Efficient Plant June 2023 - 32

column | cybersecurity insights
MRL
Deskbook
Includes
Cybersecurity
Criteria
Laura Elan
MxD
A
TTENTION MANUFACTURERS!
The Department of Defense
has released a new set of cybersecurity
criteria to help manufacturers assess
network and equipment security on their
shop floors. The Manufacturing Readiness
Levels (MRLs), guidelines that manufacturers
use to assess processes and risks ahead
of full-scale production, now include this
cybersecurity criteria.
In its latest Manufacturing Readiness Level
Deskbook (dodmrl.com), the DoD added a
four-page appendix on operational technology
(OT) cybersecurity. The appendix
outlines growing threats and lists ways to help
safeguard factory floors.
" Malicious actors have increasingly targeted
the manufacturing industrial base with
software attacks that could disrupt manufacturing
operations and degrade the quality of
the products being produced without being
detected, " the Deskbook reports. " Therefore,
manufacturing readiness must include the
protection of shop floor computer networks
and equipment. "
" Adding that cyber component to the
MRLs was critical, " said MxD Chief TechAn
appendix to the DoD Manufacturing
Readiness Level Deskbook can help you
shore up your OT cybersecurity.
nology Officer Federico Sciammarella.
" As we incorporate more and more digital
technology into manufacturing, there has to
be some basic level of cyber-maturity to avoid
increasing risk. "
Used commonly in industries including
Laura Élan is Senior Director of
Cybersecurity for MxD Cyber: The National
Center for Cybersecurity in Manufacturing,
Chicago (mxdusa.org). Elan supports
MxD's cybersecurity projects and
initiatives and leads the company's
Cybersecurity Steering Committee.
32 | EFFICIENTPLANTMAG.COM
defense, aerospace, automotive, and medical
devices, MRLs provide a blueprint that takes a
new product through 10 levels, starting at
experimental phases and moving to fully
vetted, final production stages.
Organizations can assess readiness at each
level, evaluating factors including design,
manufacturing process, cost, and supply
chain. These assessments are used on a range
of projects, Sciammarella said, particularly in
the development of complex products.
MRL assessments using the new criteria,
" are not intended to be detailed cybersecurity
audits. Instead, the purpose is to ask simple,
fundamental questions to assess whether
OT cybersecurity has been considered by
the organization and determine whether or
not basic, common-sense controls have been
implemented. The end goal is to identify risks
or major potential gaps in OT protection. "
The book also notes that flexibility is crucial
as, " manufacturing SMEs who are conducting
MRL Assessments are not expected to be
cybersecurity experts. "
The DoD provides definitions of OT
equipment, directing users to the National
Institute of Standards and Technology (NIST)
Special Publication 800-37. For more information,
also reference the NIST SP 800-82.
The Deskbook lists ways to mitigate OT
cybersecurity risks including:
Address cybersecurity throughout the
MRL process, starting with manufacturing
concept development to full-rate-production.
Implement a network topology for information
technology (IT) and OT networks
that have multiple layers, with the most critical
communications occurring in the most
secure and reliable layer.
Provide logical separation between corporate
and IT and OT networks.
Employ a demilitarized-zone network
architecture, i.e., prevent direct traffic
between the corporate and IT and OT networks
of the manufacturing environment.
Ensure that critical components are on
redundant networks.
Consider protecting manufacturing process-related
data, including recipes, configuration
control information, test parameters,
and results.
Where possible, use operator authentication
on OT equipment. EP
JUNE 2023
http://www.dodmrl.com http://www.mxdusa.org http://www.EFFICIENTPLANTMAG.COM
Efficient Plant June 2023

Table of Contents for the Digital Edition of Efficient Plant June 2023
