Industry Expert Series
Director of Technologies
What are the digital threats to the business that your industry should worry about?
Rise-es is an enterprise solutions company focused exclusively on the engineering and manufacturing sector. We work with clients to help them rethink the software solutions they are using during their entire product development lifecycle. We provide expertise in applications and development as applied to areas such as product and manufacturing design, program management and costing (which includes mobile and social) among other things. We also advise on cyber security challenges and larger digital risk management initiatives and frameworks.
In the manufacturing industry, typically the biggest threats are to intellectual property, such as protecting confidential information about product designs and proprietary manufacturing processes from being stolen. This is becoming a bigger concern as companies expand their presence globally, and because there is an increasing emphasis on team-based collaboration, including the increasing use of social media platforms and tools, it opens the door to a variety of digital risks.
Another area of increasing concern in manufacturing is the pervasiveness of information technology on the plant and shop floor – and by that I’m talking about the communications hardware and software, the systems and data management software, the machines and equipment, etc. Everything is becoming networked which is creating concern about security since the plant floor is no longer an isolated and standalone entity. So there is an expanding dialogue with our clients as well as folks like the DRM Institute for best practices on how to mitigate the increasing digital risks they are facing.
Another area of increasing digital risk is with respect to the systems that provide energy and ancillary services. In the typical manufacturing setting, anything that affects this infrastructure most likely threatens the entire operation which could result in severe production loss that could significantly impact the company.
Lastly, Manufacturers are increasingly providing sophisticated networked solutions within their product offering. Recently we saw high profile examples of cyber-attacks via these mechanisms in the automotive industry where, because of the increasing use of electronics that ride on a common network infrastructure, there have been increasing digital attacks and threats on automobiles. We saw news reports that demonstrated how hackers could remotely access and operate everything from the windshield wipers to controlling a vehicle’s speed and bringing it to a halt in the middle of a busy highway.
So these are all the major threats that the engineering and manufacturing industry is facing today and actively looking to find solutions.
What initiatives are you spearheading?
At Rise-es, we are focused on a Rigorous, Innovative, and Structured Engineering approach to addressing digital risk that leverages best practices and principles applied in manufacturing, and takes a similar approach to logically addressing and managing digital and cyber security risks. We are working with companies to help them systematically document, understand, and identify their vulnerabilities to digital threats. We assist them in prioritizing the type of security protection that is required including focusing on the high risk areas to make sure they have established adequate protection there. We categorize high risk areas as vulnerabilities that, if attacked, could have a crippling effect on their business from an enterprise perspective.
We also work closely with engineering and manufacturing leadership within various organizations, educating them on the relationships between cyber security and digital risks. We counsel them on the need to collaborate across organizational boundaries and to be aware of the security threats that surround their business and to be proactive about addressing them. This requires continuous monitoring to identify, prevent and stop attacks before they have the kind of catastrophic impact we see impacting large organizations – everything ranging from significant penalties and fines to negative PR and reputation management.
Currently we are actively working with various industry organizations that are focused on the needs of the manufacturing industry. The emphasis of the work is on finding ways to highlight and address unique challenges of the engineering and manufacturing space with regards to their need for digital risk management. With manufacturing being the foundation for a nations’ growth, it is important to make sure there is adequate protection to prevent attacks that could have ramifications of national or even global proportions.
What is missing in helping companies tackle digital risk?
In most mature engineering and manufacturing engineering environments, typically they feature a significant amount of disparate capital investment that has been made in a legacy environment over many, many years. There is machinery, tools, communication equipment, controllers, etc. that may be generations old. So when you start to connect this legacy footprint with new and smarter equipment, and you put it all on a common network infrastructure, it poses tremendous challenges, particularly from a cybersecurity and digital risk perspective, on how to ensure proper authentication and the proper protocols are employed across all these disparate systems.
Another area is the increasing use of automation and smart machines to remotely control, monitor, and operate the manufacturing plant floor, which while being an increasingly attractive value proposition also exposes manufacturing organizations to significant cyber security and digital risks. This requires that they really focus on effective control and operational stability of the plant to prevent attacks that could have catastrophic consequences.
Finally, devices and products are becoming ubiquitous as they all become connected and part of the so called Internet of Things. As this happens threats become more pervasive and manufacturers need to step up their security protection of these devices. There needs to be better product and manufacturing system designs, an emphasis on minimizing access points, and increasing protection via perimeter isolation leveraging recent advancements in software defined perimeters, or SDPs.
In the end, it is about raising awareness and educating across the various silos of an organization. At Rise-es we are helping organizations see hidden threats by raising awareness of digital risk and vulnerabilities that cut across organizational boundaries. We completely agree with the DRM Institute’s approach and framework that takes a holistic approach to monitoring for vulnerabilities and how to prioritize those vulnerabilities as it relates to a particular business.
What do you do to “unwind” and have fun?
I do not have much free time as I really enjoy what I am doing here at Rise-es. But when I do take a break, I enjoy arranging musical gatherings, spending time with friends, watching live sports and musical performances, and travelling to interesting locations.