Manufacturing has become a digital enterprise. The part is designed in software and represented by a digital model. The digital model is used to prepare the tool paths used to obtain the desired geometry; these are digital instructions. These digital instructions are uploaded to the computer on the machining center or additive system to provide computer control of the axes, spindle, and/or deposition head. Each of these steps represents a potential cyber intrusion opportunity. The landscape grows when the digital files must be shared across the manufacturing supply chain.
Based on NIST 800-171 and the pending Cybersecurity Maturity Model Certification (CMMC) framework, we will support our SEAMTN partners in their cyber defense certification efforts. This will consist of training that is both informational and technical. Key topics will include:
- Establishing information security standards throughout the industry. This will provide a map of basic cyber hygiene to establish a basic level of compliance.
- Mastering risk assessment and risk management strategies. These are critical not only from NIST 800-171, which provides the recommended requirements for protecting the confidentiality of controlled unclassified information (CUI), but also within the CMMC framework. We will build an ecosystem of asset management and control to help document all policies and plans of operations in cyber defense.
- Reporting cyber intrusion incidents. This includes the installation of the most adaptive cyber intrusion tools throughout the partner’s infrastructure, thereby raising the compliance level. Raising the compliance level moves the partner from documenting to managing.
- Supplementing the standards and procedures in 1-3 with monthly fliers, webinars, and customer testing facilities. This will bring to bear the critical information received and raise awareness of the need to constantly revisit those standards and procedures.