Request Demo

Manufacturing, DFARS

Cybersecurity Manufacturing At MassMEP

down-arrow

On Thursday, September 26, the Massachusetts manufacturing community gathered in Worcester for the MassMEP Future of Manufacturing Symposium. From keynotes and breakout sessions, emerging technologies and processes captured the imagination and solidified the notion that it is an exciting time for American manufacturing. With the rapid pace of change and innovation comes new threats facing the industry, chief among them securing manufacturing organizations from cyberattack.

For many in the audience, cybersecurity was not top of mind. Cyber attacks are threats to the banking industry and financial services - like the quote says ‘why do you rob a bank? Because that’s where the money is.’ Well no longer. Manufacturing is now the most targeted industry for cyber attacks.

Unlike the banking, healthcare, and retail industries that has been managing and mitigating cyber threats for years, manufacturing is a relatively new target for cybercriminals. With the rise of the internet of things (IoT) and operational technology (OT) and the lack of standardization of cyber programs (50% of manufacturing executives lack confidence their protected), manufacturing is now the lowest hanging fruit for cyberattacks (39% of companies experienced a breach in 2016).

The DFARS mandate catalyzed cyber adoption and for many it was the first standardization practice. As clauses about cybersecurity began to appear in government contracting clauses, companies like Silverside Detectors were strapped to ensure that they were compliant. Many Massachusetts manufacturing teams were lacking the resources to dedicate a team to compliance or hire an outside contractor and were paralyzed by the seemingly insurmountable task of reaching compliance by the December 31st deadline. Until that point, many teams did not think of cybersecurity as a priority.

As Larry Wilson, CISO at UMass said, though, “starting a scalable cyber program early and proactively ensures that you’re protecting for scalable growth”. As a member of MassMEP, Silverside was connected to CyberSaint and the CyberStrong platform. With a limited team, CyberSaint streamlined and supplemented Silverside’s existing team to empower them with the knowledge and action plan to become DFARS compliant.

For many manufacturing organizations, a cyber program can go through sprints of rapid progress and longer periods of stagnation. The first motivation for the industry being DFARS compliant or risk losing business. Although, a proactive team (even at a company not yet big enough to have an appointed CISO) can take steps to build a foundation before their contracts are at risk - recommended best practices say start with the SANS Top 20 or CyberSaint’s NIST PowerControls (a collection of most impactful NIST Controls from the Cybersecurity Framework).

In speaking about these best practices CyberSaint CEO George Wrenn, a panelist at the event, said “These controls will require work to validate and secure. However, once you have and handle on these you and your organization will be in a strong position to scale and they will give you the ability to tailor your approach to any new regulations that emerge in the coming years.” Speaking to the future of cybersecurity in the manufacturing industry and beyond, the panel agreed that mandated standards across the industry will continue to emerge.

The panel discussion concluded with a call to action for the industry: manufacturing will only remain the primary target for cyberattacks for as long as organizations allow it. With a proactive approach, reaching beyond regulation and mandates, the industry and collectively become more secure.

If you are a Massachusetts manufacturer and want to secure your organization from cyber attack, contact Tom Andrellos at the MassMEP and take advantage of the CyberStrong platform through the MassMEP CyberSaint Partnership Program. toma@massmep.org

 

 

 

You may also like

Marriott Breach Points To Issue In ...
on December 13, 2018

On Friday, November 30th, Marriott International announced what could be one of the largest data breaches in history. Over 500 million guests’ personal data, ranging from names to ...

The Key To Turning Your Security ...
on December 13, 2018

It is often said, “if you don’t want something noticed, don’t talk about it”. This is true of a bad GPA, a stain on a carpet, or a project you might have missed a deadline for. ...

Solving The Cybersecurity Skills ...
on December 6, 2018

It is no shock to those in the cyber community that cybersecurity has become a board-level issue for many enterprises. A PwC survey showed a 20% increase in CEO’s concern over ...

The Next Wave Of Innovation For ...
on December 12, 2018

   The internet of things (IoT) is a force transforming the modern enterprise. Anything from robotics in warehouses to smart manufacturing to data center monitoring, the ...

The Corporate Compliance and ...
on December 4, 2018

Corporate compliance and oversight (CCO) is one of the main pillars to a strong integrated risk management (IRM) program and solution. Today, compliance leaders are faced with a ...

Securing the AI powered enterprise
on December 5, 2018

Machine learning and artificial intelligence (AI) has become the competitive differentiator of our time. By 2020, Gartner predicts that almost all new products to enter the market ...