Who’s Responsible for Cybersecurity in Industrial and Manufacturing Settings?

Who’s Responsible for Cybersecurity in Industrial and Manufacturing Settings?

One of the most significant challenges in industrial cybersecurity is a lack of experience and clarity.

The vast majority of industrial and manufacturing safety discussions center around physical dangers. Workplace hazards like falls and contact with machinery are still relevant and deserve attention, of course. The industrial world faces digital threats, as well. Cybersecurity must now play a role in every industrial company’s safety consideration.

By 2018, 60 percent of heavy industry companies experienced a data breach in their industrial control or supervisory control and data-acquisition systems. Since then, digitization has only increased and cybersecurity standards have yet to match new technology’s adoption rate. One of the most significant challenges in industrial cybersecurity is a lack of experience and clarity.

These technologies and the threats they bring are new to industrial and manufacturing businesses. Many do not have a dedicated IT department or a chief information officer (CIO). As such, it is often unclear who is responsible for ensuring these companies stay safe from cyber threats.

What Cyber Risks Do Industrial Businesses Face?

The first step in establishing a new security architecture is determining what risks these businesses face. Perhaps the most pressing is internet of things (IoT) vulnerabilities. Hackers can use facilities’ seemingly innocuous IoT devices as a gateway to their network, accessing more sensitive data.

As manufacturers and other heavy industry businesses collect more data, they become more valuable targets. Ransomware attacks can threaten to destroy mission-critical data or leak sensitive client information unless companies pay a hefty sum. Similarly, these industries’ reliance on digital technologies means any downtime could lead to significant disruptions and bottlenecks.

Since heavy industries are new to many digital technologies, breaches from human error are more likely. These companies and their employees may be more vulnerable to phishing or accidentally exposing sensitive information.

When businesses start to understand these risks, the path forward grows clearer.

Ensuring Industrial Companies Comply with Standards

Some cybersecurity standards already exist for heavy industries, most notably the Cybersecurity Maturity Model Certification (CMMC). While the CMMC is designed for Department of Defense (DoD) contractors, it can be a helpful guide for all industrial and manufacturing companies. The responsibility, therefore, falls upon company leadership to embrace these standards even when they do not legally have to.

Cybersecurity experts point out that the CMMC is necessary but not sufficient, so companies must also go beyond these standards. Steps to take after meeting these guidelines are less clear for heavy industries, so their executive leadership must evolve. These sectors would benefit from creating a CIO or chief security officer (CSO) position to guide company-specific actions.

Creating a permanent position devoted to cybersecurity gives companies the organization they need for effective cybersecurity. The CIO or CSO can ensure compliance with standards like the CMMC, approve new technology investments, design company security infrastructure and train other employees. Without executive leadership, these industries’ cybersecurity efforts risk being uncoordinated and insufficient.

Changing Industrial Cybersecurity Culture

While hiring a CIO or CSO is a necessary step, cybersecurity should not end in the boardroom. Given the day-to-day risks of human error and attacks that capitalize on them, industrial cybersecurity must be a company-wide effort. It starts with industry standards that an executive then interprets and plans around, but then the responsibility of implementation trickles down.

Not every worker needs to be a cybersecurity expert, but they should receive basic training. According to a Deloitte survey, four out of 10 top threats to industrial cybersecurity involve employees. Teaching workers about relevant cyber risks and how to avoid them is essential to preventing these threats.

Industrial companies should stress how cybersecurity is a company-wide responsibility. Holding regular training and refresher sessions can help ensure workers do not make potentially damaging mistakes. Workers already learn to avoid physical harm in industrial settings, and cybersecurity should become a part of that on-boarding process.

Cybersecurity is Everyone’s Responsibility

Industrial cybersecurity is so pressing, and there is a widespread concern in which the responsibility does not fall to one person. Rather, it should be a shared and organized effort, starting at the top of the company leadership and flowing down to every worker. Industrial and manufacturing businesses must create a culture of cybersecurity just as they have with physical safety.

Product Showcase

  • Kestrel 5400 Heat Stress Tracker WBGT Monitoring for Workplace Safety

    Ensure safety with the Kestrel® 5400 Heat Stress Tracker, the go-to choice for safety professionals and endorsed by the Heat Safety & Performance Coalition. This robust, waterless WBGT meter is ideal for both indoor and outdoor environments, offering advanced monitoring and data logging essential for OSHA compliance. It features pre-programmed ACGIH guidelines and alert settings to quickly signal critical conditions. Integrated with the cloud-based Ambient Weather Network, the 5400 allows managers to view, track, and log job site conditions remotely, ensuring constant awareness of potential hazards. Its capability for real-time mobile alerts and remote data access promotes proactive safety management and workplace protection, solidifying its role as a crucial tool in industrial hygiene. Read More

  • SwabTek® Cannabis Test Kit

    The SwabTek® Cannabis Test Kit is a single-use spot test designed for use in screening for cannabis compounds in any sample type or on any surface. The test is capable of identifying the presumed presence of cannabinoids in very small quantities, with a level of detection as little as 6 μg in mass. Learn more about the SwabTek® Cannabis Test Kit and the rest of SwabTek surface drug testing solutions through the webinar titled "Everything You Want To Know About Surface Testing" Read More

  • Glove Guard® Clip

    Safety should never be compromised, especially when it comes to proper glove usage. The Glove Guard® clip enhances safety by encouraging employees to keep their gloves with them at all times. This reduces the risk of accidents and injuries on the job. By ensuring everyone has their gloves readily available, we help promote a culture of safety and efficiency. The Glove Guard® clip is designed to withstand the toughest work environments. Constructed from robust materials made in the USA, it can endure extreme conditions, including harsh weather, and rigorous activities. Read More

Featured

Artificial Intelligence

Webinars