16 MiMfg Magazine March 2017
• Liability due to not properly protecting the personal information of clients and suppliers
The rising number of security alerts being dealt with is an additional burden for the industry , especially smaller manufacturers who lack the financial resources of large corporations . Already , nearly 70 percent of data breaches are discovered by third parties rather than by an internal team . Add to that , the fact that Cisco Systems , a worldwide leader in IT and networking , estimates Internet traffic to grow at a compounded annual rate of 23 percent and there simply aren ’ t enough eyes to stop every attack .
If a business faces an increasingly large number of attacks , it cannot simply react to each individual attack , but instead be proactive in securing any potential points of entry and properly communicating the severity of cyber crime with their whole team . Every employee must be part of your cyber security team .
Close Your Company ’ s Knowledge Gap or Lose Everything
A manufacturing business is comprised of two types of technology : the IT and the OT . These technologies may be very different ( see the chart below ) but both require proper monitoring and testing to ensure the business remains competitive and its data secure .
IT and OT Differences
“
It ’ s too great a risk for an employer not to take operational cyber security seriously . Simply put , proper precautions can be the difference between avoiding or surviving a breach and losing your business altogether . Never believe it can ’ t happen to you ”.
— Mike Maddox , president and CEO , ASK
“ Every employer should have a conversation internally with all the key stakeholders from their OT and IT sides ,” offers Taylor . “ Often , these people don ’ t see cyber security as a shared responsibility and proper coordination and communication is a solid first step .”
As the need for IT departments developed in manufacturing , many businesses created an invisible wall between the IT staff and the rest of their team . This led to a knowledge gap for most employees — they aren ’ t aware of common threats or best practices to combat breaches because it was never something they were expected to know .
Attribute |
IT |
OT |
Confidentiality |
High |
Low |
Availability |
Low-Medium |
Very High |
Message Integrity |
Low-Medium |
Very High |
Non-Repudiation |
High |
Low-Medium |
Time Criticality |
Days Tolerated |
Critical |
System Downtime |
Tolerated |
Not Acceptable |
Security Skills / Awareness |
Usually Good |
Usually Poor |
System Life Cycle |
3-5 Years |
15-25 Years |
Interoperability |
Not Critical |
Critical |
Computing Resources |
“ Unlimited ” |
Very Limited with Older Processors |
Software Changes |
Frequent |
Rare |
Worst Case Impacts |
Frequent Loss of Data |
Equipment Destruction , Inquiries |
Source : Joseph Weiss , “ What Executives Need to Know About Industrial Control Systems Cybersecurity ,” International Society of Automation , 2016 .
Unfortunately , manufacturing ’ s growing effort to network their systems across facilities , often across states or globally , has led to previously protected OT systems becoming less and less secure and the knowledge gap among the employees charged with using and monitoring a business ’ OT side is widening those vulnerabilities .
According to Gartner , a leading information technology research and advisory company , the security concerns surrounding OT systems is becoming more urgent as failures to OT systems can result in unforeseen environmental impacts and health and safety concerns due to product / system tampering . Especially challenging is the 24 / 7 nature of manufacturing ’ s OT side . While a company ’ s IT team and the majority of its IT resources have significant downtime — usually during nonbusiness hours — the OT systems manufacturers rely often run at all times to meet product deadlines . Suddenly , a manufacturer unprepared to combat cyber crime could face life or death consequences .
An essential starting point for employers is to close that knowledge gap by bringing IT strategies and thinking to the manufacturer ’ s OT network . As OT can face process management , compliance , and risk management gaps they are unaccustomed with , providing them the experiences of IT can be useful new knowledge .
Manufacturers should provide training opportunities where IT staff can share details on existing threats to OT systems , where company leaders can talk about the short and long-term consequences of a breach to the company , and where all employees can share experiences and be more confident in their ability to protect the business , its reputation and its customers ’ information and privacy .
“ In addition , the U . S . government has published guidelines , best practices and self-assessment tools for manufacturers to use ,” suggests Taylor . “ They are all made available and are free of charge . This would be a resource for a manufacturer interested in improving cyber security .”
The vital nature of this threat is why operational cyber security is the key focus to the 2017 MFG Forum on 4 / 25 / 17 in Novi — a must-attend event for every manufacturer .