This contributed article by NIST focuses on the increased threat for data theft and urgent need for cybersecurity preparedness.

By Nathan Sable
Reposted with permission from nist.gov

Digitization and connectivity are having a huge impact on more than just your manufacturing operations and ability to monetize data. Your vulnerabilities also are increasing as Industrial Internet of Things (IIoT) manufacturing solutions involve more software, devices, and digitally connected employees.

The manufacturing industry continues to be at high cyber risk as a result of global competition and geopolitical tensions. Companies up and down the supply chain are demanding more transparency into their customers’ and suppliers’ reliability in order to mitigate risks from disruptions. Some are starting to require cybersecurity assurances, a trend that will only gain momentum. Enforcing cybersecurity standards will ultimately protect U.S. innovation and competitiveness.

Supply Chain Disruptions Prompt More Transparency Among Partners

Disruptions in the global supply chain are changing how business gets done. Manufacturers want to know who they are dealing with, upstream and downstream. Federal regulatory requirements in defense, food, aviation, therapeutics and medical devices have also caused companies to assess their relationships with partners. Additionally, companies want to harness analytics and advanced manufacturing capabilities to gain efficiencies and increase their competitiveness.

Cybersecurity Preparedness More Important Than Ever

This is especially true for cybersecurity preparedness. Manufacturers are being asked by their partners to provide technical certifications and specifications. Also, they are now being asked for documentation on the details of training for company policies on password management, identification, protection of sensitive information and response plans.

A security breach can have direct costs (financial and disruptive) and indirect costs (reputational or loss of contracts). Investing in IT security as you adopt new technologies is good for business.

CMMC Can Serve as a Blueprint for Manufacturing Industry

The Department of Defense (DOD) has led the effort to secure its supply chain by addressing cybersecurity concerns at non-governmental companies through the Cybersecurity Maturity Model Certification (CMMC). In essence, if you are going to do business with the DOD, you will eventually need to meet its criteria. Other federal government agencies are evaluating adoption of CMMC or a similar method as part of their purchasing processes.

It could be a competitive advantage for other industries to use the CMMC criteria as a model when vetting themselves, suppliers and customers. The practices and procedures defined for CMMC are guidance for any company to enhance its cybersecurity. These requirements extend beyond your network technology to include your personnel.

How Manufacturers Can Be Proactive in Their Cybersecurity Preparedness

One of the benefits of using CMMC as a blueprint for cybersecurity are the tools that are available for manufacturers to assess their current state of preparedness, identify gaps and score their progress on:

  • Technical areas, including:
    • 24-7 monitoring
    • Authentication
    • Controls
  • Personnel, including:
    • Policies and procedures
    • Workforce training

Your employees remain your biggest vulnerability. Training employees and enforcing company policies and procedures will take on increasing importance as digitization evolves in manufacturing.

Conducting a CMMC self-assessment or preparing for a third-party assessment requires attention to detail. For example, if cybersecurity training isn’t where it needs to be, it calls for companies to create a roadmap, or a plan of action and milestones (POA&M), all of which could be important to supply chain partners.

Intellectual Property Theft is the Fastest Growing Threat to Manufacturers

Manufacturers have been the targets of cyber threats for years, and ransomware remains the most common form of cyber breach. But intellectual property (IP) theft is the fastest growing threat. In fact, espionage from China is more prolific than previously thought, so much so that on July 6, the heads of the FBI and Britain’s domestic security service issued a joint warning to business leaders about threats posed by Chinese efforts to steal intellectual property.

IP theft is a threat to everyone; it is becoming increasingly important to assure your supply chain partners that your operation meets industry standards for cybersecurity preparedness.

MEP Centers Can Help With Your Cybersecurity Preparedness

Supply chain security and protection of sensitive corporate information is an ever-increasing concern for most manufacturing companies. Manex, your local MEP Center, can help you strengthen your cybersecurity.

For more information or to schedule a complimentary consultation, contact George Chao via email chao.george@manexconsulting.com or call 925.807.5119.

About the Author

Nathan Sable previously managed the IT and Cybersecurity Practice for Genedge, the MEP Center in Virginia. His duties included understanding market and client needs, developing new service offerings, and refreshing existing services to align with those needs addressing business risks in an increasing threat environment to Virginia’s industries.