It is critical for manufacturers to conduct a new risk assessment every time a new element or system is introduced into the environment. If a company or facility has never conducted a cybersecurity risk assessment or hasn’t in a few years, then it’s advisable to perform a complete risk assessment.
Create a cybersecurity culture
Effective cybersecurity maintenance and risk assessments are a collaborative effort. Senior management can provide the strategic direction and resources to build a strong cyber protection program. They can also ensure that IT resources aren’t confined to corporate offices.
Having IT personnel onsite in manufacturing facilities can improve monitoring for potential cyber incidents, which shortens response time and maintains existing cyber protocols. Their proximity to operations and project managers encourages collaboration with IT and allows IT to join discussions related to system changes and assessing potential security implications.
Companies can also develop a cybersecurity culture by working closely with a system integrator experienced in cybersecurity protocols for complex manufacturing systems. The system integrator can lead regular risk assessments and verify that recommended controls are appropriately executed, allowing companies to maintain a strong cybersecurity posture.
Quick steps manufacturers can take The scope of cybersecurity risks, mitigation options, and tasks can seem overwhelming. Even before a full risk assessment can be performed, any organization will likely benefit from taking several proactive steps. These include updating company standards to include the requirement for a cyber risk assessment on new projects, documenting all machines, controllers and interfaces that are potential entry points for a cyberattack, strengthening existing passwords and encouraging personnel to improve the passwords they’ve set up to access network programs. Companies can also train all employees to recognize phishing and other social engineering tactics and defend against them.
The attack surface of manufacturing is expanding with more software-controlled machinery. Even minor adjustments to network configurations or device settings can lead to significant security risks. Integrating regular safety assessments throughout a manufacturing system’s life cycle strengthens the facility’s overall resilience against cyber threats.
Andrew Harris is Michigan team lead and director of controls business development, and Eric Headington is instrumentation and controls engineering manager with system integrator ACS.