Hackers could hold hospital computer equipment ransom, make autonomous vehicles crash into each other and mine 3D printers for vital trade secrets.
Business leaders and legal experts from around the country discussed these scenarios and other cyber security and intellectual property threats at a conference this morning. The event was hosted by the University of Oregon School of Law and the National Alliance for Jobs and Innovation.
“My entire company is under siege all the time,” said Hannah Kain, President & CEO of ALOM, a supply chain consulting company based in Fremont, California. “The attackers only need to succeed one time. I need to succeed 100% of the time.”
Currently, 50% of cyberattacks worldwide are targeted at the United States, Kain noted, costing U.S. businesses around $400 billion a year (a 2015 estimate from insurance company Lloyd’s) in intellectual property losses.
Jun Li, founding director at UO’s center for cyber security and privacy said that manufacturing is second only to healthcare as the most affected U.S. industry.
In its nationwide “report card,” the National Alliance for Jobs and Innovation gave Oregon a “C” when it comes to protecting the intellectual property of companies through consumer protection laws.
Hannah Kain, ALOM CEO, addresses the audience
Some intellectual property threats are longstanding. Hackers still rely on traditional means to access company information.
Foreign manufacturers can copy inventions from U.S. patents and sell them to international markets immune to U.S. patent law. A patent basically provides instructions on how to make an invention, so if that information makes its way to another country, manufacturers there can copy the technology with no repercussions.
This variety of patent theft has been widely practiced in China, panelists said, thought it occurs in other countries as well.
Oregon-based defense contractor FLIR systems files anywhere from 150 to 200 patents a year, vice president and chief IP counsel Chris Lewis said. The company worries international patent theft could land its thermal imaging cameras in the hands of unstable regimes like Iran or North Korea.
FLIR hopes to prevent such abuses by building up its portfolio of patents in China, Lewis said. However, he said “the China bashing days are over,” noting the Chinese government has been making more of an effort recently to tighten its IP laws.
New dangers have developed as the “Internet of Things” proliferates, Kain said. As consumers store their personal data in Fitbits, Apple watches, refrigerators, cars — you name it—they create more access points for hackers.
Likewise, “Industry 4.0,” a factory floor populated by smart robots, puts manufacturers at increased risk of data breaches. The 3D printers and smart devices taking over human factory jobs could build up huge stores of data on confidential innovations.
$400 Billion: the amount U.S. businesses lose to hackers each year
Companies face an uphill battle in the cybersecurity war. It’s cheap to attack and costly to defend. The cost of launching an attack runs around $38, Kain said, while defending against one can cost in excess of $40,000.
Businesses are also sometimes forced to lower their sophisticated cybersecurity protections by an unlikely opponent—the U.S. government.
Sometimes federal investigators can’t circumvent a private company’s data protections to access information about a suspect, said Carrie Leonetti, associate professor at the UO School of Law.
In that case, the government forces the company to weaken its protections to allow an investigation to proceed. The 1994 Communications Assistance for Law Enforcement Act required phone companies to lower their defenses so law enforcement officers could wiretap calls.
Now that tension between protecting private data and national security has moved into the software realm: The Department of Justice recently ordered Apple to write code that would break its own encryption, in order to access data from a shooter’s iPhone.
Panelists urged business leaders in attendance to ramp up workforce training. In a study conducted by one panelist WHO, 20% of employees clicked on a link to a phishing scam. Employees need consistent reminders, panelists said, to protect sensitive data.