PLM and Protection of Sensitive IP: “Law and Order” in Data Sharing, or Multi-Million Dollar Fines?
Verdi Ogewell posted on May 06, 2020 |
Consequences for missteps related to data sharing can be severe—steep fines, or even imprisonment.

It is important to have a sense of “law and order” in terms of navigating product data and keeping track of with whom you share that data, particularly in industries such as defense equipment, aviation, automotive and high-tech. The consequences for the worker or company that makes missteps in the detail work of data sharing can be severewith many millions of dollars in fines, or in the worst cases, even imprisonment.

In the U.S., for example, the country's defense branches don’t look casually on those who deliver products to them. Export control rules via the International Traffic in Arms Regulations (ITAR) apply to everything from specific subcomponents to entire technology systems. Who uses what, what is shared by whom and under what approvalthis all requires extremely good control and well-driven documentation. Specifications, CAD models, drawings, maintenance manuals and performance reports, for example, can all be subject to export control regulations.

In this article I have taken a closer look at these matters.

IT IS IMPORTANT TO MIND ONE'S P'S AND Q'S, keep track of data and control information flows in industries such as defense equipment, aviation, automotive or high-tech. For example, some articles or components which appear to be intended for civilian use at first glance, may in fact be subject to export control regulations because they are used in the design or manufacture of defense products. This means that design data for a civil aircraft may contain specific components and/or technologies to which export control rules and regulations apply,  such as specifications, CAD models, drawings, maintenance manuals and performance reports. For the company or person who is not aware of these details, the consequences can be severe, especially in the form of heavy fines.
IT IS IMPORTANT TO MIND ONE'S P'S AND Q'S, keep track of data and control information flows in industries such as defense equipment, aviation, automotive or high-tech. For example, some articles or components which appear to be intended for civilian use at first glance, may in fact be subject to export control regulations because they are used in the design or manufacture of defense products. This means that design data for a civil aircraft may contain specific components and/or technologies to which export control rules and regulations apply, such as specifications, CAD models, drawings, maintenance manuals and performance reports. For the company or person who is not aware of these details, the consequences can be severe, especially in the form of heavy fines.

The world of engineering is constantly changing, but there are some main dynamics forming the backbone—the most common of which is the increasing trend towards product lifecycle thinking.

In particular, this is characterized by the fact that companies collaborate and distribute information throughout product lifecycles. This impacts everything from sharing requirements and specifications between customers and suppliers, through design cooperation in joint ventures, to the outsourcing of manufacturing—but it doesn't stop there. The lifecycle concept also means that at each stage you should be able to follow what happens to the product both in operational environments and in terms of maintenance.

Obviously, there are challenges when it comes to sharing technical information. There are several reasons, but two of the most crucial are that it is partly about different stages in the product life cycle, and partly that it also affects different technical disciplines.

As an example, just think of the classic differences between mechanics, electronics and software. Information related to these areas is handled in a variety of application silos, which are distributed over a global value chain, frequently with various other organizations involved. This has traditionally been handled in the form of file exchanges, shared file areas and e-mail. These all have their value, but at the same time such communication channels offer limited control and audit functions: What was shared by whom, when and during which approval?

FAILURE TO PROTECT intellectual property rights of cooperating companies may result in intellectual property rights being stolen or unintentionally exposed. The bottom line is that either of these can lead to costly litigation.
FAILURE TO PROTECT intellectual property rights of cooperating companies may result in intellectual property rights being stolen or unintentionally exposed. The bottom line is that either of these can lead to costly litigation.

Costly Litigation

More recently, data sharing platforms—or collaboration hubs—have been developed to facilitate and control the sharing of information. While these make it possible to easily share data in a controlled manner, the challenge remains to protect the intellectual property rights that are included in the design data. Each data sharing platform must ensure that the "ownership" of information is clear and shared with the "owner's" explicit consent.

Failure to protect intellectual property rights of cooperating companies may result in intellectual property rights being either stolen or unintentionally exposed. The bottom line is that these can both lead to costly litigation.

In addition to protecting intellectual property rights throughout the value chain, it is equally important to remember that when sharing data across a global value chain, some of the information shared may be subject to export control regulations. Perhaps the most famous of these is International Traffic in Arms Regulations (ITAR), which originates from the United States.

ITAR APPLIES TO EVERYTHING originating in the United States and that affects military applications, which can certainly include materials created outside U.S.
ITAR APPLIES TO EVERYTHING originating in the United States and that affects military applications, which can certainly include materials created outside U.S.

Violations Can Lead to Harsh Penalties

ITAR is designed to protect the United States' leading position in defense capabilities, and violations can result in significant penalties. However, these are not the only U.S. regulations and the U.S. is not the only source of such rules. In addition, ITAR applies to everything that originates in the United States and that affects military applications, which can certainly include materials created outside U.S.

It is also important to be aware that certain articles, which at first glance appear to be intended for civilian use, may in fact be subject to export control regulations as they are used in the design or manufacture of defense products. As an example, the set of design data for a civil aircraft may contain such objects.

Export control rules apply to specific components and/or technologies. The consequence is that restrictions are applied to the handling of physical parts, and to the information linked to the parts or systems using the components or technologies. For example, specifications, CAD models, drawings, maintenance manuals and performance reports can all be subject to export control regulations.

IT IS EASY TO REALIZE THAT THERE ARE OBVIOUS CHALLENGES when it comes to sharing technical information. There are several reasons, but two crucial ones are that it is about different stages in the product life cycle, and that it also affects different technical disciplines.
IT IS EASY TO REALIZE THAT THERE ARE OBVIOUS CHALLENGES when it comes to sharing technical information. There are several reasons, but two crucial ones are that it is about different stages in the product life cycle, and that it also affects different technical disciplines.

Extensive Audit Trails are Required

Governments often establish agreements that allow open access for their own staff, but which ensure that special controls still apply as soon as access or sharing takes place with non-governmental organizations, such as companies.

A company that is licensed to have relevant information is also subject to the same controls when it comes to other organizations. In any case, the nation issuing the export license expects a major audit trail for those who have gained access to the material under special control.

This is an area where the consequences of missing out on errors can be serious. In particular, the United States has imposed significant sanctions on organizations around the world for violations of export control regulations such as ITAR.

Therefore, control of sharing and access to information subject to export controls requires specific attention, both for the exporter and the consignee or importer of such information.

An organization must have a license to export sensitive technology. Such licenses require the exporter to identify information covered by export control provisions and then maintain audited records of what was shared when, with which organization, in which country and under which license.

They must also be able to control access to the information when it is shared. This means, for example, that when the license expires, or is no longer applicable, the importer's access to exported information can be immediately revoked and all download information removed.

CLEARED FOR TAKE-OFF. The end of September 2018 saw the flight test premiere for the British Royal Navy's largest aircraft carrier to date, the 70,000-tonne HMS Queen Elisabeth. In the premiere, two F-35B Lightning II Joint Strike Fighters landed on the tires for the first time. The ship's technical information is handled by Eurostep's ShareAspace solution.
CLEARED FOR TAKE-OFF. The end of September 2018 saw the flight test premiere for the British Royal Navy's largest aircraft carrier to date, the 70,000-tonne HMS Queen Elisabeth. In the premiere, two F-35B Lightning II Joint Strike Fighters landed on the tires for the first time. The ship's technical information is handled by Eurostep's ShareAspace solution.

A Sharp Solution for the Aviation and Defense Industry

The organization that receives or imports the information also has a responsibility to control the access to and use of the licensed information. Therefore, one must also keep audited records of the access to and use of the information. In many cases, the information is sensitive, and access should be granted according to a person's nationality, citizenship and employment.

For some regulations, the information can only be accessed from certain identified geographical locations. It should be noted that the term “access” includes even just displaying the information on a screen. Therefore, controls are necessary to ensure that users comply with the terms of the license and are in appropriate locations before accessing licensed information.

There is a lot to deal with in these environments; however, there are solutions that can make life easier for individuals, enterprises and organizations in the defense sphere. For example, software developer Eurostep has launched a new product for managing the sharing and use of information covered by the Export Control regulations, such as ITAR, in an expanded company.

The product is called ShareAspace Export Control and is based on the collaboration software ShareAspace, plus the necessary functionality and functions to meet the needs of Export Control. With this product, Eurostep is aiming at the traditional aviation and defense industry that usually works with Export Control, as well as all industries that operate under similar rules that license information.

Best Practices for Export Control Data

ShareAspace Export Control encourages best practices for managing export control data and maintains the registers required by export control authorities. The software can work with PLM systems and thus avoid complex settings where PLM systems have a mix of Export Control data and non-Export Control classified data. This allows a setting that is more flexible and resilient if problems around certain data should occur. It handles both documents and detailed technical data, which "include" Export Control data in the organization's digital transformation.

If you are exporting or importing products that are subject to export control regulations, it is important that the associated product information is checked. The consequences of not doing so can be significant and can result in extremely large fines.


Recommended For You