With the recent crisis that has unfolded in Eastern Europe, there is an increase in activity directed toward the large and small companies that make up the Defense Industrial Base. According to the FBI, National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), this activity is targeting companies with support contracts for the Department of Defense. These contracts cover command and control, communications and support systems, and weapons as well as aircraft and vehicle systems. Such actions go back to the first Cold War, but are aided by a host of new technologies. Today, espionage and sabotage are conducted from a nice office with a computer terminal, not by an undercover secret agent in a dark alley.
This means an increase in attempts to steal technology and disrupt and compromise business and manufacturing control systems for the Defense Industrial Base manufacturers. However, it’s important to keep in mind that there has been a background war against the U.S. industrial base for decades. Nation-state actors have directed considerable resources to gain access to industrial manufacturing systems and compromise or steal technology. A primary focus are Microsoft 365 systems, including cloud services and local networks. The avenues of attack are email and poorly configured/maintained systems, which is nothing new as demonstrated in the Colonial Pipeline and SolarWinds cyberattacks.
The logical question is, “What can companies do to secure their systems?” Look anywhere, and there will be innumerable lists: 10, 20, 50 things to do.
For example, the Department of Defense, Acquisition and Sustainment cites five straightforward actions that any company of any size can take without a great deal of cost and effort—essentially actions that all companies should be doing anyway. Those actions are the bare minimum—adequate security will require more, including the following recommendations.
First is education and training. This is one of the essential things to do, as 90 percent of all successful attacks begin with email. Your employees and system users need to be able to recognize fraudulent emails and understand the concepts of phishing. This is a universal requirement. The COVID-19 pandemic’s isolation requirements also has turned “romance scams” into a multibillion-dollar business, in which people again can be unknowingly entrapped due to a lack of awareness.
Second, implement access control. This is very broad and incorporates authentication and monitoring. However, it is essentially restricting access to system resources and information. The best way to do this is by having separate user IDs and passwords for different applications. For example, having the same ID and password for all your bank accounts is not wise; each account needs to have a separate set of login credentials. The same goes for business applications. As a single user, you should have a set of credentials for system administration and a second set for application user access or business functions.
Third, authenticate users. There are two things to consider: one is a long password or passphrase; another is multi-factor authentication (MFA). For passwords, set a minimum of 10 or more characters; the longer, more complex (numbers, letters, characters), the better. Turn on MFA, which is similar to using a car seatbelt. It takes time to put on a seatbelt, but it keeps you from flying out of the windshield during an accident. By using MFA, you will be more secure than 85 percent of all users.
Fourth, monitor your surroundings and physical controls, which are often neglected tools for system security. To properly secure information, you need to recognize that system requirements are not only cyber or IT security. Managing physical security means controlling physical access and media with controlled information. Know where sensitive media is; it has a lifecycle, and it needs to be disposed of properly. Consider the Internet of Things (IoT) and the physical devices that impact your network.Fifth, update your security protections. Outdated software puts you at great risk; antiquated anti-virus software is useless. One of the easiest things to do to secure your system is to turn on automatic system updates.
The threat against companies is constant and, in today’s world, it is increasing. But companies can take preventive actions. To reduce vulnerabilities, we recommend starting with a few simple things. The goal should be system security, which like a good safety program, is a process that will never end. The five security practices listed above are low cost, with a high impact in terms of providing system security. The best advice: Start now.
SME recently announced its 2022 International Honor Award recipients. These seven leaders, from industry and academia, are recognized for their contributions in the areas of manufacturing technologies, processes, technical writing, education, research and management, and service to SME.
For more than six decades, SME’s International Honor Awards have identified professionals whose bodies of work have led to critical breakthroughs and advancements in manufacturing technologies, processes and education, as well as honored members for their volunteerism. This year’s select awardees’ involvement with SME dates back to 1980, showing the consistent dedicated role SME plays within manufacturing.
The 2022 International Honor Award winners are:
--Eli Whitney Productivity Award—Jay Lee, PhD, FSME, Foxconn Technology Group, Mason, Ohio
--Joseph A. Siegel Service Award—Vesna Cota, VMMI, Markham, Ontario
--SME Albert M. Sargent Progress Award—Yuebin Guo, PhD, FSME, Rutgers University-New Brunswick, Piscataway, N.J.
--Donald C. Burnham Manufacturing Management Award—Lisa Strama, The National Center for Manufacturing Sciences, Ann Arbor, Mich.
--SME Education Award—David E. Hardt, PhD, FSME, Massachusetts Institute of Technology, Cambridge, Mass.--SME Frederick W. Taylor Research Medal—I.S. Jawahir, PhD, FSME, University of Kentucky, Lexington, Ky.
--SME Gold Medal—A. Erman Tekkaya, Prof. Dr.-Ing., Dr.-Ing. E. h., Technische Universität Dortmund, Dortmund, Germany
SME is currently accepting nominations for the 2023 International Honor Awards. The submission deadline is Aug. 1. Visit sme.org/awards to submit a nomination.
During its annual RAPID + TCT 2022 event, which ran May 17-19 at Detroit’s Huntington Place, SME’s AM Technical Community Leadership Committee and Direct Digital Manufacturing Advisory Team presented the Additive Manufacturing Industry Awards. These two groups produce content for the organization’s programs and other industry events on advanced AM technologies and processes that allow the development, testing and manufacture of new products faster and more cost effectively.
The Additive Manufacturing Industry Awards celebrate the outstanding accomplishments of individuals, teams, and companies creating significant impact in commercializing AM. All three of the awards are focused on the application of AM technology to production, not just R&D.
The 2022 Additive Manufacturing Community Award winners are:
--AM Industry Achievement Award—Slade Gardner, PhD, President and Founder, Big Metal Additive, Denver
--Aubin AM Case Study Award—VELO3D, Campbell, Calif.; and IMI Critical Engineering, Birmingham, UKDigital Manufacturing Challenge—The winning design was titled “Hybrid Wire-Arc Additive Manufacturing of Topology Optimized Aviation Components,” from team members Daniel Chirvasuta, Nathanael High, Matthew Martin, Benjamin Nguyen, Omkar Shinde, Nicolas Tomanelli, Virginia Tech, Blacksburg, Va. Faculty advisors included Christopher Williams, PhD, and doctorate student Sam Pratt, with assistance from industry advisor Dan Braley, CAM-T, Boeing Global Services, St. Louis.
To learn more about SME’s Additive Manufacturing Community’s Additive Manufacturing Industry Awards, visit sme.org/awards.
Connect With Us
