Bridging the Gap: Securing IP


Published on

By Curtis Coleman

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Bridging the Gap: Securing IP

  1. 1. Intellectual Property Society presenting Bridging the Gap: Securing IP Curtis Coleman, CISSP, CISM Director, Electronic Security Seagate Technology
  2. 2. Agenda <ul><li>Introductions </li></ul><ul><li>IP and E-Commerce </li></ul><ul><ul><ul><li>Why should I care? I’m a small company. </li></ul></ul></ul><ul><ul><ul><li>IP Audit – Take Inventory </li></ul></ul></ul><ul><li>Is snooping really a threat? </li></ul><ul><li>Primer on how they operate? </li></ul><ul><li>High Tech & Non-Tech Solutions </li></ul>
  3. 3. Senior Computer Security Officer for the B-2 Stealth Bomber <ul><li>US Air Force - 20 years </li></ul><ul><li>Top Secret Clearance </li></ul><ul><li>Operations Officer </li></ul><ul><ul><li>Minuteman Missiles </li></ul></ul><ul><ul><li>Electronic Warfare </li></ul></ul><ul><ul><li>Computer Security </li></ul></ul><ul><ul><li>B-2 Stealth System </li></ul></ul><ul><li>USAF Medal of Achievement </li></ul><ul><ul><li>Computer Systems Security Research </li></ul></ul><ul><ul><li>Authored Book USAF WCCS Security </li></ul></ul>
  4. 4. Commander of a team of Information Warfare Specialists (CyberKnights)
  5. 5. The CyberKnight Mission
  6. 6. IBM Executive Computer Security Specialist “Ethical Hacker” <ul><li>Goal: </li></ul><ul><li>Identify Critical Business Processes & Intellectual Property </li></ul><ul><li>Penetrate </li></ul><ul><li>Secure IP </li></ul><ul><ul><li>United Nations World Bank </li></ul></ul><ul><ul><li>Morgan Stanley - Dean Witter </li></ul></ul><ul><ul><li>AT&T Global Networks </li></ul></ul><ul><ul><li>Ernst & Young Security Services </li></ul></ul><ul><ul><li>Bank of America </li></ul></ul><ul><ul><li>Hallmark, Inc. </li></ul></ul><ul><ul><li>US Military & Government Agencies </li></ul></ul>
  7. 7. IP Relates to E-Commerce <ul><li>E-Commerce involves selling products or services that are based on IP </li></ul><ul><ul><li>Music, Video, Pictures </li></ul></ul><ul><ul><li>Software, Graphics, Designs </li></ul></ul><ul><ul><li>Training material, systems, etc. </li></ul></ul><ul><li>IP is involved in making E-Commerce work: </li></ul><ul><ul><li>Software, networks, routers/switches </li></ul></ul><ul><ul><li>Chips, designs, user interfaces, etc. </li></ul></ul>
  8. 8. Small or Middle Sized Businesses Have Need to Protect Their IP <ul><li>E-Commerce businesses and Internet related businesses are based on product or patent licensing </li></ul><ul><ul><li>Different technologies are required to create a product </li></ul></ul><ul><ul><li>Companies often outsource the development of some components </li></ul></ul><ul><li>E-Commerce based businesses usually hold a great deal of their value in IP </li></ul><ul><ul><li>The value of the E-Commerce business is directly affected by whether you have protected your IP </li></ul></ul>
  9. 9. IP Audit – Take Inventory <ul><li>Patents, patent applications, innovations that could be patentable </li></ul><ul><li>Copyright </li></ul><ul><ul><li>Software, designs, documentation or technical writing, software scripts, user interface material, schematics, artwork, web site designs, music, photos, video </li></ul></ul><ul><li>Distinct signs, company name, product names, logos </li></ul><ul><li>Trade secrets – has commercial value to you, not generally known </li></ul><ul><ul><li>Product formulas, customer lists, business strategies & models, plans for technical enhancements to products </li></ul></ul><ul><li>Any valuable that is intangible </li></ul>
  10. 10. The Purpose of IP Audit <ul><li>The purpose of the IP Audit is to review what IP your company has and determine how to protect, exploit, and enhance its value. </li></ul><ul><li>Example: Your E-Commerce business is affected by Patents </li></ul><ul><ul><li>Patents are not just for large companies. Patents are not only for high technology </li></ul></ul><ul><ul><li>Some of the most successful E-Commerce companies have used patents for business methods: </li></ul></ul><ul><ul><ul><li>Amazon </li></ul></ul></ul><ul><ul><ul><li>America On-Line </li></ul></ul></ul><ul><ul><ul><li>DoubleClick </li></ul></ul></ul><ul><ul><ul><li>eBay </li></ul></ul></ul><ul><ul><ul><li>PriceLine </li></ul></ul></ul>
  11. 11. Is Snooping Really A Threat? <ul><li>American Society of Industrial Security </li></ul><ul><ul><ul><li>Sept 2002 – surveyed 138 companies </li></ul></ul></ul><ul><ul><ul><li>Reported lost in R&D or financial data at $53Billion </li></ul></ul></ul><ul><li>Society of Competitive Intelligence Professional </li></ul><ul><ul><ul><li>Govern by a set of legal and ethical guidelines </li></ul></ul></ul><ul><li>Foreign governments </li></ul><ul><li>Chinese Proverb – “the death of a thousand cuts” </li></ul><ul><ul><ul><li>Most companies don’t have a means of tracking the loss of IP </li></ul></ul></ul><ul><ul><ul><li>They go on hemorrhaging, losing market share </li></ul></ul></ul><ul><ul><ul><li>Gradually it takes the vitality out of the company </li></ul></ul></ul><ul><ul><ul><li>Usually seen as, “Oh well, that’s just bad luck in business” </li></ul></ul></ul>
  12. 12. Training Material – Easy to Obtain <ul><li>Art of Deception </li></ul><ul><li>Netspionage </li></ul><ul><li>Your Secrets Are My Business </li></ul><ul><li>Naked in Cyberspace </li></ul>
  13. 13. Five Step Primer: How Snoops Operate <ul><li>Step 1: Find Out What’s Public </li></ul><ul><li>The number one damage to companies is their own people don’t know how to handle the company’s IP </li></ul><ul><ul><li>Salespeople Tradeshows </li></ul></ul><ul><ul><li>Detail R&D facility to attract recruits </li></ul></ul><ul><ul><li>Suppliers brag about sales on Website </li></ul></ul><ul><ul><li>Public Relations press release on patents </li></ul></ul><ul><ul><li>EPA/OSHA over reported on facilities </li></ul></ul><ul><ul><li>Employees chat on Yahoo boards </li></ul></ul>
  14. 14. Five Step Primer: How Snoops Operate <ul><li>Step 2: Work the Phones </li></ul><ul><li>List of employee names, titles, extentions </li></ul><ul><li>Internal newsletters, promotions, retirements, new hires </li></ul><ul><ul><li>The more the snoop knows about the person answering the phone, the easier to work that person for information </li></ul></ul><ul><ul><li>Snoop won’t ask direct questions </li></ul></ul><ul><ul><li>Snoop will guide the conversation in ways that seem innocuous </li></ul></ul><ul><ul><li>Snoop shows high interested in the target and what he does </li></ul></ul><ul><ul><li>A 5 minutes survey becomes 20 minutes of IP gathering </li></ul></ul>
  15. 15. Five Step Primer: How Snoops Operate <ul><li>Step 3: Go into the Field </li></ul><ul><li>Any public place where employees go, snoops go too! </li></ul><ul><ul><li>Airports </li></ul></ul><ul><ul><li>Coffee shops </li></ul></ul><ul><ul><li>Restaurants </li></ul></ul><ul><ul><li>Bars near company offices or factory </li></ul></ul><ul><ul><li>Tradeshows </li></ul></ul><ul><li>Snoops use Job Interviews </li></ul><ul><ul><li>Sees what you are asking for in new hires (skills, technology) </li></ul></ul><ul><ul><li>Asks one of your employees in for a job interview </li></ul></ul>
  16. 16. Five Step Primer: How Snoops Operate <ul><li>Step 4: Put it Altogether </li></ul><ul><li>It is not only trade secrets that are valuable! </li></ul><ul><li>Example: 3 Grad Students </li></ul><ul><ul><li>Company was interested in a new technology </li></ul></ul><ul><ul><li>Students publishing papers for 2 years on new technology </li></ul></ul><ul><ul><li>Suddenly they stopped writing </li></ul></ul><ul><ul><li>Investigation showed all 3 moved to same town and worked for high tech competitor </li></ul></ul><ul><ul><li>Talk to them on phone about previous published papers </li></ul></ul><ul><ul><li>Figured out when new technology would hit the market </li></ul></ul><ul><ul><li>Gave an 18 months heads up on the competition plans </li></ul></ul>
  17. 17. Five Step Primer: How Snoops Operate <ul><li>Step 5: And If All Else Fails . . . </li></ul><ul><li>Other countries have vastly different ethical and legal guidelines for information gathering! </li></ul><ul><ul><li>Bugs, bribes, theft, extortion </li></ul></ul><ul><ul><li>Widely practiced throughout the world </li></ul></ul><ul><ul><li>Espionage is sometimes sanctioned or even carried out by foreign governments, which may view helping local companies keep tabs on foreign rivals as a way to boost the country’s economy. </li></ul></ul>
  18. 18. A Growing Concern IP Rights vs. Privacy <ul><li>Everything in Cyberspace is composed of bits (1s & 0s) </li></ul><ul><li>Digital works are perfectly reproducible, an infinite number of times without degradation </li></ul><ul><li>On the Web, a copy is the original </li></ul><ul><li>The need for Digital Rights Management (DRM) </li></ul><ul><ul><ul><li>Security & integrity features of computer OS </li></ul></ul></ul><ul><ul><ul><li>Rights-management and tracking </li></ul></ul></ul><ul><ul><ul><li>Encryption </li></ul></ul></ul><ul><ul><ul><li>Digital Signatures </li></ul></ul></ul><ul><ul><ul><li>Fingerprinting and other “marking” technology </li></ul></ul></ul><ul><li>The Consumer’s Privacy vs DRM </li></ul>
  19. 19. High Technology & Non-Technology Solutions <ul><li>High Technology Non-Technology </li></ul><ul><li>Firewalls Policies </li></ul><ul><li>Intrusion Detection Systems Standards </li></ul><ul><li>Content Filtering Procedures </li></ul><ul><li>Access Control Lists Security Awareness </li></ul><ul><li>Digital Rights Management </li></ul><ul><li>Cryptography </li></ul><ul><ul><ul><li>SSL </li></ul></ul></ul><ul><ul><ul><li>Certificates </li></ul></ul></ul><ul><ul><ul><li>Digital Signatures </li></ul></ul></ul><ul><ul><ul><li>Steganography </li></ul></ul></ul>
  20. 20. <ul><li>Any Questions ? </li></ul><ul><li>Contact Info: </li></ul><ul><li>Curtis Coleman, CISSP, CISM </li></ul><ul><li>Phone: 831-439-7194 </li></ul><ul><li>eMail: </li></ul>