Managing Intellectual Property Risk with Outside Contractors

By Bill Lydon, Editor
Every time you contract a third-party service provider, you are putting your company’s intellectual property (IP) at risk. With the current cyber security landscape and the new range of services offered by vendors and system integrators, manufacturers are increasingly challenged to protect their IP. The risk of losing valuable information and intellectual property can potentially negatively impact sales and profits.
The goal of any manufacturing company is to transform raw materials to finished products and deliver them to customers at a profit. To accomplish this goal, manufacturers perform some generally known methods. However, the majority of manufacturers perform some unique methods, processes, and procedures that make them competitive in the marketplace. Competition, by definition, is a differential advantage. You are differentiated from competitors by your unique methods, processes, and procedures that have been developed and refined over a number of years. A large contributor to the company’s competitive advantage is unique trade secrets and methods programmed into automation controllers and systems.
Trade secrets include formulas, algorithms, process, design, instrumentation, and methods that are generally not known or reasonably independently duplicated. Trade secret laws vary from country to country. In the United States, trade secret law is primarily handled at the state level under the Uniform Trade Secrets Act, which is adopted by most states.
The federal law - the Economic Espionage Act of 1996 - makes the theft or misappropriation of a trade secret a federal crime. The law contains two provisions: 1) criminalizing the theft of trade secrets to benefit foreign powers, and 2) theft for commercial or economic purposes. Contrary to patents, trade secrets are protected without registration and can be protected for an unlimited period of time. There are some important conditions for information to be considered a protected trade secret. While these conditions vary from country to country, these general standards exist:
- The information must be secret (i.e. it is not generally known among, or readily accessible to, circles that normally deal with the kind of information in question).
- It must have commercial value because it is a secret.
- It must have been subject to reasonable steps by the rightful holder of the information to keep it secret.
The last item requires active protection that is particularly important, and by failing to take steps to protect these items, you put trade secrets at risk. The most important task is to protect them. Many automation formulas, algorithms, processes, programs, instrumentation techniques, and methods are subtle and have been developed over a number of years. Guarding the knowledge and know-how that are programmed into automation and control is important to maintain legal standing and competiveness.
The protection of unique manufacturing processes is many times taken for granted.
Cyber Security Services
Services are offered by vendors to help manufacturers manage cyber security. This poses an interesting dilemma. This service offering is attractive to manufacturers because it can be difficult for them to acquire and maintain the in-house expertise to properly deploy industrial automation cyber security. The dilemma is that working with outside contractors potentially increases cyber security risks. This risk has been cited as a major issue by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and others. The contractual terms and conditions that address cyber security are important when purchasing products and services. Qualifying vendors is also very important to ensure you are working with a professional organization. The United States General Services Administration (GSA) is working to improve acquisitions of cyber protected products and services. GSA has published a document titles, “Improving Cybersecurity and Resilience through Acquisition.”
I have asked major suppliers and insurance companies if they offer ways to provide service buyers with financial protection similar to construction project bonding, errors and omissions, business interruption insurance, etc. To date, the answer has been, “No.” Until there are clearer certifications or guarantees, the service buyer is solely responsible for cyber breaches and losses.
Systems Integrators
Systems integrators (SIs) are another source of potential loss of valuable intellectual property, knowledge, and knowhow. Many SIs specialize in particular industries, and they are likely working with competing manufacturers. Possibly the best way to protect from loss of formulas, algorithms, process, design, instrumentation, and methods is to partition work given to systems integrators so they are not working on the things unique to the competiveness of your company.
Remote Services
Technology enables the use of remote services to monitor machine health and access to remote experts to solve problems. While these services are valuable, they also increase the risk of intellectual property loss and cyber security breaches.
Solutions
A big positive change in the automation industry is the adoption of open standards, open communications, and commercial off-the-shelf (COTS) technology. The solutions for protecting your intellectual property are technical, contractual, and finding trusted vendors. My suggestion is to push your supplier hard on how they will guarantee and indemnify your operations when you engage their services.
Related Articles
- Outsourcing Automation Design & Engineering – Short-Sighted Strategy?
- Challenges of Automation Support Models & Managed Services
- Is the Automation Industry Enabling Cyber-Attacks?
- Industrial Cyber Security Compliance & Enforcement

Check out our free e-newsletters
to read more great articles.
- Posted in:
- Article
- Related Portals:
- Cybersecurity, Factory Automation, Manufacturing Operations Management, Process Automation, Systems Integration
MORE ARTICLES
-
Lean Manufacturing and the Global Digital Process Automation Market
By Thomas R. Cutler
Digital Visual Management on the manufacturing plant floor is secure by creating virtual meeting rooms for real-time, 24/7,... -
Inside the Top Causes of PLC Control System Failure
By James Davey, Boulting Technology
Despite their resilience and rugged design, PLC-based control systems can still break down and their failure... -
Network Monitoring: Passive, Active or Both
By Zane Blomgren, Tripwire
There is little doubt that the need for OT operators to adapt to stronger cyber security postures is getting... -
Making the IoT Work for Test
By Mike Santori, National Instruments
The IoT and IIoT are making test more complex. IoT technologies can help address automated test challenges.... -
To CNC or not to CNC?
By Jonathan Wilkins
In industry, both 3D printing and CNC machining allow manufacturers to produce complex parts but sometimes it can be difficult...
RELATED
-
Softomotive announces Softomotive’s RPA Academy online learning portal
The Softomotive Academy is designed to improve the employability quotient of professionals and developers. It provides them with the opportunity to...
-
ISA announces final call for Educational Foundation Scholarship applications
University students who have potential in the field of automation should submit an application. All applications must be submitted no later than...
-
OSI to help Spanish power company enhance SCADA/Generation Management System
This system with replace an aging SCADA/GMS currently servicing the Balearic and Canary Islands, two Spanish archipelagos in the Mediterranean Sea...
-
Beckhoff Automation announces Kevin Barker as President
As the new president, Barker will oversee all sales, engineering, marketing and administrative operations from the headquarters of Beckhoff...
-
Dassault Systèmes announces acquisition of elecworks automation design software product line...
The acquisition of the elecworks assets will streamline and boost Dassault Systèmes’ development of an integrated mechatronics solution on the...