Manufacturing still not on top of Information and Cybersecurity risks

As both an Industrial Automation engineer and IT professional, I am seeing firsthand how the manufacturing industry still pretty much completely ignores the risks of Cybersecurity and Information Security.

With the increasing reliance on digital and automated systems, it is critical to implement strong security standards to protect both Information Technology and Operational Technology. Without the appropriate measures, manufacturers are leaving themselves extremely vulnerable to threats that could disrupt operations and threaten business continuity.

Key Security Standards to consider:

NIST Cybersecurity Framework (CSF): A practical, risk-based approach to securing IT and OT systems.
ISO/IEC 27001 & 27002: Global standards for Information Security Management Systems (ISMS) that help manage security risks.
IEC 62443: Focuses specifically on securing industrial automation and control systems in OT environments.
NIST SP 800-53: Security controls for federal systems that can be applied to manufacturing environments.
CISA Critical Infrastructure Protection (CIP): Provides guidelines to safeguard critical infrastructure, including manufacturing systems.
ISO/IEC 27019: Focuses on securing information within process control systems in industrial settings.

Understanding and implementing applicable CS and IS standards is key not only for manufacturing companies, but also for equipment and software suppliers to the manufacturing industry. Securing the manufacturing process doesn’t help if it’s easy for unauthorized persons to change machine settings on the automated equipment.

Leveraging these applicable CS and IS standards goes a long way in making one’s organization the harder target. And that’s often all that is needed to prevent a security incident. At Granite State InfoSec, we’re here to help navigate these standards.

#InfoSec #ISMS #ISO27001 #TISAX #GSInfoSec #Automation #Robotics #Manufacturing #NIST