In the automotive industry, intellectual property (IP) is the differentiator and asset that is often most critical to business success and continuity. Whether we look at R&D, product development, CAD/CAE designs, software development and more, IP is always the core DNA that represents most of the value. It is also very vulnerable to theft. Most of the times, intellectual property is stolen by insiders, who have authorized access to that information or have contributed to their creation. They typically steal it while at work, during normal business hours and while pretending to be conducting “business as usual”. Because of that, detection becomes challenging. It is very difficult to detect illicit access from legitimate access. In addition, there is generally no indication of suspicious activity until the IP is in the process of being stolen or has already been stolen. This allows only an exceedingly small window of opportunity for detection and response.
Due to current political, technological and other global developments that are causing sales to plummet, while forcing companies in the automotive industry to make tremendous investments into new technologies and products to keep up with the competition, it cannot be overlooked that the ever-present threat of targeting insiders for economic or industrial espionage is higher than ever. Insiders in key positions are either being recruited or targeted for theft during business travel, or other occasions when they are the most vulnerable.
This presentation aims to shed light on the challenging topic of insider theft of intellectual property in the automotive industry. It will discuss the motives that lead employees to theft and/or the facilitation of third-party access to organizational assets intentionally or unintentionally. Despite the challenges, there are measures that businesses in the automotive industry can take to protect their intellectual property. Research has repeatedly found a clear link between insider activity taking place and exploitable weaknesses in security and management processes. Therefore, this talk will go on discussing the organizational factors enabling insider threat operations as well as countermeasures against them, by combining the lessons learned on insider activity prevention from the fields of counterintelligence, psychology, and cyber-security.
(INDIRA) Call Girl Nashik Call Now 8617697112 Nashik Escorts 24x7
Protecting Automotive Intellectual Property from Insider Threats
1. Christina Lekati
Social Engineering &
Insider Threat Security
Cyber Risk GmbH
Protecting Automotive Intellectual Property
From Insider Threats
Automotive Security
Research Group
WORLD
2. Overview
• The role of intellectual property (IP) in
the automotive industry & market
dynamics, today
• Intellectual property theft from insiders
• Theft of IP from foreign governments or
organizations
• Mitigation strategies/ countermeasures
• Closing remarks
Christina Lekati | Cyber Risk GmbH
3. Christina Lekati
• Psychologist focusing on the human element of security
• Assisting in cyber security projects from a young age
• Trainer & Consultant for Cyber Risk GmbH on the Human
Element of Security
• Main developer of the training programs on insider threats
and social engineering for Cyber Risk GmbH
About Me
@ChristinaLekatiChristina Lekatiwww.cyber-risk-gmbh.com/
4. Intellectual Property in the Automotive Industry
• Until a few years ago, the automotive sector was considered a mature
industry with well-established players.
• Core competencies of the automakers were familiar to most people,
but not so the technological waves that are transforming and reshaping
the industry, today.
• Although fully autonomous vehicles (Level 5) are years away from
reaching the market, deep-learning, data analytics, real-time control
algorithms and a slew of connected devices and components are
already changing the car industry.
Christina Lekati | Cyber Risk GmbH
Source: World Intellectual Property Report 2019
5. Intellectual Property in the Automotive Industry
Christina Lekati | Cyber Risk GmbH
Source: World Intellectual Property Report 2019
Increasing trend in
innovative activity in AV
technology.
6. Intellectual Property in the Automotive Industry
Christina Lekati | Cyber Risk GmbH
In the face of the AV
technological shock, auto
companies have an
incentive to join forces to
share the costs and risks
but also defend their
market position.
This is just one of a long
list of examples of
collaboration between
tech companies.
7. Intellectual Property in the Automotive Industry
The automotive industry is in the early phases of a period of technological disruption, with several
new entrants, both from the automotive and the technological sides.
Most tech firms, especially the smaller startups, occupy niches, focusing on hardware, software,
mobility services, connectivity, communications and many more.
Two main things happen in regard to intellectual property:
1) Significantly increased numbers of intellectual property-related documents and patents
2) Decreased control over ownership rights & sharing
Christina Lekati | Cyber Risk GmbH
Source: World Intellectual Property Report 2019
8. Christina Lekati | Cyber Risk GmbH
With the first-mover advantage increasing the stakes in market share and many vehicles now
coming to market featuring some level of automation, while fully autonomous cars being tested on
public roads, we need to focus more on IP rights management and protection.
Intellectual property (IP) is right now one of the most important and valuable set of assets that an
automotive company can own.
Technology and innovation are shifting the market dynamics and intellectual property will play a
major role in the way the industry will be shaped within the next years.
Intellectual Property in the Automotive Industry
9. Intellectual Property Goes Beyond Patents
Christina Lekati | Cyber Risk GmbH
“Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works;
designs; and symbols, names and images used in commerce.”
-World Intellectual Property Organization
IP Includes:
• Proprietary software/ source code
• Customer information
• Product-related IP (designs, formulas, schematics)
• Business plans, trade secrets, proposals, strategic plans
10. Any current or former employee, partner or contractor that has or used to have access to the
organization’s digital assets and may intentionally or unintentionally abuse this access and
harm the organization.
Insider Threats: Who Are They?
Christina Lekati | Cyber Risk GmbH
ENISA Threat Landscape Report 2018
11. “Any current or former….
employee, partner, or contractor…
Insider Threats: Who Are They?
Christina Lekati | Cyber Risk GmbH
Source: ENISA Threat Landscape Report 2018
12. “…may intentionally or unintentionally
abuse their access and harm the organization”
Insider Threats: Who Are They?
Christina Lekati | Cyber Risk GmbH
Source: ENISA Threat Landscape Report 2018
13. • Current employees/ contractors
• They already have authorized access to the IP they steal
• They usually steal it during normal business hours
• Scientists, engineers, contractors, salespeople, and more
Who Are The Usual Culprits?
Christina Lekati | Cyber Risk GmbH
14. • Misconception: they want to sell it for monetary gain
• Reality: they steal it for a business advantage (a new job, to start
a competing business, to send it to a foreign government/
organization)
Why Do Insiders Steal Intellectual Property?
Christina Lekati | Cyber Risk GmbH
15. The Anthony Levandowski Case
Christina Lekati | Cyber Risk GmbH
Sources: https://www.bloomberg.com/news/features/2017-03-16/fury-road-did-uber-steal-the-driverless-future-
from-google
https://www.bloomberg.com/news/articles/2020-04-18/uber-says-guilty-engineer-on-his-own-for-180-million-to-
google
16. • Insider acts alone
• Helped develop the IP/ perceives their role
in its development as important
• Sense of entitlement & ownership of IP
• Intense & explicit evidence of entitlement
or possessiveness in many cases
Two Main Types
Christina Lekati | Cyber Risk GmbH
• One insider may recruit other insiders for
theft of IP
• Want to gain access to more information –
may try to assemble an entire strategic plan
or software system
• Motives vary –recruits are promised higher
rewards
Individuals Recruiters
17. • Sense of entitlement
• Possessiveness
• Disgruntlement
Most IP theft happened within 1 month before/after employment termination.
The most frequent data exfiltration methods are emails, removable media &
remote network access. However physical exfiltration of information also
happens.
The insider often felt that they exfiltrated what righteously belonged to them-
and did little effort to conceal their theft.
Patterns Around IP Theft
Christina Lekati | Cyber Risk GmbH
18. Concerning Indications Include:
Christina Lekati | Cyber Risk GmbH
Extreme
disgruntlement
with the organization
Unusual IT activity;
accessing/ emailing/
exfiltrating IP
Suspicious comments;
entitlement,
possessiveness etc.
19. Disgruntled Insiders
Christina Lekati | Cyber Risk GmbH
Disgruntlement
with the organization is often
explicit and can lead to
malicious insider activity
Source: https://www.csoonline.com/article/3284444/insider-threat-becomes-reality-for-elon-musk.html
20. Enablers of Insider Threat Activity
Christina Lekati | Cyber Risk GmbH
“…Where an insider act takes place there is often an exploitable weakness with the
employer’s own protective security or management practices which enables the
insider to act.”
CPNI Insider Threat Collection Study 2013
21. Lack of a proper
inventory.
Easy access to
hardware and software
assets - trade secrets,
and other proprietary
information etc.
*and more!!!*
Poor Asset
Management
Absence of sufficient
technical controls. Rare
or unsystematic IT
auditing that would spot
irregularities or unusual
behaviors.
This enabled insiders to
act in the first place.
Poor Usage of
Technical &
Auditing Functions
Lack of adherence to
security policies &
practices allowing
insiders to have
access to foreign
computers, sensitive
materials,
privileged/accumulated
access to information
beyond the scope of
their work etc.
Poor Security
Culture
Many concerning
behaviors/ problems
& activities of the
insider were noticed
but unaddressed.
Poor Management
Practices
Christina Lekati | Cyber Risk GmbH
Enablers of Insider Threat Activity
22. Both technical and behavioral monitoring is required.
72% of IP theft cases were detected and reported by non-technical employees.
Signs are often observable by technical and/or non-technical means if you are vigilant.
Appropriate policies & processes are also essential.
Countermeasures for Insider IP Theft
Christina Lekati | Cyber Risk GmbH
Source: Cappelli, D., et al. “The CERT Guide to Insider Threats: How to Prevent, Detect and Respond to Information Technology Crimes”, New York; Addison-Wesley.
23. • Understand the positions at risk – who handles your most critical IP?
• Recognize the patterns & organizational factors surrounding IP theft
• Employee training on insider threats
• Improve termination policies & processes
• Clear reporting process in case of suspicious activity
• Well-defined and clear contracts on IP development, rights & ownership
• Implement technical countermeasures (Data loss prevention systems, digital rights management, etc.)
• Review & adjust access controls on the people that move to different projects/departments in your
organization. Do they just accumulate privileges?
Countermeasures for Insider IP Theft
Christina Lekati | Cyber Risk GmbH
24. Economic Espionage: “the conscious and willful misappropriation of trade secrets with knowledge or intent
that the offense will benefit a foreign government, foreign instrumentality, or foreign agent.”
Industrial Espionage: “the conscious and willful misappropriation of trade secrets related to, or included in, a
product that is a product that is produced for, or placed in, interstate or foreign commerce to the economic
benefit of anyone other than the owner, with the knowledge or intent that the offense will injure the owner of
that trade secret.”
Theft of IP from Foreign Governments or Organizations
Christina Lekati | Cyber Risk GmbH
-Office of National Counterintelligence Executive
25. Malicious insiders who infiltrate an organization or get recruited. They misuse their access and involvement to
intellectual property rights and development to benefit a foreign entity.
Unintentional insiders who do not practice appropriate security practices (e.g. while traveling) and are being
targeted by external threat actors.
Theft of IP from Foreign Governments or Organizations
Christina Lekati | Cyber Risk GmbH
It is very difficult to recover stolen IP once it leaves the legal jurisdiction of its “home country”.
26. Reporting
Christina Lekati | Cyber Risk GmbH
Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019
Someone meets
friendly, fun individual
while working on a
project abroad
…and eventually is
offered a large
amount of money to
provide access to the
corporate networks
…which the individual
refuses…
…but after a while
notices a coworker
enjoying large
amounts of sudden,
inexplicable wealth.
27. Reporting
Christina Lekati | Cyber Risk GmbH
“…I didn’t ask about it or report it because I felt I would also be implicated and
actually I would rather not be involved. "
Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019
DID HE/SHE SAY SOMETHING?
28. Reporting: What Does the Research Say?
Christina Lekati | Cyber Risk GmbH
Quantitative & Qualitative Research:
• 1145 participants
• Different countries
• Different roles
• About 15 different industries
Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/
29. Reporting: What Does the Research Say?
Christina Lekati | Cyber Risk GmbH
High Reluctance to Report:
• Employees’ cost / benefit analysis for reporting
insider threat activity is discouraging.
- Moral inhibitions
- Fear of social judgment within the organization
- Fear of personal risks
“ I would rather come forward as a witness after the attack
than risk my life and career being ruined by reporting it
earlier.. ”
Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/
30. Reporting: What Does the Research Say?
Christina Lekati | Cyber Risk GmbH
HR Preferred for Reporting Over Security
Teams:
• Closer to the employees
• Trust; HR would keep the confidentiality
• Believed to handle the issue better
Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/
…BUT HR is typically NOT trained on the
security implications of insider threats (or
security in general) and may not pay the
proper care and attention to a reported
incident.
31. Reporting: What Does the Research Say?
Christina Lekati | Cyber Risk GmbH
Lack of Training is the Biggest Barrier to
Reporting
• Over 72% of respondents cited a lack of training
knowledge and confidence to report suspicious
activity.
• Staff is unclear in identifying suspicious behavior.
• Staff does not realize the significance of insider
threats and reporting.
Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/
“Our company just says report anything
suspicious – there is no guidance, no training,
nothing.”
“It is a scary thing to do (reporting). I need
some form of training and process otherwise I
feel like I am playing God.”
32. Through training & management
Separation of duties and least privilege.
Keep an eye on the physical environment.
Monitor and respond to suspicious or
disruptive behavior
--insiders feel free to act when they fear no
risk of detection or consequence!--
Improve Security Culture
Technical Security Controls/
Asset Management
Christina Lekati | Cyber Risk GmbH
Countermeasures - Recommendations
Identify your critical IP assets and place
technical controls for their protection.
Log, monitor and audit (periodically) employee
online actions.
Deactivate/control employee access to
accounts, networks, systems, applications,
data & physical locations upon employment &
termination.
*and more!!!*
33. Straight forward process.
Confidentiality/ anonymity need to be
ensured.
“No fault” reporting policy.
Report to specific teams/ people
Reporting
Process
For HR, management and employees.
Recognize insider threats & know how to
report.
BONUS Benefits:
Training strengthens security culture &
social engineering defense!
Training
Christina Lekati | Cyber Risk GmbH
Countermeasures - Recommendations
34. • Fear of creating a toxic organizational culture
• Not enough cases made public
• “Not In My Back Yard” phenomenon
This is still a controversial topic
Christina Lekati | Cyber Risk GmbH
36. Christina Lekati | Cyber Risk GmbH
Community support is still very important, especially towards common threats.
37. Additional Recommended Resources
Christina Lekati | Cyber Risk GmbH
• Cappelli, D., et al. (2012) “The CERT Guide to Insider Threats: How to Prevent, Detect and Respond to
Information Technology Crimes”, New York; Addison-Wesley.
• Center for the Protection of National Infrastructure (CPNI), (2013). “CPNI Insider Data Collection; Report
of Main Findings”, Retrieved from: https://www.cpni.gov.uk/system/files/documents/63/29/insider-data-
collection-study-report-of-main-findings.pdf
• Center for the Protection of National Infrastructure (CPNI), (2012). “Holistic Management of Employee
Risk (HoMER)” Retrieved from: https://www.cpni.gov.uk/system/files/documents/da/00/Holistic-
Management-of-Employee-Risk-HoMER-Executive-summary.pdf
• Charney, L., D., (2014). “True Psychology of the Insider Spy” Retrieved from: https://noir4usa.org/wp-
content/uploads/2014/07/NOIR-White-Paper-17JUL14.pdf
• European Network and Information Security Agency, (2019). “ENISA Threat Landscape Report 2018”,
Retrieved from: https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018
• Red Goat Cyber Security, (2019). “Insider Threat Report 2019; Research Results and Analysis” Retrieved
from: https://red-goat.com/insiderreport19/
38. Contact Details:
“Knowledge is a weapon. I
intend to be formidably armed.”
- Terry Goodkind
Christina Lekati
@ChristinaLekati
Christina Lekati
Social Engineering Security
Trainer & Consultant
Cyber Risk GmbH