Who’s Responsible for Cybersecurity in Industrial and Manufacturing Settings?

Who’s Responsible for Cybersecurity in Industrial and Manufacturing Settings?

One of the most significant challenges in industrial cybersecurity is a lack of experience and clarity.

  • By Devin Partida
  • Aug 24, 2021

The vast majority of industrial and manufacturing safety discussions center around physical dangers. Workplace hazards like falls and contact with machinery are still relevant and deserve attention, of course. The industrial world faces digital threats, as well. Cybersecurity must now play a role in every industrial company’s safety consideration.

By 2018, 60 percent of heavy industry companies experienced a data breach in their industrial control or supervisory control and data-acquisition systems. Since then, digitization has only increased and cybersecurity standards have yet to match new technology’s adoption rate. One of the most significant challenges in industrial cybersecurity is a lack of experience and clarity.

These technologies and the threats they bring are new to industrial and manufacturing businesses. Many do not have a dedicated IT department or a chief information officer (CIO). As such, it is often unclear who is responsible for ensuring these companies stay safe from cyber threats.

What Cyber Risks Do Industrial Businesses Face?

The first step in establishing a new security architecture is determining what risks these businesses face. Perhaps the most pressing is internet of things (IoT) vulnerabilities. Hackers can use facilities’ seemingly innocuous IoT devices as a gateway to their network, accessing more sensitive data.

As manufacturers and other heavy industry businesses collect more data, they become more valuable targets. Ransomware attacks can threaten to destroy mission-critical data or leak sensitive client information unless companies pay a hefty sum. Similarly, these industries’ reliance on digital technologies means any downtime could lead to significant disruptions and bottlenecks.

Since heavy industries are new to many digital technologies, breaches from human error are more likely. These companies and their employees may be more vulnerable to phishing or accidentally exposing sensitive information.

When businesses start to understand these risks, the path forward grows clearer.

Ensuring Industrial Companies Comply with Standards

Some cybersecurity standards already exist for heavy industries, most notably the Cybersecurity Maturity Model Certification (CMMC). While the CMMC is designed for Department of Defense (DoD) contractors, it can be a helpful guide for all industrial and manufacturing companies. The responsibility, therefore, falls upon company leadership to embrace these standards even when they do not legally have to.

Cybersecurity experts point out that the CMMC is necessary but not sufficient, so companies must also go beyond these standards. Steps to take after meeting these guidelines are less clear for heavy industries, so their executive leadership must evolve. These sectors would benefit from creating a CIO or chief security officer (CSO) position to guide company-specific actions.

Creating a permanent position devoted to cybersecurity gives companies the organization they need for effective cybersecurity. The CIO or CSO can ensure compliance with standards like the CMMC, approve new technology investments, design company security infrastructure and train other employees. Without executive leadership, these industries’ cybersecurity efforts risk being uncoordinated and insufficient.

Changing Industrial Cybersecurity Culture

While hiring a CIO or CSO is a necessary step, cybersecurity should not end in the boardroom. Given the day-to-day risks of human error and attacks that capitalize on them, industrial cybersecurity must be a company-wide effort. It starts with industry standards that an executive then interprets and plans around, but then the responsibility of implementation trickles down.

Not every worker needs to be a cybersecurity expert, but they should receive basic training. According to a Deloitte survey, four out of 10 top threats to industrial cybersecurity involve employees. Teaching workers about relevant cyber risks and how to avoid them is essential to preventing these threats.

Industrial companies should stress how cybersecurity is a company-wide responsibility. Holding regular training and refresher sessions can help ensure workers do not make potentially damaging mistakes. Workers already learn to avoid physical harm in industrial settings, and cybersecurity should become a part of that on-boarding process.

Cybersecurity is Everyone’s Responsibility

Industrial cybersecurity is so pressing, and there is a widespread concern in which the responsibility does not fall to one person. Rather, it should be a shared and organized effort, starting at the top of the company leadership and flowing down to every worker. Industrial and manufacturing businesses must create a culture of cybersecurity just as they have with physical safety.

Product Showcase

  • Matrix's OmniPro Vision AI Collision Avoidance System

    OmniPro Vision AI is a state-of-the-art collision avoidance system that features NIOSH award-winning Visual Artificial Intelligence (AI) technology. This highly accurate, powerful system identifies and alerts on pedestrians, vehicles and specified objects, ensuring safer facilities, mining operations and industrial sites. With its web-based cloud application, OmniPro Vision AI also logs and analyzes a wide range of data related to zone breach notifications. Operating without needing personal wearable devices or tags, OmniPro has visual and audible zone breach alerts for both operators and pedestrians. 3

  • Kestrel 5400 Heat Stress Tracker WBGT Monitoring for Workplace Safety

    Ensure safety with the Kestrel® 5400 Heat Stress Tracker, the go-to choice for safety professionals and endorsed by the Heat Safety & Performance Coalition. This robust, waterless WBGT meter is ideal for both indoor and outdoor environments, offering advanced monitoring and data logging essential for OSHA compliance. It features pre-programmed ACGIH guidelines and alert settings to quickly signal critical conditions. Integrated with the cloud-based Ambient Weather Network, the 5400 allows managers to view, track, and log job site conditions remotely, ensuring constant awareness of potential hazards. Its capability for real-time mobile alerts and remote data access promotes proactive safety management and workplace protection, solidifying its role as a crucial tool in industrial hygiene. 3

  • NoiseCHEK Personal Noise Dosimeter

    SKC NoiseCHEK is the easiest-to-use dosimeter available! Designed specifically for OEHS professionals, SKC NoiseCHEK offers the easiest operation and accurate noise measurements. Everything you need is right in your palm. Pair Bluetooth models to your mobile devices and monitor workers remotely with the SmartWave dB app without interrupting workflow. Careful design features like a locking windscreen, sturdy clip, large front-lit display, bright status LEDs, and more make NoiseCHEK the top choice in noise dosimeters. Demo NoiseCHEK at AIHA Connect Booth 1003. 3

Featured

Most   Popular