Digital transformation – and the adoption of cyber physical systems (CPS), smart manufacturing and Connected Enterprises – is allowing companies to realize significant competitive advantages.
But as we bridge the divide between operational technology (OT) and informational technology (IT), we’re discovering cybersecurity vulnerabilities.
As soon as you connect your network to the outside world, you create a potential path into your company that cyber criminals can attempt to infiltrate.
You simply can’t have the reward of digital transformation without some risk.
As we connect supply, demand and design chains, we create multi-organizational dependencies. And those chains are only as strong as their weakest link.
Especially vulnerable are smaller manufacturers without a dedicated cybersecurity team. But even the biggest companies with teams of professionals face risk.
International standards often address these risks in different ways, which can make it difficult to know which standards would best minimize organizational cybersecurity risk.
Even when a business is proactive about cybersecurity, its supply chain may not be. The breach of a major global retail chain was caused by a third-party vendor servicing a brick-and-mortar store. The theft of the vendor’s credentials ultimately exposed the information of 41 million credit card holders and cost the retailer millions of dollars in settlements.
To manage cybersecurity risks we are:
Three things you can do to help protect yourself:
There is a danger of introducing risk when applying multiple standards that may have competing goals or definitions of security. Harmonizing standards is crucial to minimizing the risks of adopting a particular standard as a metric for security.
The ISA/IEC 62443 (network and system security for industrial-process measurement and control) is becoming the framework for cybersecurity in manufacturing.
Additional work is being defined in ISO/IEC 15408 (Evaluation Criteria for IT Security), UL 2900 (Standard for Software Cybersecurity for Network-Connectable Products) and TC 260 (China National Security Standards).
It’s great that we have cybersecurity experts working to address vulnerabilities, but to be truly impactful, these activities need to be harmonized.
It’s difficult for most manufacturers to adopt one cybersecurity standard, let alone four – so we are taking an active role in developing and harmonizing standards to have real impact.
And we can’t stop there.
Connecting a multivendor supply chain across the IT/OT barrier without harmonization will create significant integration challenges, so we need to harmonize the cybersecurity standards between OT and IT as well.
Harmonization facilitates interoperability, and helps minimize risk – and that benefits everyone.
We’re involved in standards committees and efforts around the world to work in the best interest of manufacturers and everyone in their supply chain.
Through common standards we can facilitate future interoperability, achieve connectivity – and address evolving cybersecurity threats and challenges.