Cyber Security — An Important Update
Americans have been historically naïve about thinking of cyber security. The concept of “Ransomware” and the “Dark Internet” were not even discussed three years ago. As we educate ourselves, watching individuals to large companies shut down or slowed down due to cyber security issues, we must look at our systems and make sure that we are protected.
Computer Systems are the Heart of Manufacturing
There are many trends, but a general observation is that computer systems are allowing manufacturing to become more complex and gain higher performance and efficiency. This dependency on computers requires ever more robust systems. This means cyber security is critical to the day-to-day operation.
Another way to look at it is this: “Our manufacturing systems have three critical Infrastructures: 1. Electricity, 2. Compressed Air, 3. Information Technology.” If any one of these three elements are missing, manufacturing comes to a halt. So, cyber security is a critical service.
That is why Protomatic places cyber security as one of the highest areas of importance for our company. To make acceptance of cyber security standards and changes easily adopted by all employees, the standard we have adopted is NIST SP800-171.
Cyber Security NIST SP800-171
Protomatic has had a very secure architecture for many years. Even so, we have been methodically working on strengthening cyber security since May 2016. The systematic improvement has significantly upgraded the overall security system.
The standard has helped us determine the area of strengths and weaknesses of our cyber security. We are happy to report that we are about 90% completed with the program and expect to be finished with our baseline of support in Q3-2017.
When complete, we will “self-certify” our program, assuring a basic level of confidence in our cyber security. That will result in a base support and does not mean that we are 100% immune to a threat, but we have a significant level of safeguards in place. If interested, you can download the free spec at NIST.
Strong Cyber Security is a Team Effort
From what we’ve learned in going through the process, we realize how important it is to partner with business suppliers that will also secure their business with a strong cyber security system. It is critical to protect valuable Control Unclassified Information (CUI) and Intellectual Property (IP).
When evaluating suppliers, do not base the decision on the size of the company or who simply has the lowest price. Recent history shows that company size and low price are not the features that make a strong cyber environment. Look for organizations that understand the importance of your product and what is required to meet the challenges of today. Overall, they will be more competitive and reliable. Confirm that the company embraces a cyber security standard.
Don’t Measure Security by IT Staff Size
Do not put a big priority on finding companies with big Information Technology (IT) staffs. Fact is, you do not need staff if the systems are properly automated. Look for updated systems that follow effective procedures, and suppliers that conduct a periodic review of cyber systems.
ROR – Return on Risk
Look for businesses that are not looking for a Return on Investment (ROI) methodology to improve their cyber security. Look for businesses that use a practical approach that is looking for the best Return on Risk (ROR). Confirm that Risk/Mitigation systems are developed, and used, such as a PFEMA, Risk/Mitigation Plan, or that a current Cyber Assessment Report is available.
Don’t Get Too Comfortable
Do not become complacent, but do be diligent. Technology is always changing. We invented automobiles and flying machines about one hundred years ago. Look how much they have changed. Computers equally have changed and the software to create both good and bad is out there. We are continually working to protect your IP and data, and secure your success.
Better Safe Than Sorry
One security breach is all it takes to cause potentially catastrophic problems. As a starting point, I recommend taking a look at the free NIST spec. It has certainly proven helpful to Protomatic. For more information, please contact Doug Wetzel, Vice President & General Manager, at 734-426-3655 or firstname.lastname@example.org.
About the author: Doug Wetzel is Vice President and General Manager of Protomatic. Protomatic is a CNC precision machining shop specializing in prototype and short-run production components for the medical, aerospace and other technical industries. Because of the critical nature of the parts they design and manufacture, the emphasis is always on Life-Saving Precision.