Some regulations, such as U.S. Securities and Exchange Commission rules requiring corporate cybersecurity programs and disclosures about significant cyber incidents, will encourage manufacturers to strengthen their cybersecurity, and the need to keep operations resilient and remain competitive will further drive many companies' efforts. In Canada, proposed legislation would create a framework to protect “critical cyber systems” and “ensure that risks to critical cyber systems are identified and managed,” including risks associated with the supply chain and the use of third-party products and services.
Harmonizing IT, OT and IoT
Some executives may be in the habit of thinking of cybersecurity primarily as an IT issue, but strong risk management practices integrate IT and OT issues with broader enterprise risks.
Thinking holistically about IT and OT risks is especially important in the context of operations that use smart devices to streamline production and other processes. OT systems running in production environments are often outdated and insecure by design, yet they are connected to business networks that are constantly under attack. This presents a challenge for traditional security models, and becomes more pressing as cloud services expand across IT and OT environments and connectivity grows even more as operations modernize. Engineering and operations must collaborate with security and technology teams during system selection and planning to integrate security and technology principles by design.
Manufacturers also need to understand the cybersecurity and risk implications of IoT devices on the factory floor, such as smart thermostats, sensors that detect changes in production, and a variety of building automation technologies. These devices must connect to both sensitive operational systems and the internet, complicating traditional security models.
And it's important for manufacturers of these devices to build security into every IoT device they make and sell by design. Supply chain security risk management continues to raise the bar for minimum security that customers expect from IoT vendors, making security by design a critical component of product strategy.
Connectivity between IT, OT and IoT systems and integrating them with business risk management is essential to enable accurate data analysis, remote support and overall efficiency.
