Cybersecurity for Manufacturers: Report Release & Briefing

Event Recap

MForesight celebrated the release of the report Cybersecurity for Manufacturers: Securing the Digitized and Connected Factory by giving a briefing in Washington, DC on Friday, September 22.

This is a critical topic that MForesight chose to address since there are manufacturing-specific cybersecurity challenges.

More than most industries, modern manufacturing depends on the flow of materials, parts, assemblies, energy, data, and people from many different sources. Additionally, the growing digitization of manufacturing production and increasingly complex information technology (IT) networks within and between factories introduces growing number of potential vulnerabilities. Also, the broad lifecycle diversity of decades-old and new machinery and equipment poses an enormous challenge in effectively implementing security measures across the factory floor.

At the report release event, hosted by the House Manufacturing Caucus in the Rayburn House Office Building, approximately 100 attendees learned about the main recommendations in the report and heard from expert panelists from academia, industry, and government. Mike Russo, Director and Corporate Lead, U.S. Government Affairs at GLOBALFOUNDRIES, moderated the event. Panelists included:

• Jim Davis (Key Technical Contributor), Vice Provost for Information Technology & Chief Academic Technology Officer, UCLA
• David Vasko, Director of Advanced Technology, Rockwell Automation
• Mike McGrath, Principal Consultant, McGrath Analytics LLC
• Carol Hawk, Program Manager of Cyber Security for Energy Delivery Systems, Department of Energy
• Donna Dodson, Chief Cybersecurity Advisor, NIST
• Melinda K. Woods, Defense Production Act Title III Program Director, Office of the Secretary of Defense

Following a welcome and introductions from MForesight Executive Director, Sridhar Kota, Dr. Davis provided an overview of the challenges of cybersecurity asserting that the problem will not go away and we need to stop being complacent.

The expert panelists emphasized the need to harmonize standards globally and how important it is to share information. One example of this is that the Department of Energy’s initiatives around cybersecurity and the energy grid may result in useful information that can be applied to manufacturing. The defense supply chain is a particular area of concern since defective data can lead to bad parts, which can lead to weapons systems failure. Public-private partnerships are important, as illustrated by the NIST Cybersecurity Framework which was pulled together by a public-private partnership. Attendees were reminded of the newly released Cybersecurity Framework Manufacturing Profile.

While questions from the audience brought out that sensors are useful in detecting changes in machines and networks, and that big data can also be useful for data authentication, the report recommended near-term and long- term R&D challenges along with use of test beds, cyber ranges, and information sharing approaches needed for manufacturers to adopt strong cybersecurity practices. Cooperation between industry, government, and academia will provide the foundation for building a public-private partnership that can address manufacturing-specific cybersecurity challenges. Another comment noted that developing a competent workforce is critical to addressing the cybersecurity challenge and NIST has established the National Initiative for Cybersecurity Education.

All stakeholders in the field of manufacturing need to keep moving forward with addressing the cybersecurity challenges, which requires continual conversation and action.

One recommendation the report makes is to establish manufacturing industry-specific Information Sharing and Analysis Centers (ISACs) to facilitate fault-free, anonymous sharing of incidents, threats, vulnerabilities, best practices, and solutions. It’s critical for companies to share their experiences if we want to raise awareness and improve protections against cyber-threats. We hope this report can bolster existing conversations and actions and start new ones.

Thank you to all the panelists and attendees for helping to celebrate the release of this report! Watch a recording of the event.

Prior to this celebration event, MForesight leadership gave pre-briefings on September 19 to key stakeholders at the National Science Foundation, the National Institute of Standards and Technology, and the Department of Defense.

Request a digital version of the report

Read the report summary

Read op-ed by Sridhar Kota (The Hill, 10/20/17): A plan for defending US manufacturers from cyberattacks