Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Demands for Increased Visibility Are Impacting Cybersecurity Preparedness

Technical Industrial Engineer controling robotics with monitoring system software
Credit: iStock/ipopba

Digitization and connectivity are having a huge impact on more than just your manufacturing operations and ability to monetize data. Your vulnerabilities also are increasing as Industrial Internet of Things (IIoT) manufacturing solutions involve more software, devices and digitally connected employees.

The manufacturing industry continues to be at high cyber risk as a result of global competition and geopolitical tensions. Companies up and down the supply chain are demanding more transparency into their customers’ and suppliers’ reliability in order to mitigate risks from disruptions. Some are starting to require cybersecurity assurances, a trend that will only gain momentum. Enforcing cybersecurity standards will ultimately protect U.S. innovation and competitiveness.

Supply Chain Disruptions Prompt More Transparency Among Partners

Disruptions in the global supply chain are changing how business gets done. Manufacturers want to know who they are dealing with, upstream and downstream. Federal regulatory requirements in defense, food, aviation, therapeutics and medical devices have also caused companies to assess their relationships with partners. Additionally, companies want to harness analytics and advanced manufacturing capabilities to gain efficiencies and increase their competitiveness.

This is especially true for cybersecurity preparedness. Manufacturers are being asked by their partners to provide technical certifications and specifications. Also, they are now being asked for documentation on the details of training for company policies on password management, identification, protection of sensitive information and response plans.

A security breach can have direct costs (financial and disruptive) and indirect costs (reputational or loss of contracts). Investing in IT security as you adopt new technologies is good for business.

CMMC Can Serve as a Blueprint for Manufacturing Industry

The Department of Defense (DOD) has led the effort to secure its supply chain by addressing cybersecurity concerns at non-governmental companies through the Cybersecurity Maturity Model Certification (CMMC). In essence, if you are going to do business with the DOD, you will eventually need to meet its criteria. Other federal government agencies are evaluating adoption of CMMC or a similar method as part of their purchasing processes.

It could be a competitive advantage for other industries to use the CMMC criteria as a model when vetting themselves, suppliers and customers. The practices and procedures defined for CMMC are guidance for any company to enhance its cybersecurity. These requirements extend beyond your network technology to include your personnel.

How Manufacturers Can Be Proactive in Their Preparedness

One of the benefits of using CMMC as a blueprint for cybersecurity are the tools that are available for manufacturers to assess their current state of preparedness, identify gaps and score their progress on:

  • Technical areas, including:
    • 24-7 monitoring
    • Authentication
    • Controls
  • Personnel, including:
    • Policies and procedures
    • Workforce training

Your employees remain your biggest vulnerability. Training employees and enforcing company policies and procedures will take on increasing importance as digitization evolves in manufacturing.

Conducting a CMMC self-assessment or preparing for a third-party assessment requires attention to detail. For example, if cybersecurity training isn’t where it needs to be, it calls for companies to create a roadmap, or a plan of action and milestones (POA&M), all of which could be important to supply chain partners.

Intellectual Property Theft is the Fastest Growing Threat to Manufacturers

Manufacturers have been the targets of cyber threats for years, and ransomware remains the most common form of cyber breach. But intellectual property (IP) theft is the fastest growing threat. In fact, espionage from China is more prolific than previously thought, so much so that on July 6, the heads of the FBI and Britain’s domestic security service issued a joint warning to business leaders about threats posed by Chinese efforts to steal intellectual property.

IP theft is a threat to everyone; it is becoming increasingly important to assure your supply chain partners that your operation meets industry standards for cybersecurity preparedness.

MEP Centers Can Help With Your Cybersecurity Preparedness

Supply chain security and protection of sensitive corporate information is an ever-increasing concern for most manufacturing companies. The MEP National Network™ can help you strengthen your cybersecurity.

Contact your local MEP Center to get the conversation started.

About the author

Nathan Sable

Nathan previously managed the IT and Cybersecurity Practice for Genedge, the MEP Center in Virginia. His duties included understanding market and client needs, developing new service offerings, and...

Related posts

Comments

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.