Cybersecurity in Manufacturing at MassMEP
On Thursday, September 26, the Massachusetts manufacturing community gathered in Worcester for the MassMEP Future of Manufacturing Symposium. From keynotes and breakout sessions, emerging technologies and processes captured the imagination and solidified the notion that it is an exciting time for American manufacturing. With the rapid pace of change and innovation comes new threats facing the industry, chief among them securing manufacturing organizations from cyberattack.
For many in the audience, cybersecurity was not top of mind. Cyberattacks are threats to the banking industry and financial services - like the quote says ‘why do you rob a bank? Because that’s where the money is.’ Well no longer. Manufacturing is now the most targeted industry for cyber attacks.
Unlike the banking, healthcare, and retail industries that has been managing and mitigating cyber threats for years, manufacturing is a relatively new target for cybercriminals. With the rise of the internet of things (IoT) and operational technology (OT) and the lack of standardization of cyber programs (50% of manufacturing executives lack confidence their protected), manufacturing is now the lowest hanging fruit for cyberattacks (39% of companies experienced a breach in 2016).
The DFARS mandate catalyzed cyber adoption and for many it was the first standardization practice. As clauses about cybersecurity began to appear in government contracting clauses, companies like Silverside Detectors were strapped to ensure that they were compliant. Many Massachusetts manufacturing teams were lacking the resources to dedicate a team to compliance or hire an outside contractor and were paralyzed by the seemingly insurmountable task of reaching compliance by the December 31st deadline. Until that point, many teams did not think of cybersecurity as a priority.
As Larry Wilson, CISO at UMass said, though, “starting a scalable cyber program early and proactively ensures that you’re protecting for scalable growth”. As a member of MassMEP, Silverside was connected to CyberSaint and the CyberStrong platform. CyberSaint streamlined and supplemented Silverside’s existing team to empower them with the knowledge and action plan to become DFARS compliant.
For many manufacturing organizations, a cyber program can go through sprints of rapid progress and longer periods of stagnation. The first motivation for the industry being DFARS compliant or risk losing business. Although, a proactive team (even at a company not yet big enough to have an appointed CISO) can take steps to build a foundation before their contracts are at risk - recommended best practices say start with the SANS Top 20 or CyberSaint’s NIST PowerControls (a collection of most impactful NIST Controls from the Cybersecurity Framework).
In speaking about these best practices CyberSaint CEO George Wrenn, a panelist at the event, said
“These controls will require work to validate and secure…
However, once you have a handle on these, you and your organization will be in a strong position to scale and they will give you the ability to tailor your approach to any new regulations that emerge in the coming years.”
Speaking to the future of cybersecurity in the manufacturing industry and beyond, the panel agreed that mandated standards across the industry will continue to emerge.
The panel discussion concluded with a call to action for the industry: manufacturing will only remain the primary target for cyberattacks for as long as organizations allow it. With a proactive approach, reaching beyond regulation and mandates, the industry and collectively become more secure.
If you are a Massachusetts manufacturer and want to secure your organization from cyber attack, contact Tom Andrellos at the MassMEP and take advantage of the CyberStrong platform through the MassMEP CyberSaint Partnership Program. firstname.lastname@example.org