As modern manufacturing has become increasingly digitized, the risks that have traditionally confronted financial institutions are certain to target manufacturers. The manufacturing sector presents security challenges of a unique nature due to customized industrial control systems, supervisory control and data acquisition systems, and networked machines, sensors, data, and software. The multi-organizational dependencies and under protected Internet of Things devices that are associated with modern manufacturing and international supply chains increase the opportunities for existing vulnerabilities to be exploited.

Cybersecurity Ventures [1] reports how costs associated with protecting companies from cyberattacks are growing at rates that exceed linear growth. Their estimation of costs associated with cybercrime includes potential damage of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

Financial industry leaders are prepared to increase the resources that they use to protect against these threats in order to provide sufficient levels of trust for their customers and stockholders. For example, J.P. Morgan Chase & Co. has increased annual cybersecurity budgets from $250 million to $500 million. Bank of America has gone on record stating that it is prepared to spend unlimited resources to combating cybercrime. This analysis by Cybersecurity Ventures includes predictions on how global costs associated with combating cybercrime will continue rising to more than $6 trillion annually by 2021.

For manufacturers, support from the federal government comes from the National Institute of Standards and Technology (NIST) Cybersecurity Framework Manufacturing Profile [2]. With this resource, manufacturers can 1) search for opportunities to improve the cybersecurity posture of their manufacturing system, 2) evaluate the ability to operate the control environment at their acceptable risk level, and 3) implement a standardized approach to prepare a cybersecurity plan for ongoing assurance of their manufacturing system’s security.

The NIST Framework Core of the profile consists of 5 functional activities:

1) Identify those systems, assets, data and capabilities that require management of cybersecurity risk,

2) Protect the delivery of critical infrastructure services,

3) Detect the occurrence of a cybersecurity event,

4) Respond with appropriate activities to take action regarding a detected cybersecurity event, and

5) Recover any capabilities or services that were impaired due to a cybersecurity event.

Organizations can assess strengths and opportunities to improve the management of cybersecurity by implementing the Baldrige Cybersecurity Excellence Builder [3]. This cost effective, self-assessment tool consists of open-ended questions, and is adaptable and scalable to your organization’s needs, goals, capabilities and environment.

A first self-assessment can frequently be accomplished in a one-day meeting. The use of the Excellence Builder within your organization can create a common language for assessment, identify topics for which conflicting, little, or no information which is available and conduct a full self-assessment of your cybersecurity risk-management system. The completed evaluation often leads to an action plan for implementing improvements.