As industry digitizes and factories become increasingly interconnected, companies must take steps to guard against cybersecurity threats in manufacturing. Small and mid-size businesses, in particular, need to step up their game.
Cybersecurity protects systems connected to the Internet, keeping the bad guys out of laptops, networks, equipment — and even the products themselves.
But choosing the right cybersecurity software is challenging for any company, especially smaller businesses that lack cybersecurity expertise or even an IT department.
MxD’s National Center for Cybersecurity in Manufacturing advises companies to start by asking these six key questions:
1. What problem am I trying to solve?
Many manufacturers make the mistake of “identifying a solution in search of a problem,” instead of the other way around, says Akin Akinbosoye, MxD’s director of cybersecurity. So it’s important to define the problem first, he says.
Malicious software, or malware, introduced via email attachments, software downloads or operating system vulnerabilities can hide in a system by attaching to legitimate code. It can then spread to other systems, wreaking havoc.
If you know that’s a potential weakness of yours, you’ll be able to ask the right questions to guide you to the appropriate solution.
Choose software that best fits the factory environment, given the architecture and nature of the manufacturing environment, including how you interact with your customers and whom you interact with, Akinbosoye says.
2. How easy is the software to use?
Free software is plentiful, but sometimes if it requires expertise to deploy and it’s not intuitive to use — for example, it will involve more than a few clicks on a graphics or Windows interface to install — it might not be the best option for a smaller shop.
Remember the clunky operating systems of the 1990s? Some required the user to type commands into a prompt using a particular syntax. Many small shops lack that kind of skill set. You won’t be able to take advantage of free software if you don’t know how to use it.
The bottom-line: Don’t limit your options to freebies, because there may be hidden costs, and no-cost software isn’t always what’s best.
3. How easy is it to maintain?
All cybersecurity tools require maintenance.
“The bad guys get smarter all the time and come up with new and innovative ways of getting through your defenses,” Akinbosoye says. “So your security should constantly evolve to be responsive to what’s happening in the real world.”
Ask about the availability of patches and updates and if they are provided by the vendor on an ongoing basis. And make sure the software installed is supported by the vendor and isn’t difficult to update. Having to pay separately to update software would increase costs.
4. Do the tools play well together?
Look for tools that are built on open platforms.
When one type of software needs to “talk” to another, either to provide data or retrieve data (from other sources), an open platform supports the ease of integration. Otherwise, it can be challenging to get information from one system to another.
An example of an open platform is most of the Internet itself. It can communicate with smartphones, cable TV and other devices, without the user having to first write code. This is enabled by the use of open standards and protocols.
With cybersecurity software, the openness of the platform allows for data integration with many sources.
5. What are the vulnerabilities of the security software itself?
Cybersecurity software can have its own vulnerabilities. You need to be aware of what those are.
Don’t sacrifice safety for functionality, Akinbosoye says. And don’t ignore vulnerabilities that software companies periodically disclose.
For example, there could be errors in the way codes are put together that create gaps in security that a bad actor could exploit. Cybersecurity tools would identify gaps that can be closed with patch management or some other software modifications or updated code.
“Often it’s the little things that you don’t pay adequate attention to — the blocking and tackling, if you will — that will get you,” Akinbosoye says. “Vendors often provide patches to address those vulnerabilities, but many companies don’t do the blocking and tackling by making sure the patches are installed.”
6. How viable is the software company?
Since the cybersecurity landscape is constantly evolving, pick a vendor that will be in business long enough to provide the updates needed to address future threats. That means asking questions to determine whether the vendor has a business model that’s sustainable for the long run.
Once you find a company with products that perform well and provide you with what you need, you’ll want to stick with them.
The National Center for Cybersecurity in Manufacturing at MxD uses its Future Factory floor in Chicago as a demonstration space for cybersecurity technology; develops new tools to address very specific problem areas for manufacturers; and works with industry and government to figure out how to get these tools to small and medium manufacturers.
Stream MxD’s free webinar for manufacturers looking to improve their operational technology (OT) cybersecurity and prepare for the new CMMC regulations that was held in July 2020.