The Mississippi Manufacturers Association chose “cybersecurity” as the theme for their 64th annual convention, and I couldn’t imagine a timelier choice. Mississippi is home to some of the largest and most well-known manufacturers in the U.S. While all organizations must face the challenges of improving cybersecurity, manufacturing faces a unique set of challenges.
I drove down to the Beau Rivage in Biloxi on Tuesday for the conference, which took place from Wednesday, May 25th, to Friday the 27th. At our booth, attendee after attendee told me that, above all else, cybersecurity is their biggest concern (and largest budget item) at the moment. A business that relies on manufacturing has a keen interest in continuity of operations. Many security companies that focus solely on traditional IT networks de-emphasize the Availability portion of the Confidentiality, Integrity and Availability triad. In this field however, a lack of availability can have a devastating impact.
As we had coffee with the attendees in the morning breaks, we listened to those who have built successful businesses tell us about their concerns for security in the near future. The threat of intellectual property theft, the very designs and programming that enable them to be first and best to market, weighed heavily on them. Some hadn’t engaged in third-party testing to determine their exposure to theft, the loss of customer data, or operational security risks. Advanced penetration testing can open the eyes of an organization to the kinds of vulnerabilities that have been waiting for a motivated attacker to exploit with tremendous impact.
My Ph.D. research was in the area of vulnerability analysis, specifically on the hardware and software that participate in ICS (Industrial Control System) networks. These ICS systems are crucial in manufacturing, providing the interface and control that bridges computer networks with the machinery and systems that create the business’ products. ICS hardware and software security often suffers, due to a lack of oversight from security researchers, compared to mainstream IT software.
Stories were shared, between us and the company owners, of the physical damage, safety issues, and costs that result from the careless testing of these systems. It’s important that an experienced penetration team is chosen to test ICS systems, in close cooperation with stakeholders. This reduces the risk, and increases the likelihood that unique and dangerous vulnerabilities will be uncovered before they are exploited by malicious attackers.
Operational security is paramount to manufacturers, and they need a partner that understands their needs and brings an offensive security mindset to the table. By identifying vulnerabilities that would lead to attacks with devastating impact, resources can be more efficiently applied to mitigate them.
I’d like to thank the Mississippi Manufacturers Association for putting on an excellent conference and being such good hosts for their exhibitors and attendees. We’re glad to see Mississippi’s leading manufacturers are taking cybersecurity very seriously.
For weekly insights into cybersecurity, please sign up here: