Featured Image
Technology |Data-Driven Manufacturing

Building an Advanced Cybersecurity Plan: Engagement and Reinforcement

Cybersecurity protects your – and your clients' – assets. This series dives into how you can integrate a successful cybersecurity plan. From company culture to training and maintaining your personnel, creating a safe business environment starts here.
by John Turner
May 02, 2022

There are multiple strategic and competitive reasons to implement an advanced cybersecurity plan.

From a defensive perspective, a cybersecurity implementation is designed to protect company assets from threats that can disrupt operations. It is also intended to protect against intruders who may try to access company information and data. While developing and maintaining an advanced cybersecurity implementation is burdensome, it also is a strategic initiative to protect a company’s bottom line.

From an offensive perspective, customers want to do business with companies that they can depend on – a secure supply chain. An advanced cybersecurity plan can reassure existing customers that that their supply chain partners will be there when they need them, reliable and consistent. This can also position a company to secure new business, as it demonstrates their commitment to being a consistent and reliable partner and provides a differentiation that will take others time and effort to match.

Industry recognizes a couple of different cybersecurity models that are being deployed by U.S. companies. The National Institute of Standards and Technology (NIST) standard SP 800-171 has been adopted by the Department of Defense (DOD) for their Cybersecurity Maturity Model Certification (CMMC) program. Other government agencies and companies in the DOD supply chain are adopting, or considering adopting, this standard. Since this standard is going to have a significant impact on the manufacturing industry, we will use it as a guideline for this “Building an Advanced Cybersecurity Plan” series of articles.

A company’s cybersecurity plan should be integrated into the very fabric of the company’s culture, which ensures the company operates in a secure manner. This means that everyone in the company, and everyone who interacts with the company, has a responsibility to protect company assets and proactively avoid the introduction of cybersecurity threats into the company’s systems and network.

Not every individual has the same interaction with business systems nor has the same responsibilities relative to cybersecurity issues. Early in the process of developing a cybersecurity plan, a company should define a set of specific roles that categorize everyone in the business based on how they interact with business systems. As various aspects of your cybersecurity plan are developed, consideration should be given to how each part of the plan interacts with each of these roles. This provides a foundation upon which a company can clearly communicate to every individual their personal responsibilities relative to protecting company assets.

Typically, a cybersecurity plan is not fully evolved before it is launched. Additionally, a cybersecurity plan is never complete – it should be continually updated to address changes in security threats. Communications and training are key to drive personnel engagement with the security plan. Periodic training is required to reinforce the importance of each person’s contribution to the security of business assets. This also provides the opportunity to communicate changes and updates to the security plan relative to each role.

Training content should be customized to the scope of information applicable to each role; not everyone should be burdened with trying to understand all aspects of the cybersecurity plan. However, the content of the training should include information about the security responsibilities of others with whom an individual may interact. For example, a manager’s training should be extended to include content applicable to those who report to the manager. Training for purchasing personnel should be extended to include content applicable to the exchange of information with vendors. Likewise, training for maintenance personnel should include content applicable to outside service providers.

Once you have defined a communications and training plan optimized by role, you have the foundation to advance your company’s cybersecurity culture and engage everyone associated with your security strategy. Periodic training furthers engagement with your strategy and reinforces each person’s responsibilities for protecting the company’s assets.

As you continue to build out the balance of your cybersecurity program, you can then utilize this structure to communicate changes/enhancements to your program and how those changes impact the responsibilities of each person associated with your business.

For more details of specific actions to take when building the training and engagement portions of your cybersecurity plan, see section 3.2, “Awareness and Training,” of NIST standard SP 800-171.

For more on this topic, we invite you to explore the Building an Advanced Cybersecurity Plan article series.

Part 1: Engagement and Reinforcement

Part 2: Interaction Mapping

Part 3: Access Control

Part 4: Electronic Media Protection

Part 5: Identification and Authentication

Part 6: Activity Logging, Auditing, and Traceability

Part 7: Network Resource Configuration Management

Part 8: Communications, Network, and Database Security 

Part 9: Personnel and Infrastructure Security

Part 10: Maintenance and Incident Response

Part 11: Risk Assessment and Vulnerabilities Testing

Tagged
Systems and SoftwareData Driven Manufacturing
PicturePicture
Author
John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Cost-Efficient Deployment of Edge Computing and Its Security Savings
Successfully implementing edge computing into your shop floor may be more cost efficient than you think! Here are a couple ways your shop (and budget) can benefit. Bonus: Edge computing devices can also bolster your cybersecurity measures, saving you more!
I Want Large Data Sets. Now What Do I Do?
In collecting data for digital manufacturing, the underlying system architecture for collecting and storing the data can significantly impact the system's benefits and its flexibility for future extensions. We examine two types that may address your needs.
Smart Manufacturing Experience 2024 Set for June 4-5 in Pittsburgh
Event to Connect Small and Medium Manufacturers with Experts in Smart Technologies
Computing on the Edge
Edge computing in digital manufacturing involves placing devices between data sources and the network, and ranges from basic data collection to distributed systems. Learn more about its benefits like data processing, isolation, organization, and security.
Is Semantic Data Worth the Effort?
What are the benefits of harvesting semantic data from equipment on the shop floor? For starters, it's easier to integrate machines into shop maintenance and monitoring systems. Learn how the industry has responded to semantic data – and where it's going.
Similar News
undefined
Technology
Faster: The Relentlessness of Change
By Douglas K. Woods | Oct 07, 2024

Change is happening faster than ever. With it comes opportunities – as well as potentially insurmountable challenges to the status quo.

6 min
undefined
Technology
Digital Twin: What's OpenUSD?
By Stephen LaMarca | Oct 02, 2024

OpenUSD and USD refer to the same core technology, with OpenUSD emphasizing the framework's open-source nature.

4 min
undefined
Technology
Must-See Manufacturing Streaming
By Bonnie Gurney | Oct 03, 2024

Throughout the six days of IMTS 2024, the IMTS+ Main Stage hosted more than 85 speakers and produced more than 50 live shows.

4 min