Digital manufacturing is built on just five “cornerstones”—and the work done in those areas in the next decade and beyond will largely determine the success or failure of key aspects of manufacturing’s technological future, according to the Manufacturing Leadership Council, the NAM’s digital transformation arm.
The MLC says that developments in electronics, computer systems, communications technologies, software and cyber infrastructure will have a direct impact on advancements made in human-machine interaction, automation and robotics, and autonomous operation. We break these down below:
Electronics: Intel predicts that by 2030 it will be able to incorporate 1 trillion transistors on a single semiconductor chip.
- Manufacturers will need that kind of power to enable computer systems and software to process much larger data volumes as they connect more plant equipment and people within their business ecosystems.
Computer systems: Manufacturers should expect a changing computer landscape as biological, physical and digital systems converge to offer more options.
- Quantum computing and nanocomputing offer potentially greater computational ability, which will allow manufacturers to process more data faster.
- Meanwhile, traditional computers will become lighter, thinner and more flexible. Different user interfaces, such as voice recognition, will progress.
Communications technologies: The years ahead will see manufacturers adopt 5G-based networks, which offer higher bandwidth and lower latency than prior technology.
- Communications technology suppliers are already working on 6G networks, expected to become commercially available in 2030.
Software: Next-generation software applications, in addition to web and mobile capabilities, will support voice, wearables, touch and AR/VR to a greater extent than ever before.
- These applications will be driven increasingly by artificial intelligence.
Cyber infrastructure: The cyber infrastructure that has been in development for the past two decades has allowed for separation between data and physical computing sources (i.e., cloud computing.)
- Looking ahead, an infrastructure that brings together data from all sources with business and technology tools will facilitate innovation, R&D, operating models and business growth.
Manufacturing in 2030 Project: Ride the Power Curve is just one of the megatrends identified by the Manufacturing in 2030 Project, a future-focused initiative of the MLC. For details on more megatrends, industry trends and key themes for Manufacturing in 2030, download the MLC’s new white paper “The Next Phase of Digital Evolution.”
Automation isn’t just changing the manufacturing industry; it’s enabling human-centric progress in tackling the industry’s workforce crisis.
In action: As part of the Automation Fair in Chicago last week, more than 13,000 attendees got to see how manufacturers—and companies like Rockwell Automation—are providing solutions to the shortage, which could reach 2.1 million unfilled jobs by 2030, according to research from the Manufacturing Institute (the workforce development and education partner of the NAM) and Deloitte.
- Rockwell Automation brought the Creators Wanted Tour, a project of the NAM and the MI, to its Automation Fair, giving students, parents, educators and manufacturers the chance to see firsthand how digital transformation and new technologies are supporting careers and opportunities in modern manufacturing.
- The tour’s much-heralded immersive experience, along with displays and programs featuring experts from the MI and the Manufacturing Leadership Council (the digital transformation division of the NAM), gave attendees insight into the pathways and support available in the industry.
- FactoryFix, the official recruiting partner of Creators Wanted, was also on hand to showcase its manufacturing talent platform for job seekers—and manufacturers searching for a one-stop recruiting solution.
Changing perceptions: Creators Wanted aims to shrink the workforce gap by dispelling myths about automation and attracting the next generation to manufacturing jobs. It’s seeing impressive success, MI President Carolyn Lee said during a session at the event.
- “Today 40% of parents have a positive perception of manufacturing,” Lee said, citing a recent joint Deloitte–MI study. “And what we’re finding is that parents see these are durable careers with great possibility and opportunity, and they’re encouraging their children to consider them.”
Digital help: “Digital is going to help manufacturers deal with their workforce issues because it’s going to not only help change the perception of the industry, but create new jobs going forward, particularly in math-intensive areas like data analytics and artificial intelligence,” said MLC Vice President and Executive Director David Brousell.
- Brousell cited the MLC’s “Manufacturing in 2030 Project,” saying, “We have to think about digital transformation as human-centric digital transformation—because we’ve got to bring the technology and the people together simultaneously to have an effective transformation.”
Impressive results: Since it began just more than a year ago, the Creators Wanted Tour has seen more than 8,000 students pass through its immersive mobile experience, where more than 75% of attendees leave with a significantly improved view of manufacturing.
- More than 510,000 students and career mentors have also signed up to learn more about modern manufacturing careers.
- Creators Wanted has recruited successfully both mentors and mentees for the mentorship program of Women MAKE America, an MI initiative that aims to close the gender gap in manufacturing.
- The Automation Fair offered more than 150 interactive sessions on the newest industrial solutions and best practices, and more than 200 companies exhibited across 200,000 square feet at Chicago’s McCormick Place.
Media mentions: The fair and Creators Wanted’s presence drew a slew of media coverage, including from “Morning in America” with Adrienne Bankert, “The John Howell Show” on WLS-AM, Univision Chicago and suburban Chicago’s Daily Herald.
- In addition, the Daily Line published an op-ed on the future of manufacturing by NAM President and CEO Jay Timmons and Rockwell Automation Chairman and CEO and NAM Executive Committee member Blake Moret.
The last word: “As the world’s largest company dedicated to industrial automation and digital transformation, Rockwell is always looking toward the future of manufacturing,” Moret said. “Campaigns like Creators Wanted are critical to recruiting the best future talent to create a thriving workforce.”
Another large labor union has voted to reject the rail deal brokered in part by the Biden administration, moving the industry closer to a strike, according to CNBC.
Split decision: Two of the largest railroad labor unions in the United States went separate ways during their contract ratification votes, which were announced on Monday. The Sheet Metal, Air, Rail and Transportation Workers – Transportation Division voted against the proposed agreement by a slim margin, while the Brotherhood of Locomotive Engineers and Trainmen voted to ratify it.
What it means: This latest action raises the likelihood of a rail work stoppage in early December. In total, 8 of 12 unions have now ratified the tentative agreement concluded in September while the rank-and-file membership of 4 unions have rejected it.
- Should one union choose to go on strike, the broad impact would cripple the national freight rail network.
The impact: The railroad industry and major shipping groups have found that a strike would likely cost around $2 billion per day, also according to CNBC. It would affect every major rail operator.
- “The American Chemistry Council, which represents companies including 3M, Dow, Dupont, BP, Exxon Mobil and Eli Lilly, said a rail strike would impact approximately $2.8 billion in chemicals cargo a week, and lead to a GDP decline and renewed inflation.”
- “Other industries, from agriculture to retail, have warned of the economic risks of a strike.”
Next steps: Negotiations will continue through a cooling-off period that runs until early December. If a deal is not reached by 12:01 a.m. EST on Dec. 5, a strike could occur. The NAM and others have urged Congress to take action under the Railway Labor Act and pass legislation that would avert a strike if railroads and rail unions cannot reach such a deal.
What we’re saying: “Manufacturers are disheartened by today’s news on the further unraveling of rail negotiations,” said NAM President and CEO Jay Timmons. “It’s clear that Congress, both Democrats and Republicans, must be prepared to work together immediately to avert a rail strike and prevent further damage to our supply chain.”
Washington, D.C. – The National Association of Manufacturers released a new economic analysis on the damaging impact of the Securities and Exchange Commission’s attempt to force private companies to disclose financial information publicly.
The SEC’s new rule interpretation would apply to private companies that raise capital via corporate bond issuances under SEC Rule 144A. If the new interpretation takes effect as scheduled in January 2023, these businesses will face decreased liquidity and increased borrowing costs—leading to significant job losses and a decline in U.S. GDP.
These impacts will be felt across the economy, resulting in 30,000 jobs lost each year over the first five years the new interpretation is in effect. The job losses will increase over time—rising to 50,000 jobs lost each year after five years and 100,000 jobs lost each year after 10 years.
These job losses are attributable directly to the decreased liquidity and increased borrowing costs associated with the SEC’s new interpretation.
NAM Speaks Out:
NAM Managing Vice President of Tax and Domestic Economic Policy Chris Netram released the following statement:
“At a time of rising interest rates and economic uncertainty, manufacturers cannot afford for the SEC to roil the bond markets arbitrarily. With tens of thousands of jobs at stake, the SEC must act by year’s end to reverse this misguided interpretation.”
The NAM and the KAM are calling on the SEC to reverse course by clarifying—either by rule or by exemptive order—that Rule 144A issuers are not required to make public financial disclosures. The NAM and the KAM are also seeking emergency interim relief to prevent the new interpretation from taking effect in January.
- SEC Rule 15c2-11 requires broker dealers to ensure that key information about issuers of over-the-counter equity securities is current and publicly available prior to quoting those issuers’ securities freely.
- SEC Rule 144A allows for resales of securities (primarily corporate debt issuances) to qualified institutional buyers—large financial institutions that own or manage more than $100 million in securities. Retail investors cannot purchase Rule 144A securities. Notably, under Rule 144A, issuers are obligated to make their financial and operational information available to QIBs.
- In September 2021 and December 2021, the SEC’s Division of Trading and Markets issued no-action letters applying Rule 15c2-11 to Rule 144A debt; the new requirements take effect in January 2023. This decision contradicted the historical application of Rule 15c2-11 to OTC equity securities and bypassed important rulemaking safeguards required by the Administrative Procedure Act.
- The NAM has weighed in with the SEC and Congress seeking to reverse this damaging interpretation.
The National Association of Manufacturers is the largest manufacturing association in the United States, representing small and large manufacturers in every industrial sector and in all 50 states. Manufacturing employs more than 12.9 million men and women, contributes $2.77 trillion to the U.S. economy annually and accounts for 58% of private-sector research and development. The NAM is the powerful voice of the manufacturing community and the leading advocate for a policy agenda that helps manufacturers compete in the global economy and create jobs across the United States. For more information about the NAM or to follow us on Twitter and Facebook, please visit www.nam.org.
Manufacturers face a minefield of legal and compliance issues every day—and too often, in-house counsel are forced to navigate some of the biggest issues affecting the industry alone.
The NAM’s Legal Center sought to change that dynamic at the first-ever Manufacturing Legal Summit, which took place Nov. 15–16 in Washington, D.C., where in-house counsel from manufacturing companies across the nation had a unique opportunity to convene and learn about the latest pressing challenges across the legal and regulatory landscape.
“The summit offered real-world, practical advice that will help in-house manufacturing counsel deal with their legal and regulatory challenges,” said NAM Chief Legal Officer and Corporate Secretary Linda Kelly.
Kelly and NAM Deputy General Counsel for Litigation Erica Klenicki told us more.
Exploring issues: The summit covered a range of topics, including the following:
- National Labor Relations Board: A session led by NLRB board member John Ring and labor law experts from Fisher Phillips provided critical insights on the priorities and activities of an aggressively pro-labor NLRB, and how manufacturing employers can prepare for the many significant legal changes coming in the weeks, months and years ahead.
- Supply chain: A panel centered around supply chain challenges, featuring the perspectives of GE Appliances’ vice president and general counsel and including an array of experts from the law firm Foley & Lardner, covered issues like supply chain due diligence and drafting contracts to prepare for inevitable supply chain bottlenecks.
- ESG: A panel of experts from McDermott, Will & Emery that also included Brunswick Corp. Executive Vice President, General Counsel, Secretary and Chief Commercial Officer Chris Dekker explored how the ever-evolving concept of ESG is affecting both public and private companies—including what manufacturers should expect from the Securities and Exchange Commission’s forthcoming climate disclosure and human capital management rules.
- Supreme Court: Another session covered the impacts of last year’s Supreme Court decisions and the likely outcomes of this year’s cases on issues of importance to manufacturers and the general public alike.
- Product liability: This panel featured in-house counsel from Johnson & Johnson, The Sherwin-Williams Company and Toyota North America, along with experts from the law firm Shook, Hardy & Bacon, discussing recent efforts by the trial bar to circumvent the traditional limits of product liability law. The panelists laid out the types of bad-faith product lawsuits that manufacturers often face—and how manufacturers should approach them.
- Drugs in the workplace: Especially at a time of legal ambiguity around marijuana, it can be challenging for employers to make and enforce rules about drug use. This session led by workplace legal expert Matt Nieman of Jackson Lewis laid out helpful approaches to creating a modern drug-free workplace.
- Cybersecurity: As cyberattacks against manufacturers rise, it’s important for lawyers to understand their responsibilities around protecting confidential company information and preventing breaches. Thanks to the expertise of representatives from Miller Johnson, a member of the Meritas network, participants learned about these topics through the lens of an attorney’s ethical obligations.
Building relationships: In addition to practical and engaging content, the event also offered participants opportunities to connect with one another and with the NAM legal team.
- “One of the many goals was to build a network, and there was a lot of enthusiasm for that,” said Kelly. “The event also brought greater visibility to the work of the Legal Center and helped show the legal departments of member companies how the NAM can be an effective partner.”
Convening talent: More than 120 participants registered for the event, comprising in-house counsel representing large and small manufacturers from every industrial sector, as well as legal experts from top law firms across the country.
- “This is the first time this group was in a room together,” said Klenicki. “It’s a group that faces a lot of the same pressures, so having everyone in the room together thinking through these issues was extremely valuable.”
A representative reaction: “The event brought together a terrific collection of manufacturing CLOs and senior law department leaders to discuss legal issues of importance to manufacturers,” said Dekker. “The informative and timely content was presented primarily by panels that included outside attorneys and in-house counsel ensuring the advice was actionable and practical.”
An annual affair: The Manufacturing Legal Summit will return Nov. 7–8, 2023, in Washington, D.C.
- “Being in the nation’s capital, where law and policy unfold, hearing from experts on these issues—it’s an exciting experience,” said Klenicki.
What should manufacturers know about cybersecurity threats? NAM COO Todd Boppell recently appeared on Mandiant’s “Defender’s Advantage Podcast” to explain how cyber criminals are targeting manufacturers today and what companies can do to protect themselves. Here’s some of his advice.
The threat today: While cyberthreats are nothing new, in recent years there has been a sea change, Boppell said.
- “I think what’s really changed in the past five years, especially—it probably started in the past 10, but it’s massively accelerated—is that cybercrime as a business model is on the rise,” he said.
- “A lot of the bad guys, whether their motivations are political or purely economic, have realized that ransomware and other forms of pure disruption are sometimes just as helpful or just as lucrative as stealing any sort of intellectual property.”
Manufacturing as a target: Manufacturers get victimized by ransomware attacks “because manufacturing is one of the least tolerant industries of any sort of downtime,” Boppell continued.
- “Over the past five years, manufacturing was always in the top three [sectors targeted by cyber criminals], typically with medical and financial services … but really over the past 18 to 24 months, all the data I have seen says that manufacturing has jumped to number one and has stayed there.”
What small businesses need to know: Small businesses may believe that they are beneath notice for cyber criminals, but that’s not the case, said Boppell.
- Once they come to terms with that depressing reality, small companies should take a look at their staff and operations, he said. “Do they have the talent on staff to understand what they should do, what their risks are, which systems they currently have that need to be addressed? Do they understand all the acronyms at play? Do they understand the different threat vectors?”
- And last, once the company generally knows what it’s doing and perhaps has some IT support, it should consider its budget, and how it can “get the most bang for its buck.”
What large businesses need to know: “Larger companies want to be helpful, and they want to help secure their supply chain partners, because it is absolutely in their best interests. … However, they are unbelievably busy just protecting their own boundaries and just worrying about all the attacks they’re facing,” Boppell said.
- “And of course, it’s always a little bit frustrating for smaller companies to have a larger company try to tell them what to do … so you have to really manage those relationships and figure out the right way to go in and help.”
The most important thing: “The number-one thing I’m trying to get through, and the number-one myth I want to dispel, is that a lot of small manufacturers believe that … they have no IP to protect,” said Boppell. “Maybe they make screws and fasteners, or maybe they make mattresses or whatever. … They feel like cyber is not a big deal for them.”
- “What we’ve seen with ransomware is that’s absolutely not true. Their ransomware risk is just as high as anyone else’s because they can’t tolerate downtime. And if they haven’t taken the steps to secure their networks and their equipment, then they’re going to be even more prone to falling victim to ransomware.”
Listen to the whole thing: You can find the entire interview with Boppell here.
Protect yourself: Interested in safeguarding your company? NAM Cyber Cover was designed specifically to give manufacturers and their supply chains enhanced risk mitigation and protection. Find out more here, and check out this webinar on the state of cybersecurity for manufacturers.
When it comes to diversity and inclusion, Smithfield Foods puts its commitments into action.
The world’s largest pork processor has committed to measurable increases—of 35% and 30%, respectively—in the hiring and promotion of women and individuals in underrepresented groups. And it’s pledged to do it all by 2030.
Bridging a gap: In September 2020, the Virginia-headquartered manufacturer launched its Operations Leadership Program, created to develop a strong pipeline of diverse talent to fill future management roles.
- “We lead with data. And our data shows there’s a gap in diverse representation between production and management,” said Smithfield Foods Manager of Diversity, Equity & Inclusion Jessica Jones. “The OLP provided us an opportunity to track data on team members, their promotion opportunities, how they’re elevating within the company with a commitment to monitor year-over-year data three years after program completion for each cohort.”
- In just over two years, the program, which garners participants through applications, has seen 132 graduates and nearly 50 promotions.
Providing encouragement: Ironically, many of the same employees the OLP was designed to help were initially reluctant to apply, Jones said.
- “We did focus groups and what we realized is, those who weren’t applying were women and people of color,” she said. “They shared, ‘I don’t think it’s for me,’ and when we heard that, we realized it meant, ‘I never saw myself going higher than my current opportunity.’”
- Smithfield’s leadership began to strategically target their communications to specifically focus on these employees and encourage them to consider the program. “That’s when we started to see the uptick in more women and people of color applying,” Jones said.
Other D&I initiatives: To reach its lofty 2030 diversity and inclusion goals, Smithfield has deployed other programs, too, including the following:
- Smithfield’s Farmer Diversity Program, which aims to increase the number of Black and minority hog farmers in the company’s supply chain;
- A Future Leaders Program that gives scholarships and career opportunities to rising high school seniors through summer internships to increase diversity in leadership;
- An expansion of the Smithfield Foods Scholarship Program for eligible dependents of Smithfield employees so that it includes historically Black colleges and universities; and,
- A supply-chain initiative in which the company has committed to increasing its production-facility spend with minority-owned businesses by 14% by 2025.
The company has also signed NAM’s Pledge for Action, in which manufacturers commit to 50,000 specific actions to increase diversity and inclusion.
The last word: “I have seen this company change and evolve in such a wonderful way,” Jones said. “We now have opportunities to elevate and expose our employee base to Smithfield’s leadership—making sure they have a touch point, a way to connect. Our leadership wants to know how they are doing, prevalent challenges and support needed. The change has been so encouraging.”
Though some midterm races remain uncalled, the NAM is preparing the next phase of its competitiveness agenda. Last Thursday, it offered members a breakdown of the election results so far and what they mean for manufacturing policies and priorities in the United States.
The briefing: Hosted by NAM Vice President of Government Relations Jordan Stoick, the conversation provided members with an overview of the NAM’s key issue areas, presented by several of the NAM’s policy experts.
- Tax: According to NAM Managing Vice President of Tax and Domestic Economic Policy Chris Netram, the NAM is pushing Congress to approve key tax incentives for manufacturers in a year-end package, including the reversal of a harmful change in the treatment of R&D expenses that took effect earlier this year and an extension of 100% bonus depreciation. Beyond the lame-duck session, the NAM will be fighting to make tax reform permanent, he added.
- Trade: According to NAM Vice President of International Economic Affairs Policy Ken Monahan, the NAM will be advocating reauthorization of the Miscellaneous Tariff Bill. Going forward, priorities will include guarding against the TRIPS waiver at the World Trade Organization (which would harm manufacturers’ intellectual property rights), defusing regulatory and market access challenges in Mexico and promoting a robust market-opening agenda overall.
- Energy: NAM Vice President of Energy and Resources Policy Rachel Jones said energy security is likely to remain a key focus of policymakers. She highlighted permitting reform as a possible area for bipartisan progress and noted that implementation of new climate incentives and programs will likely come with heightened oversight from the new Congress next year.
- Infrastructure: NAM Vice President of Infrastructure, Innovation and Human Resources Policy Robyn Boerstling noted that supply chain challenges are the most difficult issue facing manufacturers at the moment. She also provided an update on rail negotiations, addressed the National Labor Relations Board’s robust pro-labor agenda and spoke out in favor of the NAM’s commonsense immigration approach, among other issues.
The outlook: “The good news is that regardless of the outcome, the NAM remains uniquely positioned to continue to effectively advocate on your behalf with the Biden administration and with both parties, whoever’s in control on Capitol Hill,” said Stoick.
- “We’ve worked successfully with the administration and the current Congress over the past two years to achieve important policy wins on things like infrastructure and the CHIPS semiconductor and competition bill. And we’ve been successful at pushing back on harmful policies and overreach, including stopping what should be considered some of the worst parts of the tax increases that were proposed over the past two years.”
Washington, D.C. – Today, the National Association of Manufacturers released the following statement calling for passage of the Respect for Marriage Act:
“Manufacturers know that individuals truly thrive in their careers when they can bring their authentic selves to work and feel confident that their families will be safe from discrimination or worse in the places they have chosen to live. The Respect for Marriage Act would ensure that the legal protections around which so many Americans, including manufacturing workers, have ordered their lives will not be suddenly rolled back. Codifying federal protections for interracial marriages and same-gender marriages with appropriate protections for religious liberty will help keep all families equal under the law and ensure that manufacturers can continue to hire and retain a diverse and talented workforce. It will deliver families and businesses the certainty they need and deserve.”
The National Association of Manufacturers is the largest manufacturing association in the United States, representing small and large manufacturers in every industrial sector and in all 50 states. Manufacturing employs more than 12.9 million men and women, contributes $2.77 trillion to the U.S. economy annually and accounts for 58% of private-sector research and development. The NAM is the powerful voice of the manufacturing community and the leading advocate for a policy agenda that helps manufacturers compete in the global economy and create jobs across the United States. For more information about the NAM or to follow us on Twitter and Facebook, please visit www.nam.org
When asked how she got into cybersecurity, Nicole Darden Ford replies “cybersecurity kind of finds you.” The new chief information security officer at Rockwell Automation began her career in the military, where she first got into cybersecurity, then created a cybersecurity program for the U.S. Department of Agriculture before taking several leadership roles in the private sector.
Today, her advice for companies is surprisingly similar: cyberattacks will find you. As she puts it, “It’s not if, it’s when. And it’s not one time, it’s several.”
So how should manufacturers prepare for these threats? We spoke to Darden Ford recently about her recommendations, as well as Rockwell’s efforts to safeguard its own supply chain and provide services to other companies.
The current situation: “Manufacturers account for 65% of industrial ransomware last year. We’ve seen an unprecedented number of attacks, and we’ve seen attackers focus on OT,” Darden Ford says. She predicts the attacks on OT will only escalate.
- Meanwhile, many manufacturers have a clear strategy for IT, but they have not given as much thought to protecting their operational technology. Yet, as machines get more connected, their operations may become more vulnerable—especially as companies try to integrate legacy systems that weren’t “meant to be connected or patched.”
- In addition, “because we are so connected, there are third-party risks,” Darden Ford says. Small manufacturers may be more inviting targets for hackers than they realize, since their systems could provide a back door into the networks of their larger clients.
- On the plus side, manufacturers are getting smarter in building their defenses, she says. And that’s where Rockwell comes in.
Rockwell’s role: Rockwell aspires to become a “trusted advisor” to companies seeking cyber defenses, says Darden Ford. It already manufactured OT, so moving into cybersecurity for such equipment was a natural next step.
- Its partnerships with other firms, including Dragos, CrowdStrike, Cisco and others, allows Rockwell to offer bespoke cyber monitoring and other services to its clients.
- These services include penetration testing, threat detection and response and an OT “SOC”—i.e., a security operations center, which monitors threats to clients’ operations remotely.
How it works: “We have an OT cybersecurity roadmap—it starts with an assessment in your specific OT space, then walks through potential risks,” Darden Ford says. (See the end of this article for her detailed description of this roadmap.)
- The process includes building an “asset inventory, as you can’t protect what you don’t know.”
- “Then we talk about ways you can reduce your attack surface,” Darden Ford continues. “This is about segmentation. We help organizations divide their network into different domains. If you have ransomware or malware that propagates very quickly, then you have the opportunity to quarantine it.”
- In addition, the roadmap helps companies decide which tools and resources to use. For OT, you need to use very passive systems that don’t interfere with “getting the product out the door,” Darden Ford says.
After this process is complete, Rockwell’s SOC helps clients stay safe and hone their responses to real attacks.
- The SOC keeps eyes on a company’s operations remotely, notifies it of breaches within the plant network and helps it decide which threats to tackle. As Darden Ford says, the SOC stands in for the teams that companies would otherwise have to hire themselves.
On-site resources: Manufacturers can tap their existing staff to work on cyber defenses, including with offsite monitors. Darden Ford recommends drafting “the plant engineering team, along with the IT team,” who would have the knowledge and resources required.
A community effort: Large manufacturers should help educate small manufacturers on cyber issues, says Darden Ford.
- “We have a lot of suppliers, so to mitigate third-party risk, we provide more awareness about OT and advice about upping their cyber hygiene. We work closely with suppliers and do a lot of knowledge sharing,” she says.
Collaboration at the top: In addition, it’s also beneficial for CISOs and manufacturing leaders to consult their peers in what Darden Ford calls “mastermind sessions.”
- These conversations have provided her with “a lot of insights and data,” she says. She gets indispensable input on “strategies, frameworks, journeys and roadmaps,” as companies try to find their way through this cyber landscape together.
The bottom line: When asked what she says to companies that doubt the need for cyber protections, Darden Ford has a simple answer: “You wouldn’t drive your car without insurance—that’s what this is.”
- “What used to be optional is becoming mandatory,” she adds. “For small or midsize companies, you are still going to have to report” back to your large customers, many of whom require stringent protections of their suppliers. Those requirements will only get “more and more rigorous over time,” she warns.
- In other words, however you choose to do it, “you need a plan.”
Darden Ford supplied us with her account of Rockwell’s cyber roadmap for its own suppliers, below. “The playbook aligns with the NIST framework, showing you step-by-step how to audit your current security state, identify gaps and take a proactive approach to mitigate risk,” she says. Here is her account of the key steps.
Step #1: Discover
- Know where you stand. Conduct a security and risk assessment—log all issues and review progress against findings.
- You can’t protect what you can’t see. You must gain a full understanding of what network assets you have on your plant floor and their current state. Start by conducting extensive network discovery and asset inventory.
Step #2: Remediate
- Work with stakeholders to prioritize assets and organizational risk levels. Take the necessary steps to eliminate, upgrade or replace unneeded, unused or unsupported OT applications and infrastructure. This will look different for every organization based on what you discover in Step #1.
Step #3: Isolate
- Establish a perimeter by physically and logically segmenting your networks. Put up a firewall and establish internal and external cybersecurity policies to protect your OT assets. Set up an on-premises industrial data center to encapsulate critical applications inside the protected OT network.
- Secure endpoints with security software on plant floor assets.
- Enable third-party remote access. Third parties need access, but you must control the access and maintain visibility into what they’re doing in your network by enabling OT access controls.
Step #4: Monitor and Respond
- Now that you have a solid foundation in place, the next step is to implement OT network monitoring to provide real-time OT cybersecurity, including malicious event/asset risk alerting, network diagnostics, AI learning and KPI dashboarding. The data only works for you if you are continuously viewing and reacting to it.
- Establish an OT SOC for 24/7 real-time alert monitoring, acknowledgement and triage. Cyberattacks aren’t limited to 9–5.
- Create an integrated IT/OT cyber event response team. Define event response and isolation protocols. IT/OT must have equal involvement and buy-in for these protocols to be successful. Execute tabletop exercises to simulate attacks and outcomes.