Cybersecurity: Take the First (5) Steps
During a recent IMTS webinar, AMT’s Chief Technology Officer Tim Shinbara discussed manufacturing and cybersecurity with Keith Stouffer from the National Institute of Standards and Technology’s (NIST) Engineering Lab. They shared some simple steps every company can take to enhance cybersecurity.
Cybersecurity in 5 Steps:
- Identify – Inventory your equipment. If it is connected, it needs to be protected. Make sure your inventory is up to date.
- Protect – Identify cybersecurity measures to protect your equipment. Stouffer suggests that manufacturers start with three simple fixes:
- Get rid of default passwords – Check all your equipment to ensure that none are using default passwords. These can easily be found using a simple Internet search.
- Use “run” mode – Check your equipment to see if it has a physical switch that can be set to either “program” or “run” mode. Ensure that all equipment is used in “run” mode unless you are actively programming.
- Introduce network segmentation – Create separate networks for your corporate email and your operations equipment. A manufacturing network should be separate and protected by a firewall.
- Detect – Monitor all systems continuously, so you can detect vulnerabilities and intrusions and follow up promptly.
- Respond – Make a plan for what you will do if you find vulnerabilities. Plan ahead so patches can be performed during production down time, if possible.
- Recover – Sometimes things happen. Create a plan for how you will recover if they do. Performing regular system back-ups is an essential step to ensure that you can resume operations promptly after an attack.
While cybersecurity can seem overwhelming, Stouffer recommends following these steps and taking a gradual approach. “Don’t stick your head in the sand; start with something small,” he said. “Before you know it, you will have increased your cybersecurity.”
Following are a variety of government and private sector resources available for manufacturers who are just getting started with cybersecurity:
Cybersecurity and Infrastructure Security Agency
Free guidance, best practices, training, and tools
Guide to Industrial Control System Security
Detailed guidance on securing systems
Cybersecurity Framework Manufacturing Profile
Provides implementation details for the manufacturing environment