Tag: NIST

Five steps to being a “smarter” manufacturer

By Tab Wilkins

There’s no question the digital manufacturing revolution is racing at us. As a small or medium-sized manufacturer, how close are you to already being “smart”? Here are five steps in the journey to becoming a smarter digital enterprise.

First and foremost, be cybersecure. Cybersecurity is an underlying tenant of being a smart and trusted business partner. The more you rely on a digital platform for manufacturing, the more secure you’ll want to be for customers, suppliers and investors. The NIST MEP website has several cybersecurity resources for manufacturers to help on this quest.

Second, understand smart manufacturing. Two formal definitions come from the National Institute of Standards and Technology and the Smart Manufacturing Leadership Coalition(link is external). Essentially, it is the idea of integrating all your technology together for monitoring, management and improvement. An excellent blog post by Steven Brand of the California Manufacturing Technology Consultants (CMTC), the California MEP, goes into this in some detail as it relates to small and medium-sized manufacturers(link is external) and even offers a downloadable version of CMTC’s Guide to Smart Manufacturing.

Third, realize there’s likely to be “flow down” through any supply chain. Most large manufacturers and retailers, both in the U.S. and around the world, are investing in smart technologies, according to a recent report by the Capgemini Group and its subsidiary Sogeti, entitled Smart Factories: How can manufacturers realize the potential of the digital industrial revolution?(link is external)They found 76 percent of larger manufacturers have a smart manufacturing initiative, while 56 percent have invested $100 million or more in the last five years. As larger companies invest and deploy, smart manufacturing is likely to permeate the supply chain, like the way just-in-time, lean, and ISO 9000 requirements became a stated or de facto requirement.

Fourth, research the current state around you. For example, the Georgia MEP, GAMEP, co-sponsors a study every two to three years about Georgia manufacturers. Smart Manufacturing: The 2016 Georgia Manufacturing Survey shows that 49 percent of Georgia manufacturers electronically collect and analyze data for improvement. Pages 10 and 11 of the report illustrate specific technologies and rates of adoption, such as RFID for inventory and warehouse tracking, or software for scheduling, inventory control or purchasing (e.g. ERP). Which of the 20 technologies listed in the report have your competitors already adopted? 

Fifth, take an inventory and benchmark your smart status. Are you using computer-aided design technology and is it integrated with your computer numerical control equipment? Are you using a manufacturing resource planning or enterprise resource planning software system? Is your preventive maintenance kept electronically and are sensors used in your manufacturing processes? Some of these represent the basic building blocks of being smart and mean your company might be close. The next step is connecting and integrating these elements for data access and monitoring. Look on page 10 of the Capgemini Smart Factories report identified earlier and see if you are a Digital Master, Fashionista, Conservative or Beginner in smart manufacturing.

If after understanding smart and benchmarking your company you’d like further help, please contact the Utah MEP Center. They have additional assessments, tools, advice and counsel on how to invest wisely in this impending wave of Technology 4.0.

Article originally appeared here

Tab Wilkins is Regional Manager for Strategic Transition and Senior Technology Advisor at NIST MEP, primarily supporting Centers in the western US. Prior to joining NIST, Tab helped establish and run two MEP centers and has a varied background in non-profit management, leadership development and technology-based Economic Development.

The background on industry cybersecurity standards: NIST, CSET, DFARS

By Cytellix Cyber Blog for Small Businesses

How to best understand the Cybersecurity guidance and volumes of information is an ominous challenge? The foundational cybersecurity work produced by NIST (National Institute for Standards and Technology) is a comprehensive cybersecurity review. Rather than diving too deep in to NIST and the regulatory nature of the definition of classified vs unclassified information and its protection, we will touch on the value of measuring a commercial organizations cybersecurity posture.

The recommended NIST standards, should you be interested to read, are noted as NIST SP 800-171, published October 18, 2015 identifies a couple very useful tools and premises for measurements. One tool, that is very useful is the CSET (Cyber Security Evaluation Tool), which is a self-test, that any organization can use for “free.” While this tool is comprehensive in nature, it does require the user of the tool, to have an in-depth IT and Cyber background to accurately answer the 109 technical questions.

The second very useful part of the NIST publication is the breakdown of measurements into the specific 14-controls: Access Control, Awareness and Training, Auditing and Accountability, Configuration Management, Identification and Authentication, Incident Response, Maintenance, Media Protection, Personnel Security, Physical Protection, Risk Assessment, Security Assessment, System and Communication Protection, System and Information Integrity. By accurately measuring these controls in both a self-test environment (CSET) and using network scanning/situational awareness tools, an organization can get a true grade of their cybersecurity posture to uncover looming vulnerabilities.

The tool (CSET) produces a private result that are defined as a percentage out of 100%, with 100% being equal to compliance. The commercial customer can be measured against a publicly available industry standard, that has been architected to look at a company’s posture without bias. The meaning is to use an industry standard, and by definition, an industry standard is not proprietary. The consulting, technology and solutions market typically use a proprietary methodology to assist in assessments. However, leveraging the standards will give your organization a measurable outcome and baseline for improvements.

Now that we have reviewed the foundations, putting this into practice and having a vision of the effect on your company is an important discussion. Today, any organization, that supplies the federal government with product, solutions or services under a DOD contract, MUST BE COMPLIANT BY 12/31/2017. This date is non-negotiable. Organizations can self-assess or outsource the entire process to cyber experts. There are a few other requirements for compliance beyond providing the 100% System Security Plan, which include a Plan of Action and Milestones (your cyber improvement plan), a gap analysis (what are my company challenges), continuous monitoring and cyber incident reporting processes. The commercial market cyber need is increasing daily, with both compliance, business continuity needs and basic preparedness. The standards approach is a very good methodology and starting place.

Other industries that will see changes for compliance in variations of this standard include: Healthcare, Financial Services, Food Safety, manufacturing and the Small and Medium Businesses (SMB’s). Here are some great references to see where the future of Cybersecurity preparedness is heading.

DFARS 252.204-7012 referenced as contract language for federal NIST 800-171 – designed for non-federal information systems (commercial)
NIST 800-53 cybersecurity framework for Federal information systems
Cybersecurity Framework for critical infrastructure – references NIST 800-53
Health Care Industry Cybersecurity Task Force recommends NIST Cybersecurity framework

Blog originally appeared here.

Contact the University of Utah MEP Center today for a one-hour business cybersecurity discovery session, or call 801.587.0713.