Featured Image

Ransom and Then Some: A Cybersecurity Forecast for Manufacturing Technology

At AMT’s 2021 MFG Meeting and MTForecast Conference, Richard Mason, president & CSO of Critical Infrastructure, will share his insight on cybersecurity in the manufacturing industry.
Sep 10, 2021

At AMT’s 2021 MFG Meeting and MTForecast Conference, Nov. 2-5, in Denver, Colorado, Richard Mason, president & CSO of Critical Infrastructure, will share his thoughts and recommendations about cybersecurity in the manufacturing world.

A former member of the Secret Service’s New York Electronic Crimes Task Force, and a 20+ year veteran of technology titans AT&T, Lucent Technologies’ Bell Labs, and Honeywell International, Mason is an expert in the fields of cybersecurity, physical security, and enterprise resilience.

We asked him several questions about security to preview his presentation in November.

What is your overall cyber security forecast for Manufacturing Technology?

Mason: According to CrowdStrike’s 2021 Global Threat Report, manufacturing is a close second for the most targeted sector for ransomware-related data extortion, falling slightly behind industrials and engineering and ahead of the technology sector. These top three sectors will continue to be targeted due to their willingness to pay, the sensitivity of the manufacturing process to disruption, their relative immaturity of controls, and the potential supply chain security impact to downstream customers, networks, and data. And in response to this elevated threat, manufacturing companies can expect much greater scrutiny from government regulators, insurance underwriters, and their customers.

Where is the manufacturing industry particularly vulnerable in terms of cybersecurity threats?

Mason: I often hear from small to medium enterprises that they think they are off the radar of cyber criminals, that “there are bigger fish to fry.” But bait fish are used to catch trophy fish and enough bait fish can certainly make a meal. If your business is making money, has valuable data, or can be a steppingstone to a target that has more money and valuable data, then you are officially in-scope.

What are best practices for getting started with cybersecurity?

Mason: There are great (free) resources out there from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS/CISA) such as stopransomware.gov; the Cyber Readiness Institute’s program; and AMT’s member guidance on adopting the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) is sound advice.

One best practice for getting started involves performing a cybersecurity maturity assessment using a trusted framework such as the NIST CSF. With a maturity assessment, a profile, and a plan (MAPP), you can start to answer fundamental cybersecurity questions: Where am I? Where am I going? Do I have the resources I need to get there? Is there a better or faster path? Are we there yet? A more targeted and lighter-weight approach would be a free ransomware readiness assessment to focus more exclusively on the controls that are related to ransomware.

Before you begin building out a cybersecurity program, I also recommend performing a tabletop exercise with key stakeholders. For example, it is possible that you already have a cybersecurity insurance policy — one that entitles you to certain incident response services and expenses, possibly even ransom payments. You will want to pressure test those processes with your insurance company, your legal counsel, IT, senior management, and law enforcement outreach services. If you are going to have ethical and legal debates on paying ransoms, determine what your maximum acceptable downtime is, how to communicate effectively with customers and authorities, or test whether your backups can actually be restored — do that before an incident, not during one.

For senior management, I’d advocate remembering PEMDAS (patching, encryption, monitoring, disaster response/recovery, asset inventory, and strong identity) to facilitate a deeper conversation on cyber security with your team. To better prepare your business for what’s ahead, register to attend AMT’s 2021 MFG Meeting and MTForecast Conference, Nov. 2-5, 2021, in Denver, Colorado. At this unique event, tailored to the manufacturing technology industry, you’ll hear more insight on cybersecurity and gain a deeper understanding of economic, market, and technology trends to help you build a robust business strategy.

PicturePicture
Author
Benjamin Moses
Director, Technology
Recent technology News
Sustaining a massive shift in U.S. Manufacturing. Guys, I can predict the future. Material flex. Yup, managing data is a thing now. Let’s have an honest conversation on cybersecurity.
One of the main differences between an OT (operational technology) network, such as one found on the manufacturing floor, and an IT (information technology) network , such as one found in an office environment, is the equipment ...
How do you make sense of data that you’ve never seen? This article provides a first-line approach on garnering data insights after the data has been initially retrieved.
Today, a business’s shop floor network, its operational technology (OT) network, faces essentially the same security threats as their general business network, or information technology (IT) network. Fortunately, the same technologies are available to ...
In the age of digital manufacturing, data systems have become more critical. The migration to these services from physical or existing digital systems requires thorough planning and a solid connection to business processes.
Similar News
undefined
Technology
By Stephen LaMarca | Jan 21, 2022

ORNL takes additive nuclear. ASTM and America makes launch 3 new additive projects. Pour some out for Olli. The ninja takes to the skies autonomously.

5 min
undefined
Technology
By Bonnie Gurney | Jan 19, 2022

The initial showing of Formnext in the USA market will be at IMTS – The International Manufacturing Technology Show, which runs 12 – 17 September 2022 in Chicago at McCormick Place, the premiere business trade show venue in North America.

6 min
undefined
Technology
By Peter R. Eelman | Jan 18, 2022

We sincerely wish you a year filled with happiness, health, and prosperity! While we don't feature content to enhance your personal happiness, every even-numbered year we host the Western hemisphere's largest manufacturing technology event, IMTS ...

5 min