October is National Cyber Security Awareness Month (NCSAM), and as an attendee of the 2016 MEP Center Best Practices Conference in Detroit this September, I was able to obtain what can only be described as spine-chilling insights into the impact that cyber attacks are having on the manufacturing sector.
A panel of experts relayed some staggering data and information:
- There are 100,000 attacks on the U.S. defense grid per day (99 percent fail).
- Manufacturers are now among the top five sectors under attack in the United States.
- The number of manufacturers hacked has increased by 54 percent this year.
- Historically, large corporations were primary targets for cyber attacks; today, 72 percent of security breaches occur at companies with fewer than 100 employees.
- Sixty percent of small- to mid-sized enterprises (SMEs) that are hacked will become bankrupt as a result.
- The number one way manufacturers are infiltrated is by spear phishing (sending an email claiming the need to update a program, in an attempt to steal confidential information from the receiver). Thirty percent of these emails are opened within the first 15 minutes they are sent.
- DOD contractors may not know that by December 31, 2017, they must adhere to a set of 14 cyber security standards (NIST Special Publication 800-171).
The question becomes, what resources are available to the manufacturing sector, to help it meet this very modern challenge? NIST MEP is striving to cultivate resilience to cyber attacks and breaches. Over the past few days, the the U.S. Commerce Department’s National Institute of Standards and Technology (NIST) released the draft Baldrige Cybersecurity Excellence Builder, a self-assessment tool to help organizations better understand the effectiveness of their cyber security risk management efforts.
NIST is requesting public comments on the draft document, which blends the best of two globally recognized and widely used NIST resources: the organizational performance evaluation strategies from the Baldrige Performance Excellence Program and the risk management mechanisms of the Cybersecurity Framework. NIST is also calling for additional training to increase the number of professionals who will possess the skills and attributes required to lead and effectively manage the defense acquisition process.
Read the draft here, and send your comments via email to baldrigecybersecurity@nist.gov by Dec. 15, 2016.
—
Fiona Baxter
is the Associate Executive Director for NC State Industry Expansion Solutions. Dr. Baxter provides leadership in the development of an IES Evaluation Center, which will conduct performance evaluation, research, planning and assessment for both educational and workforce development programs. She also directs and oversees all activities associated with planning, pursuing, securing and managing external grant awards to support and enhance the organization’s strategic goals. Dr. Baxter has extensive experience in developing, securing, managing and evaluating grants. She holds a Ph.D in Public Administration from NC State University and a Master’s Degree in Anthropology from East Carolina University.
