Today’s technology connects everything: supply chain, R&D, manufacturing and customer service. But as automation plays a larger role in manufacturing, cyber security concerns arise.
Every company varies in the type of information it considers important — in retail, it’s payment card information and for the healthcare industry it is patient personal health information. For manufacturers with complex supply chains, the data that is of most value includes intellectual property on patents, designs and formulas.
Manufacturing leaders face two responsibilities –to protect the integrity of the supply chain and products, and to protect customers and the brand.
Understand the threat.
From dynamic products to an ever-connected world, the opportunities for the manufacturing industry are tremendous. But anything that’s connected can be hacked — and insecure infrastructure can undermine the platform for future growth. As we shift towards “smart” manufacturing, cyber security is no longer an option.
The importance of security has seen significant growth over the last five years, largely due to the integration of business systems and the exponential growth of viruses.
“Manufacturers wondering how to handle cyber security in their own facilities can rip a page from the Shell Global Solutions security playbook,” notes Stephanie Neil, senior editor of Automation World. “The oil and gas company views cyber security as a business case designed to resonate with company executives, partners, technology providers and customers. They’ve moved away from the message ‘the hackers are coming,’ and instead have positioned cyber security as a business opportunity in the company’s digital journey.”
Understanding the importance of cyber security also requires strong communication among teams. In many organizations, conflicting priorities, a lack of trust and limited technical knowledge about each other’s skill sets have produced an uncooperative environment. Strengthen the level of cooperation between corporate IT and automation as much as possible.
Once you understand the importance of cyber security, identify your most valuable data assets. Where is your valuable information stored? Who has access to it? Identify what’s most important — maybe protecting engineering and R&D documents like design files — and then move onto the implementation stage.
Embed cyber security into every aspect of business.
According to PwC, only 13 percent of companies have an information security strategy in place and demonstrate a number of other leading practices — like having a high-level security chief, regularly measuring and reviewing the effectiveness of their procedures each year, and possessing a deep understanding of the types of security events that have occurred in their organizations.
To begin an effective cyber security program, consider three critical parts: people, processes and technology:
People: Employees are the single biggest security risk. In order for a security program to be successful, it’s crucial for all employees and stakeholders to have the necessary awareness, training and documentation. Add data protection to manuals and employee agreements. Train all of your teams on your policies regarding the use of confidential data and have a security awareness program for employees to share its importance and how they can participate.
Processes: Process refers to the policies, procedures and action plans. There will always be residual risks, but effective planning and process management minimize incident impact. Policies determine the rules of using a system, defines countermeasures for potential security risks and best practices. Procedures are step-by-step instructions showing how to execute a plan without being the expert on the system. By having clearly defined expectations of future programs, you can evolve your business and maintain the highest level of security.
Technology: When it comes to cyber security, many people think about technology like firewalls and antivirus programs — which are decent security measures, but may not protect all systems. It’s more important to prepare for an incident and ensure that critical systems can be recovered quickly. Focusing on backup and recovery will help in the case of badly configured firewalls and serious threats. Make sure you have good firewalls, antivirus, patch management, tape backup, remote access, authentication and physical security.
“It also helps to perform regular security awareness training and invite your contractors, vendors and partners to participate, as they should be subject to your data protection policies as well,” suggests Salo Fajer, chief technology officer at the Digital Guardian.
Be a part of the cultural transformation.
Perhaps the most critical part of manufacturing is the ability to adapt. As our businesses evolve, so must our environment.
The National Association of Manufacturers (NAM) recognizes that the maintenance and protection of our nation’s cyber-infrastructure is critical to national and economic security — and works with the federal government to advance the cybersecurity of the U.S. through increased collaboration and coordination with the private sector.
“Internet-based attacks can wreak havoc on industry and government agencies alike,” notes Brian Raymond, director of technology and domestic economic policy. “Due to the interdependence and reliance of the entire economy and government on the Internet for communication, commerce and homeland security, the Internet deserves continued attention in national homeland security initiatives and preparedness activities.”
At Apple Rubber, we use IQMS ERP software which offers the largest footprint of ERP, manufacturing, MES and supply chain modules in the industry developed by a single software company. This is tailored specifically for the manufacturing environment and helps prioritize the safety of credit card data.
We all face security threats — but by focusing on our people, our processes and our manufacturing technology, we can maintain awareness of all security factors and ensure there are no weak links.
What are some cyber security measures your organization has taken over the last year? What issues have you come across? Share your thoughts with us on Twitter @AppleRubber.