September was full of great learning opportunities so here’s a highlight of what I picked up along the way, along with an update on President Trump’s new Cyber Security strategy.
Tristate Tooling and Manufacturing Association (TTMA) – Monday, September 17th
Last month National Tooling and Manufacturing Association (NTMA) President Dr. Dean Bartles was the TTMA keynote speaker. As the new President he wanted to introduce himself, to find out what NTMA should be doing to help its chapters and to tell us what plans he has for the future. After soliciting chapter feedback, he told us about two initiatives he’s working on that he is especially excited about helping NTMA manufacturers.
Shop floor visibility is the very essence of Industry 4.0. Unfortunately building a monitoring solution from scratch can be complicated and expensive to implement.
Dr. Bartles is evaluating a new monitoring and visualization package for small manufacturers. For just $5000, this solution allows a manufacturer to connect up to 6 machines – of any make, model, or age – to the platform and start measuring performance. Metrics like coolant temperature, cycle time, and vibration are all possible. Competitive solutions in the same market cost upwards of $7000 per machine just to get started so a cost-effective monitoring solution like his one is very exciting news for even the smallest of manufacturers.
When talking about analyzing machine data, cyber security is one of the first concerns raised. It’s one thing to monitor and analyze machine data in a “closed system” in a single location but Tier 1 suppliers area already starting to require real-time visibility into their downstream supply chain. Large organizations will want to see real-time production statistics from across the country or across the world.
How then can we safely share machine outside the location it was generated in? Dr. Bartles is also investigating a cybersecurity vendor in Research Triangle Park that guarantees an “unhackable” way to encrypt production data from the machines all the way to their ultimate destination – the cloud, customers, etc. Granted, this solution does NOT completely secure a manufacturer’s entire IT infrastructure but it has the potential to help manufacturers start sharing their production data in an extremely secure manner.
ComSpark is an annual technology and innovation summit held (for now) in Mason, Ohio. This was my first year attending and I’m glad I went. The schedule included presentations on many different topics cybersecurity to workforce development and industry best practices. I saw several people I know there from across the Cincinnati IT and manufacturing communities and I met many new people there for the first time as well. The event was well done but very crowded, especially with vendors. Hopefully next year we’re in a bigger space.
Tuesday, September 18th – Day One
I first walked around the exhibits. Since the ComSpark is FREE to attend, there are vendors all over the place. The whole building is packed full of exhibitors so it’s pretty hard to move in between presentations. I got turned around on the way to my first session but ended up meeting a couple high school teachers who mentor robotics and “Battle Bots” type teams at their respective schools so I’m glad I was able to speak to those two. Education and workforce development are a big deal for manufacturers these days and these schools both have students who want to graduate and jump right into the job market!
Critical Incident Management: Harnessing the Power of Secure Blockchain and IoT
The title of this talk was a little misleading because the panel didn’t really talk about incident management OR Blockchain. The panel meandered around for a while until the sponsor of the talk eventually was able to wedge his solution into the discussion. It’s an interesting solution for helping to manage the IoT threat surface, but again – I was expecting a more direct talk on Blockchain and IoT.
On the plus side, this panel discussion included three CIOs and an FBI cyber security expert so we did hear lots of good advice:
- Two of the CIOs use KnowBe4 to help improve their corporate “security-mindedness”
- One individual strongly recommended Mimecast for email filtering
- One company really like Rubrik for their backup and disaster recovery solution. The CIO who spoke in favor of it said there was something about Rubrik’s architecture that made it nearly impervious to attack.
- “Networks are hard. People are soft!” (Despite putting all the proper tools in place, your coworkers will inevitably let you down, despite having the best of intentions)
- Trust your coworkers and trust your business partners but do not be afraid to verify if something looks or feels “off.” Your cyber security policy should spell this out.
- Cybersecurity is not an IT issue. You(r company) needs a CISO (Chief Information Security Officer) or strategy. You can’t just buy the latest shiny tools and expect your network to be safe. Do a risk assessment, have a strategy, and have a champion.
- Have an Incident response plan and practice it so everyone knows and is familiar with their roles in during an incident.
- “Read, learn, and share” – One CIO spends the first hour of his day brushing up on the latest cyber security and technology news. It is your job to stay current!
- The FBI special agent echoed all these thoughts. He said one of the worst parts of his job is having to call local companies and tell them they’ve been breached. He recommends joining industry-specific cyber security communities that promote sharing of intelligence and cyber security defense best practices.
The Digitalization of Manufacturing
As the local Manufacturing Extension Partner in Southwest Ohio, Techsolve is laser-focused on helping Cincinnati manufacturers (and beyond!) improve their operations. Techsolve employees are experts in continual improvement, advanced machining, and smart factories (think IIoT and MTConnect). The company even has its own “lab” full of CNC equipment where Techsolve employees stay on the bleeding edge of modern manufacturing methods. Among MEPs I believe they are very unique in their offerings and I’m really glad we have them here in Cincinnati!
Wednesday, September 19th – Day Two
To be honest, it’s hard to spend two whole days out of the office even if I am learning a lot. There is just too much work to be done!
Instead of attending a second full day of presentations I just made sure to attend the Cyber Security Summit in the morning. Here are the highlights:
Brian Lawson, Chief Information Security Officer, Kroger
Top three things a SMB can do to shore up cyber security:
- Team up with outside vendors. You don’t have the budget for in-house effective cyberdefense.
- Leverage the cloud [to offload physical security and mitigate capital expense.]
- Layer your security [to provide defense in depth]
Chris Nyhuis, President of Vigilant Technology Solutions
- “Leave the logos behind” – don’t fall victim to the latest marketing hype by a hardware or software vendor. Focus on your organization’s most recent risk assessment and how to mitigate your specific vulnerabilities.
- “At the end of the day you are the only thing standing between your organization and utter disaster” – We have to take an unfortunately pessimistic approach when analyzing our own risk. What types of outages or loss could put us out of business? How do we protect against those outages or losses?
“Tactics without strategy is the noise before defeat” -Sun Tzu
- 60% of businesses will permanently close within a few months of a cyber attack
- “If you don’t have a cybersecurity budget today you will once you have an attack!” – Not only will you be paying for cyber security protection at that point but clean-up from the initial attack that changed your mind about needing a cyber security budget as well.
- “Every single [piece of malware] that attacks your system is a security incident and must be investigated and validated.” – Threat actors can quickly pivot so once you discover their presence they might have moved on to another location within your environment.
- The industry average time to (breach) detection is 99 days. The cost of a cyber security incident is directly proportional to time it takes to detect the incident.
Laura Mitchell, Cincinnati Public Schools Superintendent
- By 2022, the United States is predicted to have a cyber security workforce shortage of 1.8 million people. Cincinnati Public Schools is planning for this and has several plans and programs in place to meet local and regional cybersecurity needs.
President Trump on Cyber Security
On Thursday, September 20th, President Donald J. Trump released the first fully-articulated National Cyber Strategy in 15 years. This builds on his Executive Order “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” signed in May 2017. This Strategy is intended to do several things:
- Secure our nation’s critical infrastructure, which includes both Federal and privately-owned assets.
- Protect American intellectual property
- Take a global leadership role in fostering open, secure Internet freedom
- Promote global cyber security standards and responsible cyber behavior
- Launch an international Cyber Deterrence Initiative and ensure there are consequences for irresponsible behavior
The cybersecurity Strategy touches on many topics and like most political initiatives (especially during an election year) it remains to be seen how much of this Strategy will come to life. Until actual policies are put in place and legislation passed to support these priorities this is all just words on a page.
As far as the week goes that’s all I have for now. Thanks for reading and stay tuned for more industry updates!