Cyber resilience and risk management for the modern manufacturer
Some regulations—such as the U.S. Securities and Exchange Commission’s rule requiring disclosures about a company’s cybersecurity program and any material cyber incidents—will spur manufacturers to make their cybersecurity more robust, and the need to maintain operational resilience and stay competitive will further drive the effort for many. In Canada, proposed legislation would create a framework to protect “critical cyber systems” and “ensure that risks to critical cyber systems are identified and managed. This includes risks associated with supply chains and the use of third-party products and services.”
IT, OT and IoT in harmony
Some executive teams may be in the habit of thinking about cybersecurity mainly as an IT problem. But strong risk management practices integrate IT and OT issues with broader enterprise risks.
Thinking holistically about IT and OT risks is especially important in the context of operations that use smart devices to streamline production and other processes. OT systems running operational environments are often older and insecure by design but are connected to business networks that are constantly under attack. This presents challenges for traditional security models and will become more pressing as cloud services expand across IT and OT environments, further increasing connectivity as operations modernize. Engineering and operations will need to collaborate with security and technology teams during system selection and planning to integrate security and technology principles by design.
Manufacturers also need to understand the cybersecurity and risk implications for IoT devices they use on the factory floor—such as smart thermostats, sensors that detect production changes and various building automation technologies. These devices often need to be connected to both sensitive operational systems and the internet, complicating traditional security models.
Also important for manufacturers of these devices is the need to build in security by design to any IoT devices they manufacture and sell. Supply chain security risk management continues to raise the bar for the minimum security that customers expect of their IoT vendors, making security design a key component of product strategy.
Connectivity among IT, OT and IoT systems, and integrating them with business risk management, is essential to enabling accurate data analytics, remote support and overall efficiency.