Who’s Responsible for Cybersecurity in Industrial and Manufacturing Settings?

Who’s Responsible for Cybersecurity in Industrial and Manufacturing Settings?

One of the most significant challenges in industrial cybersecurity is a lack of experience and clarity.

The vast majority of industrial and manufacturing safety discussions center around physical dangers. Workplace hazards like falls and contact with machinery are still relevant and deserve attention, of course. The industrial world faces digital threats, as well. Cybersecurity must now play a role in every industrial company’s safety consideration.

By 2018, 60 percent of heavy industry companies experienced a data breach in their industrial control or supervisory control and data-acquisition systems. Since then, digitization has only increased and cybersecurity standards have yet to match new technology’s adoption rate. One of the most significant challenges in industrial cybersecurity is a lack of experience and clarity.

These technologies and the threats they bring are new to industrial and manufacturing businesses. Many do not have a dedicated IT department or a chief information officer (CIO). As such, it is often unclear who is responsible for ensuring these companies stay safe from cyber threats.

What Cyber Risks Do Industrial Businesses Face?

The first step in establishing a new security architecture is determining what risks these businesses face. Perhaps the most pressing is internet of things (IoT) vulnerabilities. Hackers can use facilities’ seemingly innocuous IoT devices as a gateway to their network, accessing more sensitive data.

As manufacturers and other heavy industry businesses collect more data, they become more valuable targets. Ransomware attacks can threaten to destroy mission-critical data or leak sensitive client information unless companies pay a hefty sum. Similarly, these industries’ reliance on digital technologies means any downtime could lead to significant disruptions and bottlenecks.

Since heavy industries are new to many digital technologies, breaches from human error are more likely. These companies and their employees may be more vulnerable to phishing or accidentally exposing sensitive information.

When businesses start to understand these risks, the path forward grows clearer.

Ensuring Industrial Companies Comply with Standards

Some cybersecurity standards already exist for heavy industries, most notably the Cybersecurity Maturity Model Certification (CMMC). While the CMMC is designed for Department of Defense (DoD) contractors, it can be a helpful guide for all industrial and manufacturing companies. The responsibility, therefore, falls upon company leadership to embrace these standards even when they do not legally have to.

Cybersecurity experts point out that the CMMC is necessary but not sufficient, so companies must also go beyond these standards. Steps to take after meeting these guidelines are less clear for heavy industries, so their executive leadership must evolve. These sectors would benefit from creating a CIO or chief security officer (CSO) position to guide company-specific actions.

Creating a permanent position devoted to cybersecurity gives companies the organization they need for effective cybersecurity. The CIO or CSO can ensure compliance with standards like the CMMC, approve new technology investments, design company security infrastructure and train other employees. Without executive leadership, these industries’ cybersecurity efforts risk being uncoordinated and insufficient.

Changing Industrial Cybersecurity Culture

While hiring a CIO or CSO is a necessary step, cybersecurity should not end in the boardroom. Given the day-to-day risks of human error and attacks that capitalize on them, industrial cybersecurity must be a company-wide effort. It starts with industry standards that an executive then interprets and plans around, but then the responsibility of implementation trickles down.

Not every worker needs to be a cybersecurity expert, but they should receive basic training. According to a Deloitte survey, four out of 10 top threats to industrial cybersecurity involve employees. Teaching workers about relevant cyber risks and how to avoid them is essential to preventing these threats.

Industrial companies should stress how cybersecurity is a company-wide responsibility. Holding regular training and refresher sessions can help ensure workers do not make potentially damaging mistakes. Workers already learn to avoid physical harm in industrial settings, and cybersecurity should become a part of that on-boarding process.

Cybersecurity is Everyone’s Responsibility

Industrial cybersecurity is so pressing, and there is a widespread concern in which the responsibility does not fall to one person. Rather, it should be a shared and organized effort, starting at the top of the company leadership and flowing down to every worker. Industrial and manufacturing businesses must create a culture of cybersecurity just as they have with physical safety.

Download Center

  • The Ultimate Guide to OSHA Recordkeeping

    When it comes to OSHA recordkeeping, there are always questions regarding the requirements and in and outs. This guide is here to help!

  • Lone Worker Safety Guide

    As organizations digitalize and remote operations become more commonplace, the number of lone workers is on the rise. These employees are at increased risk for unaddressed workplace accidents or emergencies. This guide was created to help employers better understand common lone worker risks and solutions for lone worker risk mitigation and incident prevention.

  • Online Safety Training Buyer's Guide

    Thinking of getting an online safety training solution at work but not sure how to evaluate different solutions and find the one that's best for your company? Use this handy buyer's guide to learn the basics of selecting online safety training and how to use it at your workplace.

  • SDS Software Buyer's Guide

    Whether this is your first time shopping for online SDS software or you’re upgrading from a legacy solution, this guide is designed for you to use in your search for the safety management solution that works best for you and your company.

  • Risk Matrix Guide

    Risk matrices come in many different shapes and sizes. Understanding the components of a risk matrix will allow you and your organization to manage risk effectively.

  • Vector Solutions

OH&S Digital Edition

  • OHS Magazine Digital Edition - January February 2022

    January February 2022


      Industrial Facility Safety from the Loading Dock to the Plant Interior
      Tiny Particles: Big Booms
    • OIL & GAS
      Creating a Culture of Safety
      Innovative, Comfortable Hand Protection Option for Workers
    View This Issue