Input Stories

  As manufacturers confront an ever-expanding list of cybersecurity threats, the NAM is mustering the leading cybersecurity minds in the sector to fight back. Since March 2021, it has been gathering chief information security officers from a large range of companies to discuss their shared challenges and the strategies that have worked against them.

Recently, a group of these cyber leaders met at the NAM’s D.C. headquarters to exchange their latest updates. Here is a sneak peek inside this meeting, where the future of the industry’s cyber defenses was being shaped.

On the agenda: The discussion covered both IT and OT technology and the interdependence between the two that requires a careful but not restrictive cyber strategy.

• Beyond the technology itself, the CISOs also detailed how they present their progress to their boards, including their metrics for success.

Zeroing in: Cyber training for employees was a particular focus for the group, as manufacturers work to educate their workforces about these threats.

• Though most cyber training is directed at IT personnel, there are more and more plant floor workers who also use computers and must receive security training, the CISOs noted.
• It is best to embed training into the overall asset care process, recommended one leader, so it becomes a long-term priority.
• In addition, role-based training ensures all bases are covered, including contractors, according to another CISO.

Guest speaker: The meeting also featured an appearance from a congressional adviser on cybersecurity, who detailed what policymakers are planning.

• Emily Burdick, professional staff member to the majority on the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, explained how the subcommittee is working to oversee the Cybersecurity and Infrastructure Security Agency’s two roles: overseeing critical infrastructure and monitoring federal networks.

Government priorities: Congress is focusing on four key priorities for the year, Burdick said. These include:

• Monitoring CISA’s soon-to-be-proposed rule on cyber-incident reporting (on track for a Notice of Proposed Rulemaking in March 2024, with the final rule expected by September 2025); this proposed rule would require covered entities to report cyber incidents within 72 hours and needs clarification around “covered entities” and the timing of incident reporting;
• Measuring CISA’s effectiveness as a sector risk management agency and as the national risk coordinator;
• Improving private-sector partnerships through the Joint Cyber Defense Collaborative and other processes; and
• Strengthening the national cyber workforce.

Get involved: The NAM’s CISO group is working on industry benchmarks that will be shared with other manufacturers, so the industry can raise its defenses across the board. These benchmarks will help other CISOs evaluate their own practices and keep their boards and executives informed about industry standards.

• If you’d like to weigh in on your company’s activities, please take the short survey here.

Tell your CISO: Do you have a CISO and/or other cyber leaders on staff? Forward this email and let them know the NAM’s CISO group is always eager for more participants. For more information, contact NAM Senior Director of Member Business Services Anna Chongpinitchai.

Read the full story here.