Request Demo

DFARS, Manufacturing

Cybersecurity Manufacturing At MassMEP

down-arrow

On Thursday, September 26, the Massachusetts manufacturing community gathered in Worcester for the MassMEP Future of Manufacturing Symposium. From keynotes and breakout sessions, emerging technologies and processes captured the imagination and solidified the notion that it is an exciting time for American manufacturing. With the rapid pace of change and innovation comes new threats facing the industry, chief among them securing manufacturing organizations from cyberattack.

For many in the audience, cybersecurity was not top of mind. Cyber attacks are threats to the banking industry and financial services - like the quote says ‘why do you rob a bank? Because that’s where the money is.’ Well no longer. Manufacturing is now the most targeted industry for cyber attacks.

Unlike the banking, healthcare, and retail industries that has been managing and mitigating cyber threats for years, manufacturing is a relatively new target for cybercriminals. With the rise of the internet of things (IoT) and operational technology (OT) and the lack of standardization of cyber programs (50% of manufacturing executives lack confidence their protected), manufacturing is now the lowest hanging fruit for cyberattacks (39% of companies experienced a breach in 2016).

The DFARS mandate catalyzed cyber adoption and for many it was the first standardization practice. As clauses about cybersecurity began to appear in government contracting clauses, companies like Silverside Detectors were strapped to ensure that they were compliant. Many Massachusetts manufacturing teams were lacking the resources to dedicate a team to compliance or hire an outside contractor and were paralyzed by the seemingly insurmountable task of reaching compliance by the December 31st deadline. Until that point, many teams did not think of cybersecurity as a priority.

As Larry Wilson, CISO at UMass said, though, “starting a scalable cyber program early and proactively ensures that you’re protecting for scalable growth”. As a member of MassMEP, Silverside was connected to CyberSaint and the CyberStrong platform. With a limited team, CyberSaint streamlined and supplemented Silverside’s existing team to empower them with the knowledge and action plan to become DFARS compliant.

For many manufacturing organizations, a cyber program can go through sprints of rapid progress and longer periods of stagnation. The first motivation for the industry being DFARS compliant or risk losing business. Although, a proactive team (even at a company not yet big enough to have an appointed CISO) can take steps to build a foundation before their contracts are at risk - recommended best practices say start with the SANS Top 20 or CyberSaint’s NIST PowerControls (a collection of most impactful NIST Controls from the Cybersecurity Framework).

In speaking about these best practices CyberSaint CEO George Wrenn, a panelist at the event, said “These controls will require work to validate and secure. However, once you have and handle on these you and your organization will be in a strong position to scale and they will give you the ability to tailor your approach to any new regulations that emerge in the coming years.” Speaking to the future of cybersecurity in the manufacturing industry and beyond, the panel agreed that mandated standards across the industry will continue to emerge.

The panel discussion concluded with a call to action for the industry: manufacturing will only remain the primary target for cyberattacks for as long as organizations allow it. With a proactive approach, reaching beyond regulation and mandates, the industry and collectively become more secure.

If you are a Massachusetts manufacturer and want to secure your organization from cyber attack, contact Tom Andrellos at the MassMEP and take advantage of the CyberStrong platform through the MassMEP CyberSaint Partnership Program. toma@massmep.org

 

 

 

You may also like

Contextualize Quantified Cyber ...
on April 11, 2019

Now more than ever, CISO’s are being tasked with delivering hard metrics around an enterprise’s technology and digital risk. While this is nothing new for seasoned IT ...

NYDFS Implementation Grace Period ...
on April 9, 2019

Following the Equifax breach and growing concerns about the posture of the financial industry, New York State Department of Financial Services (NYDFS) released the initial ...

CEO's - Do You Know Where That ...
on April 5, 2019

It is no secret that cybersecurity has mystified many members of the C-suite since the function was introduced. With headlines dominated by breaches and hearings of information ...

Jerry Layden
Carbon Black Report Indicates ...
on April 2, 2019

In their third Global Incident Response Threat Report our Massachusetts neighbor, Carbon Black, illustrates not only the top industries for cyber attack but a deeply concerning ...

Legacy GRC And The Sunk Cost ...
on March 28, 2019

Last month, we covered how legacy GRC products and new integrated risk management (IRM) solutions can co-exist and in fact compliment each other. That said, in order for them to ...

Alison Furneaux
What To Expect From The Imminent ...
on April 6, 2019

While the NIST Privacy Framework may be the headliner for the most anticipated new publication from the National Institute of Standards and Technology, there are two imminent ...