Prepared for a cyber war? As cybercrime targets proliferate, manufacturers will need an army of cybersecurity experts to repel the hackers. MxD has identified 247 cyber roles that manufacturers need to consider.
   
By Chandra Brown

 

Once cyber attackers successfully penetrated an unnamed German steelmaker’s corporate network with a spear-phishing attack, they were free to roam through the company’s computer systems, including the production network. That’s when the real trouble started.

The hackers knew their way around IT security systems and the specialized software used to operate the plant. After they compromised a number of industrial control systems, including industrial components, the system failures avalanched. Plant operators scrambled to avert catastrophe but were unable to shut down a blast furnace properly, causing massive damage.

This is not the synopsis of a disaster film, but an account of a cyberattack from 2014, according to Germany’s Federal Office of Information Security and reported by BBC News.

As Industry 4.0 increases the digital connectivity of manufacturing, more targets become vulnerable to cyberattacks. There has never been a greater need for an army of cybersecurity experts to protect and defend these networks.
And now consider this: There were about 805,000 cybersecurity experts working in the U.S last year, according to a 2019 ISC2 workforce study. And this: The report said we need 500,000 more.

An Urgent Call to Action 

While the stakes are high and the task is daunting, MxD sees an opportunity as well as a challenge.
We believe that to address the threat posed by cybercrime, we must reimagine cybersecurity. We must enlist the resources, expertise, and innovation found in the public and private sectors to create the infrastructure to train those half-million experts. And more fundamentally, MxD believes manufacturers won’t become truly secure until cybersecurity becomes the responsibility of all employees.

MxD lays out the case for these changes and offers concrete steps companies can take now in our free, downloadable report, “The Hiring Guide: Cybersecurity in Manufacturing.” It outlines the roles that government, academia, and industry can play, and it identifies 247 cybersecurity roles in manufacturing — some current, and some that will be needed in the future.

The report is not a white paper to shelve for later reading. It is a call to action and a blueprint for every manufacturing executive, human resources department, educator, and policymaker interested in cybersecurity.

Time for a New Plan 

In 2018, the Department of Defense designated MxD as the National Center for Cybersecurity in Manufacturing to help create awareness and solutions for manufacturers to handle our unique cybersecurity risks. We took that mandate seriously.

We canvassed our members and asked them what they were worried about. Time and again, we heard, “I know there is a risk, but I don’t know where to start. I don’t know what kind of technology we need, or what types of skills my workforce needs to ensure that my organization is secure. I don’t know the appropriate amount to invest in developing or acquiring these skills.”

Working closely with ManpowerGroup over an intense 10 months, MxD researched the issues and stress-tested solutions. We called in experts from government, particularly the National Institute for Standards and Technology, and combined their perspectives with those from academia and industry to consider not just what is necessary now, but what kind of jobs will be needed in the future.

The Hiring Guide should inform educators at high schools, community colleges, and universities interested in updating curriculum to prepare students for attractive, high-tech careers that will be in high demand.

“There were about 805,000 cybersecurity experts working in the U.S last year, according to a 2019 ISC2 workforce study — and the report said we need 500,000 more.”

Acknowledge Business Realities 

U.S. manufacturing is operating under pressure not seen since the Great Recession, and the uncertainties created by the COVID-19 pandemic make forecasting and planning difficult. Even before the pandemic struck, increasing investment in cybersecurity was complicated by companies not knowing how best to spend the money.

That is why we focused on roles, not jobs, so that manufacturers of any size and level of cyber maturity can begin adapting now to the challenges they face.
The Hiring Guide recommends how to train current workers to handle these new functions and outlines the skills, career paths, and the education they’ll need. The guide also addresses future technology horizons, including AI/machine learning, blockchain, cyber-physical systems integration, 5G networking, cloud and edge computing, and biometrics.

Essential Roles Breakdown 

MxD recognizes that the number of roles — 247 — can by itself be intimidating. We break down the report in a number of ways so users can access the information they find most useful. For instance, the report lists 26 roles deemed immediately critical.
The guide then goes in-depth to fully explore the responsibilities and potential of four roles identified by industry and academia to be especially crucial to the future of cybersecurity. They are:

The Cybersecurity IT/OT Integration Engineer is a primary designer for cross-functional engineering, technical, and operations security programs. As the traditional closed manufacturing environment becomes more interconnected through Internet of Things (IoT) devices, more complicated supply chains, and cloud computing, the need for convergence between information and operation technologies is vital. Securing these networks is even more essential. These engineers assess risk and opportunity at a high level, and then design and implement the needed systems and policies. They are critical players in breaking down barriers between corporate IT and production and bridging various plant/facility operations.

The Secure Design Product Life Cycle Manager is a product-value–driven visionary, orchestrator, advocate, and point of assurance for the secure design and development of a product. As smart toilets perform in-home medical lab tests, ovens are operated remotely, and infant car seats adjust straps automatically for a baby’s weight and height, the need for security continues long after the product leaves the factory floor.

The Supply Network Cybersecurity Compliance Manager recognizes that the supply chain represents a juicy target for hackers. These managers, armed with experience in supply chain management, cyber governance, and procurement management, must deliver on improving the honest collaboration between supplier and contractor communities and manufacturers.

The Manufacturing Cybersecurity Systems Operator is an entry-level role that serves as the eyes, ears, and voice for Information Technology and Operational Technology. These operators’ primary focus is to monitor, record, detect, and report security system performance and functions, while also bridging gaps between IT and OT, a capability that becomes ever more important as plants upgrade to interconnected machinery, automation, and data-driven operations. This role has great growth potential, providing wide-ranging experience to someone looking to get into cybersecurity or for companies looking to diversify their cyber workforce.

The report not only identifies and describes these roles, but also details key responsibilities, competencies, the experience and education needed, and the business case for each position.

MxD will continue to build out and publish detailed explanations for the rest of the roles on the critical list as partners step forward to help fund the development of those roles.

The Siemens Foundation has been an early partner in funding the development of the in-depth role profiles, and in coming months, we will be updating the Hiring Guide to include several more. Interested foundations and companies are welcome to join us in building out these success profiles.

More Than Just Insurance 

It is easy for CEOs to see their cybersecurity budget as another type of insurance payment, only good in the hopes of blocking an attack or as a hedge against a likely breach. Certainly, the statistics illustrate the stark realities of that view.

  • Cybercrime will cost companies $6 trillion globally by 2021, doubled from just five years ago, according to predictions from Cybersecurity Ventures. Manufacturing is the third most common target — and growing quickly.
  • Hackers attack every 39 seconds, according to a University of Maryland study.
  • Cyberattacks on IoT devices tripled in 2019, according to CSO Online. The average financial impact of such an attack is $330,000, according to the 2019 Deloitte and MAPI Smart Factory Study.

Indeed, cybersecurity could also be considered a business continuity expense, especially for small and mid-sized manufacturers, which employ fewer than 20 people and account for the majority of all firms in the sector. These are the same firms coming under an increasing number of attacks.

“MxD recognizes that the number of roles — 247 — by itself can be intimidating.”

A successful breach or ransomware attack can disrupt or hobble business for days, weeks, or in some cases months, a timeframe that makes even large manufacturers sweat.

Cybersecurity Is Everyone’s Business 

In the process of listening to our members, researching the issues, and developing this report, we discovered there is an equally compelling business decision for manufacturers to build a robust full-cycle cybersecurity system. We believe progressive CEOs, eager to take advantage of exciting new technologies such as virtual and augmented reality, AI, and the immense potential of IoT, will see the competitive advantage their companies can achieve by including cybersecurity in every aspect of their business.

An important tipping point will come when employees at each step of the manufacturing process — from research and design to supply chain to production and sales, and from the factory floor to the corporate suite — incorporate cybersecurity best practices in their work.

It is not hard to envision — if we aren’t there already — that the cybersecurity of commercial devices, the ability to deliver a much-needed product despite a concerted cyberattack, or the care taken to protect a partner’s valuable intellectual property will become central selling points.

MxD stands with manufacturers nationwide and will continue to work with all parties to develop policies and regulations, fortify the educational pipeline, and disseminate best practices so we can begin to turn the tide against cybercriminals.

This report marks just the latest step in MxD’s commitment to its members and the nation. We will build on this foundation and continue to seek out innovative solutions. I want to personally thank our partners at ManpowerGroup and the generous support of the Siemens Foundation that is already making possible follow-up work to update our research in a dynamic and ever-changing field.

MxD helps manufacturers solve problems that are too big for any one company to handle alone. Cybercrime is just such a problem — and it’s going to take the combined efforts of industry, government, and academia to solve. MxD is committed to supporting industry as we define our needs, identify solutions, and build partnerships to tackle this growing threat.

Learn more by downloading the Hiring Guide at www.mxdusa.org/hiringguide. You also can view a related webinar, “Cybersecurity Hiring Guide for Manufacturers,” at this link: https://www.manufacturingleadershipcouncil.com/mxd_hiringguide/.

We urge interested executives, hiring managers, and cybersecurity experts who want more information or to join us in this work to reach out to Lizabeth Stuck, Senior Director of Workforce Development, at lizabeth.stuck@mxdusa.org.   M