Deter Hackers: Decoding the ABCs of Cybersecurity

WannaCry and ILOVEYOU might sound like texts you’d get from someone riding an emotional rollercoaster. What they really are, however, are two of the world’s most notorious computer viruses, inflicting up to $10 billion in damages on hundreds of millions of computers globally. 

Cyber crime losses reported to the FBI exceeded $3.5 billion last year in the United States, tripling over the last five years on more than 467,000 complaints, according to the Federal Bureau of Investigation. 

Manufacturing has become a major target, with hackers going after everything from intellectual property to factories to the products themselves.  

To protect your computer systems, networks and data from viruses, ransomware, and enlistment in hacker-controlled botnets, you need to learn the ins and outs of cybersecurity. Doing that means educating yourself and navigating a maze of acronyms. Here’s a breakdown of some of the most common ones:

NIST: National Institute of Standards and Technology. NIST is a U.S. Department of Commerce agency whose mission is to promote innovation and competitiveness in manufacturing. Its robust cybersecurity programs offer many resources for industry. Resources like the Cybersecurity Framework, voluntary guidance that organizations can use to manage and reduce their cybersecurity risk.

NICE: National Initiative for Cybersecurity Education. Hosted by NIST, this collection of resources aims to close hiring gaps in the cybersecurity workforce. 

IIoT: Industrial Internet of Things. IIoT refers to the rapid adoption in manufacturing and other industries of smart devices, those that connect to internal networks or the internet, to monitor or improve productivity or efficiency. That makes every IIoT device, however, vulnerable to cybersecurity issues.

OEM: Original Equipment Manufacturer. OEMs make the components used by other manufacturers to make their end products. Any cybersecurity flaws in these components can then enter the supply chain and compromise final products. OEM is also sometimes used to describe companies that alter, rebrand and then resell another company’s product, and is sometimes used to describe the component itself, as in “an OEM component.”

DoS or DDoS: Denial of Service attack or Distributed Denial of Service attacks. Each involves flooding a computer or network with online traffic until it slows or crashes. In a DDoS attack, multiple computers carry out a coordinated attack, often using a botnet or group of hijacked connected devices to multiply traffic exponentially.

BEC: Business E-mail Compromise. Scammers target companies in this multibillion-dollar scam, using spoofed emails to trick employees into transferring money into bogus accounts. “Spoofing” is faking the identity of another user.

ICSC: Industrial Control Systems Cybersecurity. Industrial Control Systems (ICS) are computer-controlled systems that automate or remotely monitor or control production, handling or distribution in manufacturing and other industries. Many of these systems connect directly or indirectly to the internet, making them vulnerable to cyber-attacks.

AI and ML: Artificial Intelligence and Machine Learning. AI refers to systems with human-like ability to learn from data and perform human-like tasks. ML applies AI to teach computers to learn for themselves. As both expand in manufacturing and industrial applications, they could help identify potential cyber threats but also could also be vulnerable to hackers.

BC/DR: Business Continuity/Disaster Recovery plans. A business continuity plan identifies processes and resources necessary to keep critical information technology (IT) services and products going uninterrupted after a cyber-attack, natural disaster or other damage. A disaster recovery plan can help minimize network disruptions and economic losses while restoring normal operations.

DFARS: Defense Federal Acquisition Regulation. It seeks to ensure cybersecurity in the nation’s supply chain and specifies the contracting rules that companies doing business with DoD, military departments, and defense agencies must follow. It governs things like contract administration, contract pricing, contracting officers’ responsibilities, purchasing thresholds, research and development, and who can conduct procurement for the military.  

CMMC: Cybersecurity Maturity Model Certification. CMMC builds on DFARS by adding a new verification component to the cybersecurity requirements. Third-party assessors soon will need to certify that contractors are in compliance. A final rule on these CMMC rules is expected from DoD as early as fall 2020. 

MEP: Manufacturing Extension Partnership. The MEP National Network, led by NIST, helps small and medium manufacturers thrive, including guidance for where SMMs can start reducing their cybersecurity vulnerabilities.

CISA: Cybersecurity & Infrastructure Security Agency. This federal agency protects the nation’s critical infrastructure from physical and cyber threats in coordination with government and private organizations. CISA’s Cyber Essentials guide helps small businesses begin instituting cybersecurity.

IC3: Internet Crime Complaint Center. IC3, part of the FBI, handles reports of cyber crimes. IC3 notifies agencies of criminal activity, identifies emerging threats and trends, issues scam alerts, and sends complaints to law enforcement.

Need help securing your operation against cyberattacks? MxD is home to the National Center for Cybersecurity in Manufacturing and can help you navigate this crucial area.

Need help finding workers to fill cybersecurity roles at your company? Download MxD’s Hiring Guide: Cybersecurity in Manufacturing, a ground-breaking blueprint for workforce development.