Issue link: https://iconnect007.uberflip.com/i/1463464
46 SMT007 MAGAZINE I APRIL 2022 coming out of that firewall—which is actually the big piece of equipment—as if it's a normal first-class citizen on the network, if you will. All the ability to govern and secure it is there. NIST has published some basic informa- tion on what it considers to be the basic secure characteristics of internet-of-things equip- ment. at can be helpful when you work with vendors in the manufacturing equipment space, to make sure that those characteristics exist in what you're about to bring onto the network. It's not the end of the world if those don't all exist, but at least you know what gaps you might have to fill yourself. Johnson: Earlier we talked about the govern- ment regulation dynamics now in play those reputable manufacturers in our industry must pay attention to and comply with. Can you give me a quick rundown on that? Bonner: When we think about the convergence of regulation for manufacturers, there are things to be aware of. First, when we bring in regu- lated data from our customers, more data will flow through these increasingly connected sys- tems. ese systems aren't just simple axis data plotted onto a router for a CNC cut; these are entire three-dimensional models with simula- tion information and test data baked in. When we start to move those complex data mod- els through our manufacturing environments, more of our systems have a more complete pic- ture of what the finished goods look like, and what their value is to the market. When there are regulations attached to that, we need to be aware that when we connect our Industry 4.0 type shop floors, we are drastically increasing our burden for safeguarding. When we see into the government side of things, especially in the Department of Defense, and things like NIST 800-171 or CMMC being brought to the forefront, the more we add con- nectivity and really rich datasets to our manu- facturing processes, the more likely those reg- ulations will follow those processes. We need to be aware of that and think about the expand- ing scope of regulation in that process. We should also be aware of whether our busi- ness will be designated as critical in the United States. I don't have any clear notions as to whether sections of the printed circuit board industry will be considered critical infrastruc- ture, but some of the newly passed legislation for incident reporting would bind many orga- nizations to rapidly report incidents as they happen. Laws like that require additional liability. If in the future we engage in any form of gov- ernment contracting or even grant funded work that is attached to federal dollars, there could be increased burdens on reporting inci- dents in our environment, things we might not have reported in the past. ings like a major breach or a ransomware payout are required to be reported within 72 hours of certain criteria being met. at's a big shi, so we should just be aware of those things moving into our gen- eral vicinity as an industry. Johnson: For the smallish boutique or proto- type manufacturers moving a lot of jobs on any given day, that results in a great deal of data to manage. Bonner: In the printed circuit board indus- try there are patterns we can notice about the work that we do. When we look at the tradi- tional order of operations for a PCB manufac- turer, the design work, the job costing, and NIST has published some basic information on what it considers to be the basic secure characteristics of internet-of-things equipment.