A collaboration between the Worcester-based Massachusetts Manufacturing Extension Partnership and Burlington cybersecurity firm CyberSaint seeks to help the state’s manufacturers doing work for the government better secure their information. In an interview, MassMEP Director of Growth Services Tom Andrellos spoke about the importance of cybersecurity in manufacturing in the 21st century.
Why is cybersecurity important in manufacturing?
Manufactures are unfortunately targets of hackers and attackers. Companies have become increasingly reliant on computer systems to vertically integrate product designs, manufacturing processes, cost structures, supplier networks and proprietary information throughout their supply chain. This information becomes potentially destructive and valuable information to competitors, agencies and governments around the world. A strong cyber security practice to risk mitigate these threats are crucial to the manufacturing operation to:
- Defending your company’s vital data and information
- Preventing theft or damage to your infrastructure, equipment and systems
- Avoiding major disruptions to operations and delivery of products
- Protecting your employee’s personal information
- Shielding your organization from negative publicity
Does this disproportionately affect manufacturers?
According to a recent report from the U’S. Department of Homeland Security, manufacturing is the second highest industry with the most reported cyber attacks, only subsequent to health care.
Is this a problem particularly for manufacturers doing work for the government?
The short answer is no. All type of companies in all industry sectors are open to cyber attackers and must take this threat seriously. Based on a report the top five industries at risk of cyber attacks are health care, manufacturing, financial services, government and transportation.
When did this start becoming a problem in manufacturing?
My guess this has been going on for some time. However, over the recent years the technology and hackers are becoming more sophisticated, so it’s a consistent challenge to keep up with protecting and securing our information. As cyber criminals increasingly target manufacturers, the FBI now estimates that over $400 billion worth of intellectual property leaves the U.S each year. As we move forward this issue, it is not going away. Manufacturers must ensure cyber security is part of their annual budgets. They need to initiate supply chain compliance (you’re as good as the weakest link) and work with experts to help them identify gaps, corrective actions and plans to secure critical information.
How many Mass. manufacturers do work for the government?
It’s been estimated (2016 data) that Massachusetts defense industry network of supplier is approximately 1,800 out of the total 7,500 manufacturing companies. This ranges from our large OEM’s such as Raytheon and General Dynamics to small manufacturers of sub assemblies, sheet metal, machine parts, electronics, power supplies, etc.
How does this partnership with CyberSaint address that issue?
The partnership MassMEP has established with CyberSaint was developed to address and focus on specific industries like the defense and homeland security. The National Institute of Standards and Technology (NIST) created the cyber security framework to provide organizations with guidance on how to prevent, detect, and respond to cyber attacks. NIST required all Department of Defense manufacturers that process, store or transmit controlled information to meet the Defense Acquisition Regulation Supplement minimum security standards, or risk their future business if not in compliance with the standards. These standards must be implemented at the contractors and all levels of their supply chain utilizing the security guidance in the NIST security requirement handbook. This was a major task for many of our clients at MassMEP to navigate the process of assessing a most critical area of risk. MassMEP recognized that partnering with an expert like CyberSaint to help our clients navigate through the process addresses the issue and provides a cost effective risk mitigation plan that meets cybersecurity requirements and sustains business.
This interview was conducted and edited for length and clarity by WBJ Staff Writer Zachary Comeau.