Modern Machine Shop is focused on all aspects of metalworking technology - Providing the new product technologies; process solutions; supplier listings; business management; networking; and event information that companies need to be competitive.
Issue link: https://mms.epubxp.com/i/931904
DECIDING FACTORS MMS FEBRUARY 2018 22 mmsonline.com Data-Driven Manufacturing Cybersecurity for Job Shops Managers of small- and medium-sized machining companies often wonder what precautions they can take to protect their computer networks from hackers and other online threats. Even with lim- ited resources and capabilities, they should follow the following steps to create a workable cyber- security plan. Educate Your Workforce A plethora of government resources are freely available and can provide a good overview of cybersecurity for manufacturing companies. A good document to start with is the National Insti- tute of Standards and Technology (NIST) publica- tion SP 800-82 Rev. 2 Guide to Industrial Control Systems ( gbm.media/ics-rev2 ). NIST provides other resources for shops through its Manufactur- ers Extension Partnership ( nist.gov/mep ). Another wealth of readily available informa- tion is provided by the Department of Homeland Security's (DHS) Industrial Control System Cyber Emergency Response Team ICS-CERT program for addressing cybersecurity. DHS provides a series of online training resources that can be accessed at no charge through the ICS-CERT virtual training portal ( gbm.media/ics-cert ). Assess Your Facility Start by mapping your existing computer networks and their infrastructure in the shop. Use both the operations technology (OT) and information technology (IT) networks and their integration. Identify the components of the system and its dif- ferent subcomponents. Once the map is completed, physically validate the "architecture" shown in the map. Include searches for wireless networks and access points that may not be on the map. Look for smart devices, virtual private networks (VPNs) and public access points that may be used for report- ing, troubleshooting by supply-chain vendors and remote services (access and response). This search will help determine the boundaries of the system and the system resources (people, processes and technology components) it involves. Implement Security Measures Once you have a clear picture of system compo- nents, review vendor documentation and support systems to evaluate their cybersecurity claims and capabilities. The best place to begin this process is with your newest acquisitions. It's best to use vendors that offer products that have been tested and validated for their security claims. UL's Cybersecurity Assurance Program (CAP) and its certification process based on the UL 2900 series of standards verifies the vendors' cyber- security claims and provides assurance that their products meet industry standards. Other basic steps should also be implemented: • Keep system architecture drawings, network dia- grams and system maps in a confidential location with secure and limited access. • Remove any functionality, components and connections not needed for system operations. • Check the ICS-CERT portal for products in your system that have known weaknesses KEN MODESTE | CONTRIBUTOR Job shops can take steps to protect computerized or networked assets such as CNC machines from cyberattacks.