But what can a site director do about this? Of course, corporate has cybersecurity as a high-priority item on its agenda. They will likely send you consultants, infrastructure changes, and various directives about what you should do.
This article is not about giving you directions on how to avoid cybersecurity threats.
At a high level, cybersecurity is the discipline of shielding your digital environment from bad actors.
There are two key cybersecurity categories: people and systems. People can be broken down in two subcategories : the ones who have an active role in your digital environment (think IT director, IT contractor, ...), and the ones who are "just" end-users.
Unfortunately (fortunately?) the lines between the two categories are more and more blurred. Which category is your 4.0 responsible for? Which category is your system engineer in, who just contracted a new machine that’s connected to the Internet?
You can expect most of your white-collar workers to belong to the first category in the next 10 years.
So with everyone on staff tinkering with digital, you need to measure the readiness of your people to react to a cybersecurity threat.
Education is not only specific cybersecurity education, but also broad education on systems.
Here is a checklist:
Rest assured, the results of this checklist were equally bad in every factory we visited. Our estimation is that over 70% of all factories cannot answer these questions positively.
That is why the threat is high.
Fundamentally, there are no "secure" or "insecure" systems. While there are potential flaws in some well-known systems, it has been proven that more than 90% of all cybersecurity attacks stem from some human not doing his job, and that attacks stick due to the lack of training and processes of adequate resources.
Taking back power over your systems can only happen if your team understands them and nurtures them. The current level of digital comprehension among factory executives is that of a child: no control, hence no understandability, hence no capability to monitor and grasp the risks associated.
Let's change this.