< Back to the Insider

Cybersecurity: Take the First (5) Steps

Share This Article: Connect with us on LinkedIn Like us on Facebook Follow us on Twitter

During a recent IMTS webinar, AMT’s Chief Technology Officer Tim Shinbara discussed manufacturing and cybersecurity with Keith Stouffer from the National Institute of Standards and Technology’s (NIST) Engineering Lab. They shared some simple steps every company can take to enhance cybersecurity.

Cybersecurity in 5 Steps:

  1. Identify – Inventory your equipment. If it is connected, it needs to be protected. Make sure your inventory is up to date.
  2. Talk the Talk: Cybersecurity Vocabulary

    • Threat – anything that could cause harm to your cyber systems.
    • Attack vector – how a threat gets into your system. Email is a major vulnerability.
    • Phishing emails – emails that look like legitimate emails (often from inside the company), which are used to get employees to open a link that will infect their system.
    • Malware – An abbreviation for malicious software; it includes any program or file that is harmful to a computer user.
    • Ransomware – a form of malware that encrypts a system or file and asks for a ransom to unlock it. Paying ransoms invites future vulnerabilities.
    • Advanced persistent threat - threats that target specific companies or manufacturers. Large manufacturers may be targets. Criminals are generally seeking intellectual property or proprietary information.
  3. Protect – Identify cybersecurity measures to protect your equipment. Stouffer suggests that manufacturers start with three simple fixes:
    1. Get rid of default passwords – Check all your equipment to ensure that none are using default passwords. These can easily be found using a simple Internet search.
    2. Use “run” mode – Check your equipment to see if it has a physical switch that can be set to either “program” or “run” mode. Ensure that all equipment is used in “run” mode unless you are actively programming.
    3. Introduce network segmentation – Create separate networks for your corporate email and your operations equipment. A manufacturing network should be separate and protected by a firewall.
  4. Detect – Monitor all systems continuously, so you can detect vulnerabilities and intrusions and follow up promptly.
  5. Respond – Make a plan for what you will do if you find vulnerabilities. Plan ahead so patches can be performed during production down time, if possible.
  6. Recover – Sometimes things happen. Create a plan for how you will recover if they do. Performing regular system back-ups is an essential step to ensure that you can resume operations promptly after an attack.

While cybersecurity can seem overwhelming, Stouffer recommends following these steps and taking a gradual approach. “Don’t stick your head in the sand; start with something small,” he said. “Before you know it, you will have increased your cybersecurity.”

Key Resources
Following are a variety of government and private sector resources available for manufacturers who are just getting started with cybersecurity:

Cybersecurity and Infrastructure Security Agency
https://ics-cert.us-cert.gov
Free guidance, best practices, training, and tools

Guide to Industrial Control System Security
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf
Detailed guidance on securing systems

Cybersecurity Framework Manufacturing Profile
https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8183.pdf
Provides implementation details for the manufacturing environment


Read More Business