Cybersecurity in the manufacturing
According to the EFF, the manufacturing sector is now the UK’s third most heavily targeted industry by cybercriminals. Despite this, organizations within the sector are among the least well prepared to defend themselves.
Security maturity levels in the manufacturing sector vary and almost half of UK manufacturers report that they have fallen victim to cyber-attacks, with many more incidents likely going undetected.
Common cybersecurity challenges in the manufacturing industry include:
• Reversing an industry-wide lack of security awareness
• Combatting industrial espionage and operational disruption
• Protecting sensitive data, capital and intellectual property
• Managing security in the era of Smart Manufacturing and Industry 4.0
• Mitigating cybersecurity risks across the supply chain
• Identifying and eliminating Industrial Control System (ICS) vulnerabilities
Key security questions manufacturers must ask
Questions manufacturers should be asking of their cybersecurity:
How do we demonstrate due diligence, ownership, and effective management of cyber risk? Are risk maps developed to show the current risk profile, as well as timely identifying emerging risks we should get ahead of?
Do we have the right leadership and organizational talent? Beyond enterprise systems, who is leading key cyber initiatives related to ICS and connected products?
Have we established an appropriate cyber risk escalation framework that includes our risk appetite and reporting thresholds?
Are we focused on, and investing in, the right things? And, if so, how do we evaluate and measure the results of our decisions?
How do our cyber risk program and capabilities align with industry standards and peer organizations?
How do our awareness programs create a cyber-focused mindset and cyber-conscious culture organization-wide? Are awareness programs tailored to address special considerations for high-risk employee groups handling sensitive intellectual property, ICS, or connected products?
What have we done to protect the organization against third-party cyber risks?
Can we rapidly contain damages and mobilize response resources when a cyber incident occurs? How is our cyber incident response plan tailored to address the unique risks in ICS and connected products?
How do we evaluate the effectiveness of our organization’s cyber risk program?
Are we a strong and secure link in the highly connected ecosystems in which we operate?
Cybersecurity compliance in manufacturing
Although there are no industry-specific standards governing cybersecurity in manufacturing, a number of far-reaching standards have a direct impact on organizations operating in areas such as food and drink, textiles, automotive and engineering.
The importance of quality control in manufacturing means that ISO 9001 is also of particular relevance. Supply chain management is an important part of the certification process, requiring manufacturers to make efforts to verify the security of their suppliers and partners in order to minimize cybersecurity risks.