The Salt Lake Chamber is hosting the second annual Cybersecurity Conference that brings together top experts both locally and nationally from government, law enforcement, and the private sector to help business leaders develop, evaluate, and strengthen their cybersecurity programs. Space will be limited. Register now to guarantee admittance.
Five steps to being a “smarter” manufacturer
By Tab Wilkins
There’s no question the digital manufacturing revolution is racing at us. As a small or medium-sized manufacturer, how close are you to already being “smart”? Here are five steps in the journey to becoming a smarter digital enterprise.
First and foremost, be cybersecure. Cybersecurity is an underlying tenant of being a smart and trusted business partner. The more you rely on a digital platform for manufacturing, the more secure you’ll want to be for customers, suppliers and investors. The NIST MEP website has several cybersecurity resources for manufacturers to help on this quest.
Second, understand smart manufacturing. Two formal definitions come from the National Institute of Standards and Technology and the Smart Manufacturing Leadership Coalition(link is external). Essentially, it is the idea of integrating all your technology together for monitoring, management and improvement. An excellent blog post by Steven Brand of the California Manufacturing Technology Consultants (CMTC), the California MEP, goes into this in some detail as it relates to small and medium-sized manufacturers(link is external) and even offers a downloadable version of CMTC’s Guide to Smart Manufacturing.
Third, realize there’s likely to be “flow down” through any supply chain. Most large manufacturers and retailers, both in the U.S. and around the world, are investing in smart technologies, according to a recent report by the Capgemini Group and its subsidiary Sogeti, entitled Smart Factories: How can manufacturers realize the potential of the digital industrial revolution?(link is external)They found 76 percent of larger manufacturers have a smart manufacturing initiative, while 56 percent have invested $100 million or more in the last five years. As larger companies invest and deploy, smart manufacturing is likely to permeate the supply chain, like the way just-in-time, lean, and ISO 9000 requirements became a stated or de facto requirement.
Fourth, research the current state around you. For example, the Georgia MEP, GAMEP, co-sponsors a study every two to three years about Georgia manufacturers. Smart Manufacturing: The 2016 Georgia Manufacturing Survey shows that 49 percent of Georgia manufacturers electronically collect and analyze data for improvement. Pages 10 and 11 of the report illustrate specific technologies and rates of adoption, such as RFID for inventory and warehouse tracking, or software for scheduling, inventory control or purchasing (e.g. ERP). Which of the 20 technologies listed in the report have your competitors already adopted?
Fifth, take an inventory and benchmark your smart status. Are you using computer-aided design technology and is it integrated with your computer numerical control equipment? Are you using a manufacturing resource planning or enterprise resource planning software system? Is your preventive maintenance kept electronically and are sensors used in your manufacturing processes? Some of these represent the basic building blocks of being smart and mean your company might be close. The next step is connecting and integrating these elements for data access and monitoring. Look on page 10 of the Capgemini Smart Factories report identified earlier and see if you are a Digital Master, Fashionista, Conservative or Beginner in smart manufacturing.
If after understanding smart and benchmarking your company you’d like further help, please contact the Utah MEP Center. They have additional assessments, tools, advice and counsel on how to invest wisely in this impending wave of Technology 4.0.
Article originally appeared here
Tab Wilkins is Regional Manager for Strategic Transition and Senior Technology Advisor at NIST MEP, primarily supporting Centers in the western US. Prior to joining NIST, Tab
helped establish and run two MEP centers and has a varied background in non-profit management, leadership development and technology-based Economic Development.
Salt Lake Chamber of Commerce Cybersecurity Business Roundtable
Adept cybersecurity professionals from the Salt Lake Chamber’s Cybersecurity Leadership Council have developed a curriculum of powerful, achievable solutions that can benefit your business. In an increasingly technological economy, digital threats are becoming more sophisticated and frequent. Managing this business risk may be intimidating, yet it is absolutely essential to continued growth and success. This forum is the perfect starting point on your road to becoming cybersecure!
Salt Lake Chamber of Commerce Cybersecurity Business Roundtable
Adept cybersecurity professionals from the Salt Lake Chamber’s Cybersecurity Leadership Council have developed a curriculum of powerful, achievable solutions that can benefit your business. In an increasingly technological economy, digital threats are becoming more sophisticated and frequent. Managing this business risk may be intimidating, yet it is absolutely essential to continued growth and success. This forum is the perfect starting point on your road to becoming cybersecure!
Trying to secure a government contract? Think cybersecurity
By the Salt Lake Chamber of Commerce
As a digital society, we unavoidably operate in a connected checkerboard of shared vulnerabilities. Inadequate security, or perhaps negligence on behalf of one party, can open a door into the entire network. In Fiscal Year 2017 the National Defense Authorization Act (NDAA), took action to mitigate the potential risk various DoD contractors were responsible for within the network. Through an assortment of cybersecurity-focused provisions the government began arrange for stricter requirements for winning contracts. On December 20, 2016, the National Institute of Standards and Technology (NIST) published Revision 1 to Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. Compliance with cybersecurity requirements have now become critical input when deciding whether to award a contract that requires the processing, storing, or transmitting of controlled information on a contractor information system.
If you are a manufacturer looking to secure a government contract, the Salt Lake Chamber highly encourages you to reach out to the University of Utah Manufacturing Extension Partnership (MEP) Center for consultation, resources, guidance, and education to enhance your cybersecurity readiness. Watch helpful presentations or perhaps devote some time to reviewing the GAP assessment available on the MEP Center’s website. However you go about improving your company’s information security protocol, know that there are resources available to support you and that your efforts will lead to a stronger, more competitive business model.
Contact us to get started on your cybersecurity business plan
Check out the cybersecurity resources from the Salt Lake Chamber of Commerce
SL Chamber Cybersecurity Business Roundtable
Adept cybersecurity professionals from the Salt Lake Chamber’s Cybersecurity Leadership Council have developed a curriculum of powerful, achievable solutions that can benefit your business. In an increasingly technological economy, digital threats are becoming more sophisticated and frequent. Managing this business risk may be intimidating, yet it is absolutely essential to continued growth and success. This forum is the perfect starting point on your road to becoming cybersecure!
Webinar: Protecting your business from cyberattacks
Breached? 3 Communications tips for managing a cybersecurity crisis
By Chris Thomas, President of Intrepid
Data breaches are among the most challenging, frustrating and anxiety-ridden situations, especially for contractors. Once you discover someone has access to data and/or systems, the process of containing the situation, assessing the damage and responding to your client and other impacted stakeholders is a long, arduous, embarrassing and costly process.
While the best approach to mitigating the damage is thorough cyber crisis communication planning and preparation, how do you respond in the event it’s too late and you find yourself neck deep trying to manage a breach?
The following are three quick tips:
Engage Crisis Communication Experts Early: You wouldn’t wait for a smoldering building to be fully engulfed before calling the fire department. The same should be true with crisis communication during a data breach. The sooner you can bring in crisis communication experts, the better the outcome. If you hire an agency specifically for crisis communications, there is case law that supports the same level of privilege as attorney/client. As such, this should help alleviate fears from legal and provide you with a greater level of confidence in sharing sensitive information.
Identify and Prioritize Key Audiences and Communications Vehicles: Who you address and how you communicate will generally be different according to your organization and the circumstances. In some cases, organizations working as a government contractor may be very limited in what they can communicate. The key is working to quickly determine audiences, options and the most effective approach.
We recently worked with a government contractor that experienced a breach on one of its applications. Their client was especially concerned because their director was receiving criticism from another government entity that was also informing legislators and other influencers about the incident. We quickly organized communication strategy, messaging and channels to provide appropriate context regarding the nature of the breach along with response and remediation efforts. This communication helped to dispel fears and rumors regarding the incident, demonstrated the responsiveness of the organization and positioned it as being well prepared and trustworthy. In the end, the contractor was successful in maintaining its business and relationship with the government entity.
Employ the Right Tone and Message: Use discretion in employing or regurgitating data breach messaging, forms, templates and language, which often are provided by legal counsel. These tend to be formulaic, impersonal and overly legal in content and tone.
In recently managing a social engineering case, we collaborated closely with a law firm specializing in cybersecurity to draft and revise copy to be more appropriate and colloquial while staying within legal perimeters to help avoid a class action lawsuit. This resulted in a better than expected response from the impacted parties and a situation that fortunately did not spread to social or traditional media.Finally, be consistent and stay the course. A breach can be a very trying experience and it’s important to keep in mind that often it’s not the incident itself, but rather the way in you which respond that will leave a lasting impression.
Chris Thomas is president of Intrepid, a Salt Lake City-based public relations agency that has managed more than 100 crises, including data breaches, social engineering and social
media controversies. For more information, visit intrepidagency.com.
The background on industry cybersecurity standards: NIST, CSET, DFARS
By Cytellix Cyber Blog for Small Businesses
How to best understand the Cybersecurity guidance and volumes of information is an ominous challenge? The foundational cybersecurity work produced by NIST (National Institute for Standards and Technology) is a comprehensive cybersecurity review. Rather than diving too deep in to NIST and the regulatory nature of the definition of classified vs unclassified information and its protection, we will touch on the value of measuring a commercial organizations cybersecurity posture.
The recommended NIST standards, should you be interested to read, are noted as NIST SP 800-171, published October 18, 2015 identifies a couple very useful tools and premises for measurements. One tool, that is very useful is the CSET (Cyber Security Evaluation Tool), which is a self-test, that any organization can use for “free.” While this tool is comprehensive in nature, it does require the user of the tool, to have an in-depth IT and Cyber background to accurately answer the 109 technical questions.
The second very useful part of the NIST publication is the breakdown of measurements into the specific 14-controls: Access Control, Awareness and Training, Auditing and Accountability, Configuration Management, Identification and Authentication, Incident Response, Maintenance, Media Protection, Personnel Security, Physical Protection, Risk Assessment, Security Assessment, System and Communication Protection, System and Information Integrity. By accurately measuring these controls in both a self-test environment (CSET) and using network scanning/situational awareness tools, an organization can get a true grade of their cybersecurity posture to uncover looming vulnerabilities.
The tool (CSET) produces a private result that are defined as a percentage out of 100%, with 100% being equal to compliance. The commercial customer can be measured against a publicly available industry standard, that has been architected to look at a company’s posture without bias. The meaning is to use an industry standard, and by definition, an industry standard is not proprietary. The consulting, technology and solutions market typically use a proprietary methodology to assist in assessments. However, leveraging the standards will give your organization a measurable outcome and baseline for improvements.
Now that we have reviewed the foundations, putting this into practice and having a vision of the effect on your company is an important discussion. Today, any organization, that supplies the federal government with product, solutions or services under a DOD contract, MUST BE COMPLIANT BY 12/31/2017. This date is non-negotiable. Organizations can self-assess or outsource the entire process to cyber experts. There are a few other requirements for compliance beyond providing the 100% System Security Plan, which include a Plan of Action and Milestones (your cyber improvement plan), a gap analysis (what are my company challenges), continuous monitoring and cyber incident reporting processes. The commercial market cyber need is increasing daily, with both compliance, business continuity needs and basic preparedness. The standards approach is a very good methodology and starting place.
Other industries that will see changes for compliance in variations of this standard include: Healthcare, Financial Services, Food Safety, manufacturing and the Small and Medium Businesses (SMB’s). Here are some great references to see where the future of Cybersecurity preparedness is heading.
DFARS 252.204-7012 referenced as contract language for federal NIST 800-171 – designed for non-federal information systems (commercial)
NIST 800-53 cybersecurity framework for Federal information systems
Cybersecurity Framework for critical infrastructure – references NIST 800-53
Health Care Industry Cybersecurity Task Force recommends NIST Cybersecurity framework
Blog originally appeared here.
Contact the University of Utah MEP Center today for a one-hour business cybersecurity discovery session, or call 801.587.0713.
Explore Cybersecurity Compliance-Layton, UT
DID YOU KNOW SMALL TO MID-SIZED BUSINESSES ARE HIT BY CYBERATTACKS 4,000 TIMES A DAY? IS YOUR COMPANY PREPARED?
The U.S. National Cybersecurity Alliance found that 60% of small companies are unable to sustain their businesses over six months after a cyberattack. As a result of increased concerns about cyberattacks, manufacturers who have contracts or sub-contracts with the Department of Defense must be in compliance with defined cybersecurity requirements no later than December 31, 2017.
Join the University of Utah Manufacturing Extension Partnership (MEP) Center and the Procurement Technical Assistance Center (PTAC) for an event to identify what your business needs to meet cybersecurity requirements in 2017.
Attendees will:
- Hear from Pat Toth, cybersecurity expert from the National Institute of Standards and Technology (NIST)
- Learn about NIST Special Publication 800-171 and its requirements
- Network and meet with cybersecurity experts
- See a live product demo of cybersecurity solutions
This is a free event. Registration is required. Register here.