Today, there is no longer a difference between civilian and military technology; they are both subject to the same dynamics and threats. For both, the problem of technology espionage (in various degrees, from copying products to very real and serious corporate espionage) has always existed, and is more present today than ever. Today, all the attention is on tech violations, the “cyber” whatever, so in the end, the protection of know-how, technologies, of methods and products, is achieved by somehow barricading the network through which data, information, documents, and designs are saved. The danger exists, it’s real, it causes damages that aren’t even reported to the public, and there is little hope of reaching a certain degree of security. In the era of integrated supply chains, it’s surely a problem that will exclude many suppliers from “4.0 Industry” chains. It’s an issue of national security, and The External Intelligence and Security Agency is certainly following the problem closely.
But that’s not all. The biggest piece is missing, the one that’s more dangerous for Italy. The Italian industry that exports the most is industrial automation. We’re the thorn in Germany’s side: the machines made by Italians’ are found in factories across the world. But out manufacturing is almost naked when it goes overseas. Neither the machines nor software are protected. To date, I am aware of palliative measures in the form of sensors that detect whether a machine is moved from its original location of installation and block it. The software may have protections tied to installation support, but nothing more– nothing that a team of astute engineers couldn’t subject to reverse engineering and copy. And this is what happens, we know it well. Sure, it has always happened, but the problem is now that it’s potentially systematic and apt to replicate, improve (if possible), and resell the software on internal or even external markets, ruining both the Italian mechatronics and manufacturing markets, that have allocated several productive lines overseas.
The military has the same problems. Once upon a time, the civil and military worlds were separated by walls and screens; we only had to face active espionage. Tech copycats were accidental; one usually had to wait for a deserted airplane, a tank abandoned by the Egyptian military captured by the Israelis for reverse engineering. Now, however, military technologies are also exported, or at least they are because the government supports national industries, therefore they’re learned about anti tampering and reverse engineering of systems sold overseas. First line of defense: products sold to foreign customers are exactly like national material; in reality, it always presents some limitation in performance. But it’s not enough, we need to prevent anyone from getting his hands inside them. We need to make it impossible to copy technology and software, therefore preventing reverse engineering (especially firmware– the software modules residing directly in circuit boards and control their basic functions– which contain data and algorithms from which it’s possible to derive hardware configuration and functionality). This also implicates the impossibility of penetrating the system with malware or software designed to force the revelation of its performance or inhibit functions. We also need to prevent hackers from modifying the hardware or software to service versions of the electronic system with additional capabilities (improved or not controllable by our defense systems). Taken together, this is a derivation of “technology transfer” and maintenance of “technological sovereignty”, the tue pillars of geopolitical policies.
Transferring these concepts to the civilian world is direct: a mechatronic business from the Bologna area exports its machines to a country in the Far East. If it hasn’t implemented anti-tampering and anti-reverse engineering measures, it may as well bid farewell to its technology regardless of patents, brand, and every other intellectual property protection it may have invested in. The value of their R&D risks disintegrating to zero, their export market demolished. Their machines need to have a sort of “self-awareness” that controls their integrity of their propriety hardware and software so that it can’t accept modified components or software. All of the software and data that circulate in these machines need to be encrypted. Going further, machines should react if they sense that they’re being taken out of their original contexts (moving location, or use for unintended purposes), limiting their functions. The behavior of the entire system and components should be surveilled constantly to ensure that it remains within determined limits. All of this must be insured by a key software system, some of which are encrypted at its own will. Nothing should be copyable or alterable. The machines must be technologically barricaded, and in doing so also the know-how and the very industry of the manufacturer, as well as legal responsibility in case of illicit use.
We can go further and foresee more sophisticated scenarios. One example: the connected auto, even worse if it drives autonomously. Some time ago, Tesla urgently updated its software because it discovered that it was possible to penetrate their cars’ computer systems. Even FCA knows something about this, with all the demonstrations in the media. The scenario is a hacker altering a car’s function (in the case of FCA, the brakes were inhibited…). Without digital capabilities, the cars of the future won’t make much headway. It’s the only protection possible, and is applicable to non-connected autos, if we wanted.