Issue link: https://iconnect007.uberflip.com/i/1472190
26 SMT007 MAGAZINE I JULY 2022 • Are USB devices to transfer data ever needed? • Is sensitive data ever sent by email? • Is my IT network connected somehow with my OT network? If the answer to any of these questions is "yes," then the infrastructure and interoperability of solutions should be reviewed with the ideal being a single, secure IIoT-based MES platform that provides secure interoperability with other solutions, such as ERP, PLM, etc. Are my people secure? • Does anyone have access to data that is not of immediate relevance for their tasks? • Does anyone have contact with key intellectual property relating to the product, such as when preparing auto- mation programs or work instructions? • Are there people operating computers or automation that have not been appro- priately trained in cybersecurity? • Are there areas in which enforced and monitored best practices for security are not established? • Does my OT network have a flat structure, not segmented according to customer/product/environment? • Do the IT team refuse or are unable to take full 24/7 responsibility for OT network security? If the answer to any of these questions is "yes," then it is important to now start identifying vulnerabilities and to establish best practices, such as the replacement of procedures. For example, this might involve emailing multiple documents relating to the design of a product between engineering groups with applications that utilize PCB layout and 3D CAD design data through secure digital manufacturing engineering tools that don't require users to manually access the raw design data. It is also advised to implement an OT-specific cybersecurity package that detects abnormalities on an OT network, including the operation of machines and other automation. Are my products secure? • Am I sure that there has been no manipulation of product or manufactur- ing data due to any cyberattack? • Where a cyber-intrusion has been detected, can I identify and quarantine those materials and products that may have been affected and inform the supply-chain appropriately to prevent issues from further escalating in the market? If the answer to either of these questions is "no," then implementation of the new IPC-1793 Cybersecurity standard is advised, which includes exact traceability in manufacturing of the association of material to products, such that potentially affected specific products can be identified and quarantined. For sure, almost no facility should feel as though it is well prepared for coming secu- rity requirements; there is no magic pill. But by implementing some intelligent practices as part of digital transformation projects, most requirements can be addressed without exces- sive cost or burden to the operation, and just like modern traceability, can bring with it best practices that directly and positively impact profitability. SMT007 Michael Ford is the senior director of emerging industry strategy for Aegis Software. To read past columns or contact Ford, click here.