis is sometimes against their best interests
because they say Okay, these people need to work from home. We have to make sure sure that they can work without interruptions.
OK, but then we have to install the measures to make sure that whatever they are communicating with the company's network is not Spider, because then what's the whole purpose of security off his date if they can be easily really revealed? So
I hope you have learned about
protecting the intellectual property in this lesson, and in next one, I'm going to talk about protecting financial assets.