Insights from the front lines of cybersecurity
A few weeks ago, MxD announced Laura Élan as director of MxD Cyber: The National Center for Cybersecurity in Manufacturing, where she is overseeing the full range of MxD’s cybersecurity projects and initiatives in support of the annual Strategic Investment Plan and will manage MxD’s Cybersecurity Steering Committee.
“We are thrilled to have Laura join our team and lead our growing portfolio of cyber initiatives,” said Chandra Brown, CEO of MxD. “MxD Cyber is accelerating the security of the manufacturing supply chain at a pivotal moment—taking advantage of heightened awareness of where our goods are produced and transported as well as the increased prominence of ransomware attacks on business of all sizes. Laura’s leadership will enable us to foster a community dedicated to robust cybersecurity.”
With industrial cybersecurity constantly in the news, and techniques to thwart threats changing rapidly, we decided to dive deeper with Laura as she settles into her new role. Take a look…
Smart Industry: What are your responsibilities in new role? What do you hope to accomplish?
Laura: In my new role, I will provide oversight of the execution of MxD’s cybersecurity project portfolio, which aims to support manufacturers with Cybersecurity Maturity Model (CMMC) assessments as well as generally securing operational technology (OT) and manufacturing assets. I hope to add additional tools and resources to the MxD portfolio that will provide for easy and cost-effective cybersecurity enhancements and know-how for small and medium manufacturers.
Smart Industry: What is MxD Cyber? How related to larger MxD body?
Laura: MxD Cyber is the National Center for Cybersecurity in Manufacturing and supports the larger MxD Institute in several ways. First, MxD Cyber has created a factory floor as a demonstration area for existing cybersecurity technology, which serves to increase awareness of manufacturing security and the result of security breach. Second, MxD Cyber endeavors to develop new tools and resources to address very specific pain points for manufacturers as a part of the overall MxD Strategic Investment Plan. Last, MxD Cyber works directly with industry and government to transition these tools to small and medium-sized manufacturers.
Smart Industry: Describe current MxD cybersecurity projects. What new initiatives would you like to tackle?
Laura: One of the developments for 2022 is the MxD Cyber Marketplace. The marketplace will allow manufacturers discover any weak points in their cyber resiliency by completing a free self-assessment which we are offering through an early access program. With the results of the assessment, manufacturers can then take immediate action to fix the vulnerabilities with vetted cybersecurity tools. Anyone interested in getting involved, whether to use the tool to assess their cyber risk and compliance with US government regulations, or to become a vendor available on the marketplace.
Smart Industry: How is cybersecurity in manufacturing changing as we continue to slog through this pandemic? What does the near future look like?
Laura: A significant percentage of manufacturing jobs will remain in-person because of the nature of the responsibilities, but the shift to remote work (where possible) does present additional risks to manufacturers. Some of the responsibility of cybersecurity has moved from centralized systems in specific physical locations to a distributed network of employees working from personal devices and internet connections and collaborating with those onsite. Not only does this introduce new procedures to secure remote workers, but it also expands the attack surface for OT because of the additional entry points.
Ways to address these issues in the near future are familiar: train your team on how to be cybersecure, require basic hygiene like strong passwords, and stay up to date with security patches.
Smart Industry: What is the most pressing challenge with industrial cybersecurity? What is cause for optimism on this front?
Laura: Working within legacy systems and practices is a challenge. With IT, there are decades-long practices of securing sensitive information and an expectation that these will need to be updated over time. With OT, equipment that has never been connected is now beginning to form a vast Internet of Things, with a culture and workforce unaccustomed to implementing cybersecurity measures.
Fortunately, we are seeing meaningful investments in educating manufacturers about these emerging threats. America’s manufacturing sector is essential to our national well-being and entities like MxD Cyber will enable our renewal of the manufacturing infrastructure by bolstering digital innovation while deepening the security of our critical supply chains.
Smart Industry: How is the maturation of digitalization and the snowballing of connected devices changing threats and security?
Laura: The universe of digital-manufacturing technologies is incredibly exciting. It has opened up possibilities from basic retrofits of older machines to generate digital readouts to training teams simultaneously across the globe through virtual and augmented reality. These types of advances are necessary for US manufacturers to compete globally—the pandemic has introduced some compelling incentives for reshoring—but every one of them increases the attack surface for cyber-threats. Manufacturers need to have make cybersecurity second nature, so it is built in with each new digital innovation they implement.
Smart Industry: What most excites you in this space as we move into 2022?
Laura: We are at a key moment for securing the manufacturing sector in the United States for a several reasons—I’ll mention three.
The first is awareness. The majority of our manufacturing base is made up of small and medium-sized manufacturers. There has been a prevailing notion within these organizations that they are not cyber-attack targets, but this is slowly changing as stories of ransomware and other attacks on small businesses become public.
The second is regulation. We know that many manufacturers are so pressed for time and resources that they will implement cybersecurity measures for the sole reason of being in compliance with their buyers. Entities doing business with the US government—whether directly or indirectly—will need to attest to their adherence to CMMC and other protocols. MxD Cyber is working to make this much easier and more streamlined through our marketplace.
The final reason is diversity. There is finally some forward progress in diversifying the boards of private companies across the country. Workforce programs from MxD Learn and training programs at the national, regional, and local level are emphasizing opportunities for diverse populations. This influx of new ideas and viewpoints will be necessary as we take on the gargantuan task of securing the nation’s manufacturing sector.