Identifying & Protecting Critical Manufacturing Assets and Resources
UNDERSTANDING MANUFACTURING RESILIENCE RISKS AND INTERDEPENDENCIES
Global manufacturing assets are privately owned and operated, including manufacturing facilities, processing, product storage and distribution facilities, corporate headquarters, and sales offices. With facilities, vendors, suppliers and customers located worldwide, manufacturing stakeholders are vulnerable to a variety of risks – natural disasters, terrorism, cyber attacks and geopolitical unrest.
Central to the Manufacturing sector’s operations are vast, complex and interdependent supply chains. The global web of supply chain and transportation pathways, and the continuing advancement and connection of technologies, industrial controls systems, and cyber and energy networks maximize manufacturing efficiencies – but also challenge the ability to absorb disruptions from cyber and physical (all-hazards) threats and incidents.
ADDRESSING DYNAMIC AND COMPLEX CYBER RISKS (CURRENT AND EMERGING)
Innovation brings increased reliance on protecting the manufacturing ecosystem (intellectual property, enterprise network business systems, industrial control systems, connected products, supply chain, contractors, talent/human capital and customers).
The increasing number, sophistication and severity of cyber threats to the manufacturing ecosystem requires sustainability of a secure environment that addresses current and emerging risks in as near real-time as possible. The manufacturing industry is not only highly vulnerable to cyber risks, but is also currently at further risk due to a fragmented approach to addressing cybersecurity for the manufacturing critical infrastructure industry.
Cyber Resilience: Moving from a Reactive to a Proactive Stance – Successful monitoring of systems, applications and people, both internal and external requires the ability to implement a “Cyber Resilience Strategy” that includes understanding potential impacts from a dynamic, ever-evolving cyber threat landscape (sector-and cross-sector perspective), and having the ability to access the manufacturing community’s cybersecurity resources facilitated by the Global Manufacturing ISAO (GM-ISAO). Achieving and sustaining resilience requires preparedness and external relationships to address potential cyber threats before they happen and/or to mitigate incidents before escalating
A measured, cybersecurity risk-based management approach supporting the enterprise and manufacturing and business technologies as they are deployed must:
- Identify – Foundational Elements (Systems, Assets, Data, Capabilities, etc.) Critical to the Organization and Associated Risks
- Protect – Develop and Identify Appropriate Security (All-Hazards) Safeguards to Ensure Delivery of Critical Infrastructure Services
- Detect – Identify and Implement the Tools and External Security Situational Awareness Relationships to Identify the Occurrence of a Cyber Incident
- Respond – Use the Tools, Activities and Resources (Internal and External) to Support Cybersecurity Event Containment
- Recover – Foster Resilience and Restore Capabilities to Services and Assets Impaired by the Event
Adding a New Layer of Cybersecurity - The Global Manufacturing ISAO
ADVANCING MANUFACTURING CYBER RESILIENCE –
The Global Manufacturing Information Sharing & Analysis Organization (GM-ISAO) is private-sector led and provides the manufacturing critical infrastructure with the infrastructure, resources, tools, technologies, projects and programs to support enabling sustainable global manufacturing cyber resilience. This coordinated development of global partnerships operationalizes a vision of breaking down long-standing barriers and silos within and across sectors and other communities-of-interest to achieve and sustain cyber resilience.
GM-ISAO’s Mission: To advance protection of the global manufacturing critical infrastructure by enabling the ability to prepare for and respond to cyber and physical (all-hazards) threats, incidents, and vulnerabilities, and to foster adaptation of cyber resilience best practices supported by workforce education.
The complexity of coordinating organizational, sector and cross-sector cyber resilience efforts to defend against asymmetrical attacks on assets, systems and networks represents an expensive and complicated challenge, the nature of which limits the return on investment from current approaches that only provide a single overarching program to achieve cyber resilience. In today’s active cyber threat landscape, current “continuous monitoring” practices represent only one aspect of understanding the multiple layers that must be identified as possible risks.
The best proactive defense is the identification of risks derived from the active real-time discovery and reporting (information sharing) of attack categories, sightings, and countermeasure solutions by individuals working with multiple enterprise functions with and across critical infrastructure sectors, sub-sectors and other communities of interest.
THE INTERNATIONAL ASSOCIATION OF CERTIFIED ISAOS (IACI) –
As a Member of the International Association of Certified ISAOs (IACI), a non-profit organization, the GM-ISAO facilitates maximizing sector and cross-cross cybersecurity resources, providing the benefits of economies of scale to ensure the manufacturing sector’s access to and integration of protection strategies.
IACI serves as the trusted “Center-of-Gravity” for the global community of ISAOs, led by the private sector, to advance cyber resilience cooperation, collaboration and coordination within and across sectors…addressing interdependencies worldwide. IACI enables access to the benefits provided by a coordinated and collaborative global cyber resilience information sharing ecosystem, leveraging trusted public- and private-sector assets and resources.
IACI and the GM-ISAO work together to achieve security resilience via private-sector leadership within and across sectors working in coordination and collaboration with government to share cyber threat intelligence information sharing and response countermeasures (US Dept. of Homeland Security, FBI/Law Enforcement, Sector-Specific Agencies, State/Local/Tribal/ Territorial Government, and internationally (NATO, European Union, worldwide CERTs, etc.)
GM-ISAO Mission Support Provided by IACI:
- International Leadership – Defining voice opportunities to advance cyber resilience, reduce risk and inspire information sharing
- ISAO Advocacy and Capacity Building – Nationally and internationally
- Global Situational Awareness Center (GSAC) – Cyber threat intelligence center headquartered at the Global Institute for Cybersecurity Resilience, NASA/Kennedy Space Center
- IACINet – Trusted security situational awareness threat intel and coordinated response platform connecting ISAOs worldwide.
Technology: ISAO Collaboration Portal, Threat Intel Information Sharing (Automated/Manual Bi- and Multi-Directional), Intelligence Sights (Optional Network Sensor Alerting on Threat Sightings), Secure Communications & Control Collaboration Suite (Peer-to-Peer Communications, Military-Grade Encryption), and Incident Response technologies enabling real-time analysis by multiple incident response analysts.
- ISAO Support – Discounted Managed Security Services, Technologies, Threat Analyst and Incident Response Resources, Operations and Administrative Support, and Workforce Education