Featured Image

Building an Advanced Cybersecurity Plan: Interaction Mapping

To build or enhance your company's cybersecurity plan, one of the first steps to consider is mapping out all access points to your company’s systems and network, including the interaction points between various systems within and outside the network.
May 06, 2022

One of the first steps that a company should consider when building or enhancing their cybersecurity plan is to map out all access points to the company’s systems and network, including the points of interaction between various systems within and outside the network. This task should be completed whether a company’s internal resources will be responsible for implementing the security plan or if these services are contracted with an outside organization.

This interaction map has two primary functions: (1) Define every point of vulnerability to your business systems; (2) Provide a clear path for deploying appropriate security functions to address each of these points of vulnerability. This map should be a living document capturing changes that may introduce new points of vulnerability or new interactions between systems that may require implementation of additional security functions.

The specific tool used to create the interaction map is not overly important – this will depend on the complexity of your network structure and the familiarity within your organization with various mapping tools. The key is to do the mapping and to keep it up to date – make it the working document upon which you build your overall cybersecurity plan.

When building the interaction map, it is not necessary to define every individual piece of equipment. For example, if there are 10 similar computers and users in the manufacturing operations office that all have similar capabilities and access rights to business systems, these can be grouped into a single class. Another example may be visitors who are granted access to your network or systems – these too can be mapped as a class if they have equal access and rights. When grouping interfaces into classes, it is important to assure that all security functions applicable to a class of equipment/users is applied to all.

The map should not only include computers, production equipment, and other devices directly connected to the business’s network; it should also include any other interface those devices have to other devices or systems outside the network. For example, all removable storage devices associated with computers or other pieces of equipment attached to the network should be mapped as additional points of vulnerability. Likewise, any devices that are owned by the company, visitors, vendors, personnel, etc. which may be temporarily connected directly to the network or connected to any device that is then connected to the network (e.g., a maintenance or service provider’s computer connected to a piece of production equipment) should also be included in the interaction map, along with any additional interfaces available to those devices. As you can see, this interaction map can get quite complex, but each of these access points is a point of vulnerability to the security of your business systems.

Another set of interfaces to be addressed in the interaction map are the interfaces between business systems and from business systems to databases/mass storage systems. This includes interfaces to resources both within the company or connected through the internet (or other remote connection). The importance of providing security functions for interfaces to resources outside the company are pretty clear. Consideration of the interface interactions between systems within the company are often overlooked. Defining these interfaces, limiting those interfaces, and deploying security functions to these interfaces are important to minimize the spread of a security threat across systems. Such security breaches can interrupt broad sectors of a business. Additionally, adding these security measures can minimize the potential for a “backdoor” security breach where multiple systems can be compromised once any one system is penetrated.

Once you have a clear picture of all points of vulnerability to your business systems, you now have a platform upon which to build the balance of your cybersecurity plan.

John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Cybersecurity protects your – and your clients' – assets. This series dives into how you can integrate a successful cybersecurity plan. From company culture to training and maintaining your personnel, creating a safe business environment starts here.
Interested in adding MTConnect? Recently the AMT-Virginia Tech team simulated a manufacturing environment of robotic arms performing material transportation. The collected and visualized data provides insight into process monitoring and machine efficiency.
Check in for the highlights, headlines, and hijinks that matter to manufacturing. These lean news items keep you updated on the latest developments.
Proactively addressing cybersecurity can turn a “necessary evil” into a competitive advantage. Implementing a solid cybersecurity plan can reassure existing customers that they have made the right choice in choosing your company as a supplier.
Everything from the chemistry of the insert to the capacity of the spindle drive to the control algorithms for the axes is different. And the differences are accelerating. So what we “know” could be what we “knew” because of the change in tech.
Similar News
By Stephen LaMarca | May 13, 2022

Additive repairs for the F-35. LIFT’s initiative doesn’t let down. Harder, better, faster, stronger. Agility robotics has Amazon’s attention.

5 min
By Tim Shinbara | May 11, 2022

Collaborative robots (cobots) aren’t superheroes, but they are rescuing manufacturers of all sizes from the grip of a crippling labor shortage. Their ease of use and flexibility to take on many tasks are increasing their popularity.

5 min
By Benjamin Moses | May 06, 2022

New way to produce metal powders. Pittsburgh is an automation powerhouse. Nothing is ever certain. Always a new way. Set phasers to culture.

5 min