The theft of intellectual property (IP) was the keynote topic at the last IP REUSE conference. Ted Miracco, CEO of SmartFlow Compliance Solutions, delivered the talk that focused on the global nature of IP theft, recent attacks on semiconductor and EDA tool companies, and the best ways to greatly lessen these thefts.
Ted Miracco, CEO, SmartFlow Compliance Solutions
“There are only two kinds of technology companies in the world,” stated Miracco at the start of his talk. “Those that have been hacked and know about it and those that have been hacked and don't know about it.”
The relentless attacks on the intellectual properties (IP) of US and European tech companies has been well documented (see below). To appreciate the accelerated pace of these attacks, it helps to have a historical understanding of events.
A Very Brief History of IP Theft
During the early 1940s, the U.S. performed an amazing technological feat in creating the B-29 Super Fortress. More money was spent developing this aircraft than creating the first nuclear weapons of the Manhattan Project. Among other high-tech improvement for that time, the B-29 boasted a pressurized cabin, super-fast propeller power, and an analog computer for bomb sighting and to enable one gunner to train eight machine guns against an enemy combatant (see figure).
Boeing B-29A Super Fortress was a technological marvel and ripe for IP theft. (Wikimedia - public domain)
Within three years of starting full-scale production of the B-29, the Russian’s had already created an identical version with their Tupolev TU-40 bomber. The design and technologies for the copied bomber came from a couple of damaged B-29s that were forced to land in Siberia almost a decade earlier.
But IP theft recognizes no boundaries. In the mid-90s, the Chinese violated the terms of a Russian license to build their own version of the copied Russian Supo ISU- 27 Flanker. Then, in 2009, the U.S. suffered several major data breaches that enabled the Chinese to steal enough IP to create (by 2011) a fighter equivalent to the modern U.S. F-35 Stealth Fighter.
Thanks to the Internet and poor cybersecurity measures in the U.S. defense community, foreign governments have obtained the latest technology at an ever-increasing pace.
In addition to foreign governments, industrial espionage has also been a source of IP theft. Consider the semiconductor space, where Samsung and TSMC were involved in the IP theft of 14-nm process technology. Whole numbers of startup companies have stolen DRAM technology from Micron.
On the capital equipment side, Applied Materials is currently involved in a lawsuit against a number of former employees who took secrets regarding semiconductor process technology. These are but a few examples. To gain an idea of the market size and value of these thefts, read the recent Semiconductor Industry Association (SIA) report, “China’s Acts, Policies, and Practices Related to Technology Transfer, Intellectual Property, and Innovation.”
US IP Commission Report vs. China’s 5-Year plan
To address the accelerated rate of IP theft, the U.S. government completed the first “IP Commission Report” in 2013. Lending credence to this government report was the industry representation by Craig Barrett, former CEO at Intel, as head of the commission. The latest report, updated in 2017, stated that the cost from trade secret /IP thefts, counterfeit goods, and pirated software could run as high as $600 billion. The software space represents at least $52 billion of that $600B. As technology leaders, American companies are largely the victims of these threats.
Confirming the concerns of the commissioned report is the most recent five-year plan by the Chinese government, which specifically targets the semiconductor industry. The goal in the five-year plan is to become a world-class technology leader by 2030. Miracco observed that China seems well ahead of that planned end date (see, “China’s 13th Five-Year Plan Opportunities & Challenges For the U.S. Semiconductor Industry”)
Like a cautionary tale, it should be noted that energy technologies and companies were targeted in China’s previous five-year plan. As a result, only a few of the once numerous U.S. and European solar and wind farm companies remain in business today.
“It is a zero-sum game for China,” explained Miracco. “They subsidize indigenous companies where hundreds and hundreds of hackers spend all day long sending phishing emails to companies to compromise their networks and to steal technology. Once acquired, that technology is passed off to indigenous companies that then try to compete in the market. The Chinese government further subsidizes these companies. It's a pretty well-organized operation.”
Think Like a Spy
How will U.S. and European companies safeguard their IP? The best way is to think like a spy. Most spies are not like James Bond, always blowing things up. Instead, they tend to be inconspicuous and very unassuming. They really don’t want to be detected but want to establish trust and gain access. Furthermore, most spies are guided by an outside contact who direct them in what information to collect. Each time information is obtained, it’s analyzed after which it’s decided what new information is needed. The process is very requirements-driven, explained Miracco.
Miracco listed 10 ways U.S. and European companies can protect themselves from such spies and the subsequent theft of IP:
1. Don’t use pirated software. It’s often laden with malware.
2. Protect your network.
3. Remember that protection is over-rated.
4. Humans are the weakest link.
5. Use strong license agreements.
6. Leave digital fingerprints everywhere (for later forensic data analysis).
7. Use tools like the Chip DNA Analysis.
8. Provide awareness training for all employees.
9. Hack your own organization.
10. Work with foundries, who are a key to stopping semiconductor IP theft
The semiconductor and EDA tool industries use IP to design ever-more-complex and costly IC development. IP is worth protecting, especially as the whole semiconductor industry is in the cross-hairs of China and other nation states. The U.S. government priorities focus mainly on dealing with terrorism, the economy, and politics, but not really with protecting IP.
Furthermore, while the U.S. legal system tries to help, it’s far behind technological advances and litigation is too expensive for all but the largest of companies. Miracco believes that technology is the most important defense we have against IP theft. All that’s required is for companies to get serious about protecting their irreplaceable knowledge base. It needs to become part of the corporate culture and industry mindset.