Global security and prosperity depends upon an innovative, safe, secure, and resilient Manufacturing Sector.
The Manufacturing Sector includes public- and private-sector owners and operators and other stakeholders with a role in the manufacturing ecosystem, all dependent upon cyber resilience. Each manufacturing organization’s risk is unique. The reliance on technology, communication, and the interconnectivity of industrial control systems (ICS) has changed and expanded potential vulnerabilities and increased risks to operations. To manage cybersecurity risks, a clear understanding of the business drivers and security considerations specific to Manufacturing systems, operations, and the supporting environment including the tools and methods used to achieve and sustain resilience is required.
To enable the sustainability of global manufacturing cyber resilience, a public/private partnership in coordination, cooperation and collaboration with Manufacturing owners and operators and the International Association of Certified ISAOs in 2017 established the:
THE GLOBAL MANUFACTURING INFORMATION SHARING & ANALYSIS ORGANIZATION (GM-ISAO)
Division of the Global Institute for Cyber Security Resilience (GICSR)
Headquarters – The Global Situational Awareness Center (GSAC), NASA/Kennedy Space Center
To advance protection of the global manufacturing critical infrastructure by enabling the ability to prepare for and respond to cyber and physical (all-hazards) threats, incidents, and vulnerabilities, and to foster adaptation of cyber resilience best practices, supported by workforce education.
GLOBAL MANUFACTURING CYBER RESILIENCE REQUIREMENTS
Aligning Organizational Context – Operational Environment (Product Offerings, Mission/Vision/Values), Cybersecurity Workforce Profile, Asset Management, Legal and Regulatory Requirements); Organizational Relationships (Organizational, Customers and Stakeholders, Suppliers (Supply Chain) and Partners); Organizational Situation – Competitive Environment (Competitive Position, Competitiveness Changes, Comparative Data); Strategic Context (Key Strategic Challenges and Advantages); Performance Improvement System (Key Elements)
Fostering Leadership – Senior and Cybersecurity Leadership (Commitment, Implementation, Legal/Ethical Behavior, Policies, Operations, Communication (Internal/External), Action (Focus to Achieve Resilience); Governance (Compliance – Policies/Procedures/Operations/Legal/Regulatory, Community)
Supporting Strategy – Cybersecurity Strategic Planning (Alignment to Organization’s Overall Strategic Planning, Innovation Stimulation, Data Collection and Analysis, Process Implementation and Compliance, Objectives Timetable, Customer/Stakeholder/Business Balance, Deployment/Action Plans/Performance Measures)
Exceeding Customers’ Expectations – Outreach/Engagement (Internal/External Communications, Relationships Supporting the Customer’s Defining Voice
Leveraging Performance Measurement/Analysis/Knowledge Management to Mature Cyber Resilience – Performance Data (Cybersecurity Operations and Cybersecurity Performance), Key Cybersecurity Performance Measures (Comparative Data to Support Fact-Based Decision-Making, Change Response, Reviews, Public Projection, Leverage Findings to Drive and Deploy Priorities for Continuous Improvement and Innovation Opportunities)
Enabling a Highly Skilled Cyber-Resilient Workforce– Environment (Assess Capabilities, Recruitment/Hiring/Placement/Retention, Roles/Responsibilities, Response to Changing Capability and Capacity Needs), Continuing Education (Sector, Cross-Sector, Organizational, Role-Based); Workforce Engagement – High Performance and Open Communication Culture. Workforce Innovation
Sustaining Operations – Key Cybersecurity Work Processes (Process Design/Management/Improvement); Asset Management (Identification, Documentation, and Management of Organizational Assets); Configuration and Change Management – Ensuring Integrity of Organizational Assets; Vulnerability Management – Identification, Analysis, and Management of Organizational Operating Environment Vulnerabilities; All-Hazards Preparedness – Identify, Detect, Protect, Respond, Recover– Incident Management. Alignment of Physical and Cyber Response Protocols, Real-Time Accessibility to Sector and Cross-Sector Security Situational Awareness Actionable Intelligence and Multi-Directional (Internal/External) Information Sharing and Coordinated Response (Secure Communications and Control) Capabilities
Learning from Results – Supporting Continuous Improvement– Organizational Cybersecurity Process Performance (Protection, Detection, Response, Recovery, Process Effectiveness, Emergency Preparedness, Suppliers’ and Partners’ Roles and Responsibilities, Supply Chain Management); Customer-Focused Cybersecurity Performance (Internal/External Customers’ Satisfaction or Dissatisfaction with Organizational Cybersecurity Policies and Operations, Understanding of Roles and Responsibilities); Workforce Cybersecurity Performance (Capability, Capacity, Engagement, Roles and Responsibilities Fulfillment)
Validating Governance – Governance Leadership (Communication, Engagement, Ethical Behavior, Community Support Achievement or Cybersecurity Strategic and Action Plans); Governance (Management and Compliance Accountability); Financial/ROI (Cybersecurity Operations)