RESILIENCE ROADMAP

DEFINING THE ROADMAP TO OPERATIONALIZE MANUFACTURING CYBER RESILIENCE –
INAUGURAL WORKSHOP – JUNE 2018, NASA/KENNEDY SPACE CENTER

To manage cyber risk in a cost-effective manner based on business requirements, leveraging cybersecurity best practice standards, frameworks practices, and guidance documents as foundational baselines , the GM-ISAO supports operationalizing Manufacturing Cyber Resilience by facilitating needed programs and projects supported by expertise, resources, tools, templates, technologies, and workforce education to truly operationalize cyber resilience.

Working directly with manufacturing and supply chain leaders (GM-ISAO Members), the GM-ISAO begins work in June 2018 at GM-ISAO headquarters at NASA/Kennedy Space Center to define and develop “The Manufacturing Cyber Resilience Roadmap” including a companion tool tool to help guide an organization in improving cybersecurity and thereby enabling the sustainability of security and resilience. The roadmap supports all manufacturing organizations, regardless os size or cybersecurity sophistication, or whether an organization has a mature risk management program and processes managed by a governance structure.

  • Cyber Resilience Risk Management Principles, Best Practices, and Proven Processes
  • Cyber Resilience and Manufacturing Common Lexicon to Address and Manage Cyber Risk
  • Manufacturing Sector-Specific Cyber Resilience Governance Structure to Understand and Apply Cybersecurity Risk Management
  • Assessment Techniques to Evaluate an Organization’s Current Cybersecurity Posture
  • Map to the Manufacturing Cyber Resilience Targeted Posture – Identifying Gaps and Prioritizing Opportunities for Improvement
  • Communicate Organizational Internal and External Stakeholders Roles and Responsibilities
  • Coordination and Implementation of External Relationships in Support of Security Situational Awareness, Information Sharing, and Incident Response
  • Position the Organization to Receive More Attractive Cybersecurity Insurance Coverage – By Demonstrating Use of Sound Cybersecurity Practices
  • Provide the Organization with the Mechanism to Demonstrate a Proven Track Record of Implementing and Continuously Evaluating Risk-Based Cyber Management Practices
  • Benefit from a Highly Skilled Cyber Workforce – A Better Understanding of Required Technical Capabilities, Skills Needed – Guiding Recruiting, Workforce Design, and Training

IMPLEMENTING & DISTILLING THE FIVE CORE FUNCTIONS OF CYBERSECURITY

Identify – Lay the foundation – Identify Systems, Assets, Data, Capabilities and other foundational elements critical to the organization.)”

Protect – Develop and identify appropriate safeguards to ensure delivery of critical services.

Define and Document – The Supply Chain Ecosystem.

Define & Communicate Cyber Resilience Priorities for Critical Services (Risk Management Strategy; Security Policies, Protocols, Programs; Regulatory Requirements; and Cyber Threat Information Sharing and Response – Joining the Global Manufacturing ISAO).

Define & Communicate Cyber Resilience Priorities for Critical Services (Risk Management Strategy; Security Policies, Protocols, Programs; Regulatory Requirements, Cyber Threat Information Sharing and Response Program (Critical Manufacturing ISAO)”

CORE ACTIVITIES

Prioritize & Scope
Orient
Current Cyber Resilience Profile
Risk Assessment
Target Cyber Resilience Profile
Analyze / Prioritize Gaps
Action Plan

Prioritize & Scope

Business/Mission Objectives/Priorities

Cybersecurity Risks/Vulnerabilities

Organizational Components

Orient

Systems/Assets/Requirements

Risk Management Approaches

Evaluate Current Risk Management

Evaluate Current Cybersecurity Posture

Create Cyber Resilience Profile

Current Approaches

Leverage Evaluations/Audits

Current Tools, Standards, Processes

Detect

Anomalies and Events

Security Continuous Monitoring

Detection Processes

Respond

Communications

Analysis

Mitigation

Improvements

Recover

Recovery Planning

Improvements

Communications