In the world of manufacturing, one security measure has stood out above all others: the “air gap.” This technique, which isolates technology from the outside world, once provided a reasonable shield against cyber threats. However, as our reliance on digital connectivity grows, this once-reliable defense has become as outdated as floppy disks and serial connections.
Integrating operational technology (OT) with information technology (IT) has blurred the lines between previously isolated systems, creating a more complex security landscape. The air gap typically refers to technical processes, but the technique has also been applied to the workforce. Many workers are employed without an identity, an email address, or any technology. Manufacturers, as the backbone of our industry, who fail to connect their people, their processes, or their technology are at a competitive disadvantage. But that’s not to say it’s easy.
This challenge is not unique to manufacturing. It’s a shared struggle across industries. Healthcare workers navigate the need for quick, often chaotic access to shared devices while the education sector grapples with issuing digital identities to elementary school children who lack email addresses. The demand for secure, efficient, and inclusive technology solutions is universal, underscoring the necessity for innovative, adaptive, and often creative approaches to cybersecurity.
People-Centric Challenges
- One of the most pressing challenges is managing employees’ identities who require access to cloud-based or external applications. Ensuring these identities are managed adequately without overburdening the IT department is critical. For example, a user on a plant floor may need an email address or a secondary device to reset their password efficiently. This problem is exacerbated by the need to ensure security while maintaining productivity. Solutions must be found that balance ease of use with robust security measures to prevent unauthorized access.
- In many manufacturing environments, shared devices are an everyday necessity. These devices must be accessible to multiple users while maintaining secure and individualized access controls. Managing access to shared devices can be challenging, particularly when preventing unauthorized access and ensuring that all activity on the device is tracked correctly and attributed.
- The manufacturing sector often relies on temporary workers or experiences high employee turnover. This high rate of onboarding and offboarding employees creates a unique challenge in maintaining cybersecurity standards. Temporary employees may require immediate access to systems and data, but providing individual credentials can be time-consuming and risky. Additionally, high turnover rates mean that credentials need to be constantly updated and deactivated, which can strain IT resources.
Strategies for Robust Cybersecurity
Businesses must address technology and human factors to tackle cybersecurity challenges comprehensively. Here are some key strategies:
- Access control is built on three pillars: something you know (like a password), something you are (biometric data), and something you have (a security token). In manufacturing environments, where gloves, hairnets, and safety gear are standard, relying on biometric data (something you are) can be tricky. Similarly, issuing physical tokens (something you have) might add excessive costs. Therefore, exploring flexible access solutions, such as temporary or time-based access controls, is crucial to ensure effective and practical security in these unique settings.
- As technology advances, Multi-Factor Authentication (MFA) is becoming both more accessible and more essential. Now is the time for businesses to start planning for MFA implementation. Companies can ensure a smooth transition by laying the groundwork for MFA, including educating employees about its benefits and preparing the necessary infrastructure. Adaptive MFA offers many promising options for manufacturing.
- You’ve automated your production line to boost efficiency and productivity—now it’s time to apply that same strategy to digital access. Automating digital access management streamlines the process, reduces the burden on IT departments, and ensures that employees have the access they need when they need it. Automating onboarding, access control, and credential management tasks allows you to maintain a secure environment while freeing up resources to focus on other critical areas. Be sure to dedicate resources and time to your IT team for a future-proof design.
The Path Forward
In conclusion, the evolution of cybersecurity in the manufacturing sector highlights a broader truth: adaptation is critical. Just as the air gap has transitioned from a robust safeguard to a quaint relic, our approach to securing digital identities and access must evolve. Integrating IT and OT presents challenges but offers unprecedented opportunities to rethink and redesign our security frameworks. By embracing flexible access solutions, planning for MFA, and automating digital access management, manufacturers and all industries can stay ahead in the ever-shifting landscape of cyber threats.
The road to robust cybersecurity is paved with both technological innovation and human-centric strategies. It’s about balancing convenience and security, ensuring every employee—from the plant floor to the executive suite—has seamless, secure access without compromising productivity.
Stay vigilant, stay secure, and keep pushing forward.
About the Author
Erik Gross is the Deputy Chief Information Security Officer (CISO) at QAD. Erik leads cybersecurity initiatives, blending his rich experience with a leadership ethos that encourages collaboration and adaptability. At Redzone, Erik was the Vice President of Security, where he was instrumental in developing the security program from the ground up. His professional roots in operational technology (OT) provided a firm understanding of industrial security challenges. His leadership emphasizes the essential role of people in cybersecurity, fostering a culture where teamwork and agility are crucial, thereby enhancing problem-solving and organizational responsiveness. His 15+ years of experience highlights a commitment to strengthening security practices while creating an environment where every team member’s input is key to the collective cybersecurity effort.
Erik can be reached online at https://www.linkedin.com/in/erikgross1/ and at our company website https://www.qad.com/.