In a world where we are more and more reliant on online security — are we safe against cyberattack?
29th May 2021
Back on 7th May, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries fuel to large parts of the South-eastern United States, suffered a ransomware cyberattack that impacted computerised equipment managing the pipeline. The company were forced to halt all pipeline operations to contain the attack, and overseen by the FBI, the (75 bitcoin or $4.4 million) ransom was paid within several hours; upon receipt of the ransom, an IT tool was provided to restore the system.
The FBI and various media sources identified the criminal hacking group DarkSide as the responsible party and the same group is believed to have stolen 100GB of data from company servers the day before the malware attack.
So what does this has to do with Patently and/or IP? Well, nothing per se, but coincidentally over the past few days we have been updating our client data security policy and documentation, so it struck a nerve. At Patently, we take data security seriously. We understand the importance of protecting our users’ data and appreciate the highly sensitive nature of the services Patently provides. Needless to say, this is a subject that interests us greatly. So much so, that we’ve done some research into cybersecurity innovation and the resulting patent landscape.
Unlike other areas of the information technology industry, cybersecurity is a relatively young and fast developing segment where a licensing culture has not yet taken hold. Once dominated by several enterprise and consumer-focused companies, today thousands of cybersecurity software vendors exist, as well as more than 60 open source software security platforms hosted on GitHub. With the industry’s growing market size, many aggressive entrants and an open source software model that is fast becoming the standard way of moving innovation forward, there is a potential for established vendors to look to impair these growth drivers through the use of intellectual property.
The expected growth in the cybersecurity software industry has the potential to be significantly disrupted and its innovation impaired by patent lawsuits. Finjan Holdings Inc., a security technology company turned Non-Practicing Entity (NPE or ‘patent troll’), has been the most litigious actor in the cybersecurity market. They have successfully sued for awards and licensing fees from Symantec, FireEye and Sophos, among others. They have also brought patent infringement lawsuits against Rapid 7, Check Point Software Technologies and Carbon Black, and continue to pursue software vendors for aggressive licensing deals.
Cybersecurity open source software (OSS) projects, like all manner of OSS development and usage, is an irreversible trend. Today, open source code is so effective and cost efficient that it is used in more than 90 percent of all commercially available software. In fact, it is impossible to catalogue all of the daily touch points the average person has with an open source-powered product, or service. The Linux Foundation estimates more than 31 billion lines of code have been committed to OSS repositories. Open source is a leading technology in smart cars, IoT platforms, block chain technologies and cybersecurity software projects like Kali Linux.
While it has experienced exponential growth, the successful proliferation of open source by banking networks, mobile phone manufacturers, telecom networks, smart cars, cloud computing and block chain platforms, among many others, was not always a foregone conclusion. In 2003, there was an intellectual property (IP) -based attack on Linux, the most prevalent OSS project.
While the claims underlying the litigation ultimately were found to be without merit in the court proceeding, it was a wake up call to several IP-savvy companies as to the potential negative impact of patent aggression on the growth of Linux and OSS projects. IBM, Red Hat and SUSE (then Novell) coordinated an effort with Sony, Philips and NEC to conceptualize and implement a solution designed to create a “patent no-fly zone” around the core of Linux. The entity is charged with administering this patent no-fly zone, utilizing a free license to require participant companies to forebear litigation and cross-license patents in the core of Linux and adjacent OSS. In the 12 years since its formation, the organization has grown into the largest patent non-aggression community in history with an excess of 2,900 participant companies that own upwards of three million patents.
In addition to administering the highly successful royalty-free free license, organization has been one of the most active users of the America Invents Act’s pre-issuance submission program and through its actions prevented the grant of hundreds of patent applications with overly broad claims that, if issued as submitted, would have threatened Linux technology and products for years to come. This community-based organization also routinely uses its central role as guardian of patent freedom in the open source community to gather critical prior art to neutralize Linux-related litigation and pre-litigation patent assertions.
In some cases, it has taken the extraordinary measure of forward deploying key assets from its defensive patent portfolio of more than 1,300 patents and applications to companies at risk or in litigation for the purpose of allowing these companies to better defend themselves from patent antagonists with often far larger patent portfolios and deeper pockets seeking to slow or stall the progress of Linux.
Going forward, the cybersecurity industry has the potential to be a significant driver of innovation and protection for the global economy. The community-organization has and will continue to include core open source technology in the Linux System and is thereby insulating its community licensees from patent risk in this area. As the threat landscape morphs and new threats arise from the ranks of operating companies and patent assertion entities, the community will remain vigilant in acting to ensure fewer poor quality patents are issued, poor quality already granted patents are invalidated and the community of companies pledging patent non-aggression in the core of Linux and adjacent open source technology grows.
In order for the creativity and inventive capacities of the hundreds of thousands of people developing around cybersecurity to be realized, it is vital that patent non-aggression in the core is safeguarded. Companies and individuals seeking to support patent non-aggression in cybersecurity software should participate as members of its community by becoming signatories of its free license and, in so doing, commit to the onward sustainability of the collaborative model of innovation that is central to open source.
Do you have any questions relating to online security? Get in touch via social media