By Jonathan Soriano
According to a joint study by Deloitte and The Manufacturers Alliance for Productivity and Innovation (MAPI), “Cyber Risk in Advanced Manufacturing,” there are six critical themes that manufacturing firms must consider when addressing cyber security threats:
Executive and board-level engagement
Talent and human capital
Intellectual property (IP)
Industrial control systems (ICS)
The study also highlighted initial steps that all manufacturing firms can take to address these six themes and the general issue of inadequate cyber security.
Deloitte and MAPI state that firms can successfully tackle cyber threats if they can effectively adopt three characteristics:
Be secure: Manage cyber risks as a team, and improve the level of preparation for cyber threats by incorporating cyber risk management strategies into current and emerging technologies; doing so allows firms to take a measured and risk-based approach to determining what is already secure, how to keep it secure, and how to secure what is not yet protected.
Be vigilant: Develop situational awareness and knowledge of relevant threats to better understand harmful behaviour and the most significant risks to the business. To detect potential threats more effectively, firms must monitor their systems, applications, people, and corporate environments.
Be resilient: Learn from mistakes, improve security controls when a cyber breach occurs, and then return to business as quickly as possible. Firms must be prepared for incidents, and be capable of decreasing their negative impact on the business before they escalate.
All of the suggestions proposed by Deloitte and MAPI’s suggestions assist firms in becoming more secure, vigilant, and resilient by addressing the six identified themes.
First and foremost, the right attitude towards cyber security must be instilled from the very top of the organization. Leaders and managers should understand their role in accomplishing key cyber risk objectives and increasing awareness within their organizations. Employees need to know their responsibilities—along with the appropriate response to unusual activity or anything else of concern—to help mitigate cyber risks. All employees must also understand that specific data may now be considered an asset in the manufacturing industry, which is why knowing where valuable data is stored within the organization (and how the risk profile of the data changes as it moves throughout the organization) is extremely important.
Future cyber risk assessments must have a wide scope to ensure that they cover all risks associated with advanced manufacturing. Assessments should include the firm, industrial control systems (ICS), connected products, intellectual property (IP) protection, and third-party risks related to supply chains. The conclusions of the cyber risk assessment should be shared with executive leaders so they are aware of the main cyber risks facing their companies. Based on the firm’s risk tolerance and the business impact of potential cyber breaches, executives can discuss how to address the risks discovered.
Firms must continuously develop, evaluate, implement, and improve new cyber threat monitoring strategies so that they can analyze if, and how quickly, a breach in key areas of their business would be detected. Management should make sure that all employees are prepared for cyber breaches by offering cyber-attack simulation exercises. Additionally, all emerging manufacturing technologies must be evaluated to ensure they coincide with the firm’s cyber risk strategies; if not, cyber risk management and fail-safe strategies can be built into the new technology to ensure that the firm’s cyber security will not be compromised.
Implementing the advice offered by Deloitte and MAPI will allow firms to become more secure, vigilant, and resilient. Successful adoption of these three characteristics by both employees and management will allow firms to address the six critical cyber security themes, and prepare to safely incorporate the beneficial technologies associated with Industry 4.0.