Cybersecurity Options for Manufacturers
As modern manufacturing has become increasingly digitized, the risks that have traditionally confronted financial institutions are certain to target manufacturers. The manufacturing sector presents security challenges of a unique nature due to customized industrial control systems, supervisory control and data acquisition systems, and networked machines, sensors, data, and software. The multi-organizational dependencies and under protected Internet of Things devices that are associated with modern manufacturing and international supply chains increase the opportunities for existing vulnerabilities to be exploited.
Cybersecurity Ventures  reports how costs associated with protecting companies from cyberattacks are growing at rates that exceed linear growth. Their estimation of costs associated with cybercrime includes potential damage of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
Financial industry leaders are prepared to increase the resources that they use to protect against these threats in order to provide sufficient levels of trust for their customers and stockholders. For example, J.P. Morgan Chase & Co. has increased annual cybersecurity budgets from $250 million to $500 million. Bank of America has gone on record stating that it is prepared to spend unlimited resources to combating cybercrime. This analysis by Cybersecurity Ventures includes predictions on how global costs associated with combating cybercrime will continue rising to more than $6 trillion annually by 2021.
For manufacturers, support from the federal government comes from the National Institute of Standards and Technology (NIST) Cybersecurity Framework Manufacturing Profile . With this resource, manufacturers can 1) search for opportunities to improve the cybersecurity posture of their manufacturing system, 2) evaluate the ability to operate the control environment at their acceptable risk level, and 3) implement a standardized approach to prepare a cybersecurity plan for ongoing assurance of their manufacturing system’s security.
The NIST Framework Core of the profile consists of 5 functional activities:
1) Identify those systems, assets, data and capabilities that require management of cybersecurity risk,
2) Protect the delivery of critical infrastructure services,
3) Detect the occurrence of a cybersecurity event,
4) Respond with appropriate activities to take action regarding a detected cybersecurity event, and
5) Recover any capabilities or services that were impaired due to a cybersecurity event.
Organizations can assess strengths and opportunities to improve the management of cybersecurity by implementing the Baldrige Cybersecurity Excellence Builder . This cost effective, self-assessment tool consists of open-ended questions, and is adaptable and scalable to your organization’s needs, goals, capabilities and environment.
A first self-assessment can frequently be accomplished in a one-day meeting. The use of the Excellence Builder within your organization can create a common language for assessment, identify topics for which conflicting, little, or no information which is available and conduct a full self-assessment of your cybersecurity risk-management system. The completed evaluation often leads to an action plan for implementing improvements.
The Triple Bottom Line
How we are currently Implementing LSS in Value Streams isn't Working
People in Supply Chain- Motivating and Innovating
Changing World-Changing Supply Chain-Changing Expectations
By Chris Tjotjos, VP, Cisco Solutions Practice, Black Box...
By Laura Jackson, Sr. Manager-Risk Management, ABS Consulting
By Jason Cradit, VP of Information Systems, Willbros Group
By Steve Garske, Ph.D., Senior Vice President & Chief...
By Roman Trakhtenberg, CEO, Luxoft
By Renee P Wynn, CIO, NASA
By Mike Morris, CIO, Legends
By Louis Carr, Jr., CIO, Clark County
By Andrew Macaulay, CTO, Topgolf Entertainment Group
By Dominic Casserley, President and Deputy CEO, Willis...
By Dave Nelson, SVP-Portfolio Lead, Avanade, Inc.
By Michael Cross, SVP & CIO, CommScope Holding Company Inc.
By Pauly Comtois, VP DevOps, Hearst Business Media
By Dan Adam, CIO, Extreme Networks
By Matt Schlabig, CIO, Worthington Industries
By David Tamayo, CIO, DCS Corporation
By Scott Cardenas, CIO, City and County of Denver
By Marc Kermisch, VP & CIO, Red Wing Shoe Co.
By Brian Drozdowicz, VP, Digital Services, Siemens...
By Les Ottolenghi, EVP and CIO, Caesars Entertainment