This is an original article from the NIST Manufacturing Innovation Blog.
Digitization and connectivity are having a huge impact on more than just your manufacturing operations and ability to monetize data. Your vulnerabilities also are increasing as Industrial Internet of Things (IIoT) manufacturing solutions involve more software, devices and digitally connected employees.
The manufacturing industry continues to be at high cyber risk as a result of global competition and geopolitical tensions. Companies up and down the supply chain are demanding more transparency into their customers’ and suppliers’ reliability in order to mitigate risks from disruptions. Some are starting to require cybersecurity assurances, a trend that will only gain momentum. Enforcing cybersecurity standards will ultimately protect U.S. innovation and competitiveness.
Supply Chain Disruptions Prompt More Transparency Among Partners
Disruptions in the global supply chain are changing how business gets done. Manufacturers want to know who they are dealing with, upstream and downstream. Federal regulatory requirements in defense, food, aviation, therapeutics and medical devices have also caused companies to assess their relationships with partners. Additionally, companies want to harness analytics and advanced manufacturing capabilities to gain efficiencies and increase their competitiveness.
This is especially true for cybersecurity preparedness. Manufacturers are being asked by their partners to provide technical certifications and specifications. Also, they are now being asked for documentation on the details of training for company policies on password management, identification, protection of sensitive information and response plans.
A security breach can have direct costs (financial and disruptive) and indirect costs (reputational or loss of contracts). Investing in IT security as you adopt new technologies is good for business.
CMMC Can Serve as a Blueprint for Manufacturing Industry
The Department of Defense (DOD) has led the effort to secure its supply chain by addressing cybersecurity concerns at non-governmental companies through the Cybersecurity Maturity Model Certification (CMMC). In essence, if you are going to do business with the DOD, you will eventually need to meet its criteria. Other federal government agencies are evaluating adoption of CMMC or a similar method as part of their purchasing processes.
It could be a competitive advantage for other industries to use the CMMC criteria as a model when vetting themselves, suppliers and customers. The practices and procedures defined for CMMC are guidance for any company to enhance its cybersecurity. These requirements extend beyond your network technology to include your personnel.
How Manufacturers Can Be Proactive in Their Preparedness
One of the benefits of using CMMC as a blueprint for cybersecurity are the tools that are available for manufacturers to assess their current state of preparedness, identify gaps and score their progress on:
- Technical areas, including:
- 24-7 monitoring
- Personnel, including:
- Policies and procedures
- Workforce training
Your employees remain your biggest vulnerability. Training employees and enforcing company policies and procedures will take on increasing importance as digitization evolves in manufacturing.
Conducting a CMMC self-assessment or preparing for a third-party assessment requires attention to detail. For example, if cybersecurity training isn’t where it needs to be, it calls for companies to create a roadmap, or a plan of action and milestones (POA&M), all of which could be important to supply chain partners.
Intellectual Property Theft is the Fastest Growing Threat to Manufacturers
Manufacturers have been the targets of cyber threats for years, and ransomware remains the most common form of cyber breach. But intellectual property (IP) theft is the fastest growing threat. In fact, espionage from China is more prolific than previously thought, so much so that on July 6, the heads of the FBI and Britain’s domestic security service issued a joint warning to business leaders about threats posed by Chinese efforts to steal intellectual property.
IP theft is a threat to everyone; it is becoming increasingly important to assure your supply chain partners that your operation meets industry standards for cybersecurity preparedness.
For more information on cybersecurity and Industry 4.0, please contact IMEC.