Featured Image

Building an Advanced Cybersecurity Plan: Personnel and Infrastructure Security

Dec 07, 2022

While much of the focus when developing and deploying an advanced cybersecurity plan is concentrated on the technology aspects of the network, securing the physical network equipment and addressing those who have access to that equipment doesn’t get the same attention. In many ways, one can draw parallels between how a company secures its facility and who has access to the facility and the steps to secure access to your network equipment.

Network equipment should be housed in an access-controlled area. This should not be limited to servers and larger computing systems but extend to routers and other network access points distributed throughout a facility. Anyone intent on causing harm to a company or accessing proprietary company information can use these access points to penetrate the network. While larger companies may have a secure computer room where key pieces of equipment are housed, other companies may provide no, or limited, control over access to their network equipment. A broader issue is that few companies control access to routers and other access points distributed throughout the facility – especially in the manufacturing environment. As a minimum, this equipment should be housed in locked cabinets. Where possible, access should be monitored and alarmed. Additionally, logs should be maintained to validate who had accessed locations where network equipment is installed and when that access occurred.

Another topic to be addressed as part of an advanced cybersecurity plan is oversight and management of company and supplier personnel. A significant portion of cybersecurity events originate within a company – some unintentional and others intentional. Training, equipment controls, and other provisions of a company’s network security implementation address many of the unintentional events. The intentional ones are harder to address. Architecting network access controls appropriately can minimize a company’s exposure to an intentional internal “attack.” Activity monitoring can also provide a means to detect unusual activity. Beyond that, properly vetting personnel and management oversight are the only other reasonable means of protecting company assets for most companies.

Special scrutiny should apply to personnel with access to the network infrastructure – servers, routers, computer rooms, etc. A higher level of vetting and oversight should apply to these individuals. A determined individual can significantly damage a company’s infrastructure and intellectual assets. Management oversight should focus on trustworthiness, conduct, integrity, judgment, loyalty, reliability, and stability.

Special consideration should be given to disgruntled, transferred, or terminated personnel. While it is typically not acceptable to restrict or change a disgruntled individual’s access to network resources, careful and considerate management oversight would be most appropriate. For personnel who have been transferred to a new role/responsibility, it is important to reassess the individual’s network privileges and adjust network access privileges to only those required for the new role. Network privileges (usernames and passwords) should be immediately suspended for terminated personnel.

For more details on addressing personnel and infrastructure security relative to cybersecurity, you may want to reference Section 3.9 Personnel Security and Section 3.10 Physical Protection of NIST standard SP 800-171.


For more on this topic, we invite you to explore the Building an Advanced Cybersecurity Plan article series.

Part 1: Engagement and Reinforcement

Part 2: Interaction Mapping

Part 3: Access Control

Part 4: Electronic Media Protection

Part 5: Identification and Authentication

Part 6: Activity Logging, Auditing, and Traceability

Part 7: Network Resource Configuration Management

Part 8: Communications, Network, and Database Security

Part 9: Personnel and Infrastructure Security

Part 10: Maintenance and Incident Response

Part 11: Risk Assessment and Vulnerabilities Testing

PicturePicture
Author
John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
We celebrate all kinds of manufacturing at AMT – The Association For Manufacturing Technology, from the most cutting-edge smart automation to the humble, time-honored shuttle loom. Few things thread the needle between tradition and tech quite like denim.
Check in for the highlights, headlines, and hijinks that matter to manufacturing. These lean news items keep you updated on the latest developments.
New technology is a growth engine for manufacturing, but change risks disruption and enormous costs. Incrementally rolling out new equipment and software using technology testbeds helps refine and optimize processes before production deployment.
Check in for the highlights, headlines, and hijinks that matter to manufacturing. These lean news items keep you updated on the latest developments.
Successfully implementing edge computing into your shop floor may be more cost efficient than you think! Here are a couple ways your shop (and budget) can benefit. Bonus: Edge computing devices can also bolster your cybersecurity measures, saving you more!
Similar News
undefined
Technology
By Bonnie Gurney | Oct 08, 2025

Find cutting-edge innovations and network, Nov. 4-6, 2025, in Dallas, Texas — the new home of the Manufacturing Technology Series SOUTHWEST.

5 min
undefined
Smartforce
By Catherine “Cat” Ross | Sep 24, 2025

ARM Institute, ECI Software Solutions, and Kennametal get awards. Growth initiatives at Kitamura Machinery, DN Solutions, and Ellison Technologies. New leaders at Mate Precision Technologies and Kyzen. America Makes projects worth $10.8M. NCMS white paper.

5 min
undefined
Smartforce
By Bonnie Gurney | Sep 22, 2025

Manufacturing Technology Series SOUTHEAST will bring together manufacturing decision-makers and leaders to experience cutting-edge innovations and connect with peers in Greenville, South Carolina, from Oct. 21-23, 2025.

5 min