NDIA is a strong advocate for improving the protection of unclassified controlled technical information against cyber threats. While DoD and industry have focused much effort on protecting their business and engineering information systems, less action has been taken to improve protection of technical data in factory networks and control systems, which are increasingly subject to cyber threats. The Cybersecurity for Advanced Manufacturing Joint Working Group is a collaboration between the NDIA Manufacturing and Cyber Divisions.
The mission of the Cybersecurity for Advanced Manufacturing Joint Working Group Manufacturing Division and Cyber Division is to heighten awareness of emerging threats, vulnerabilities and consequences in manufacturing Industrial Control Systems (ICS) of the Defense Industrial Base to protect the defense contractors’ manufacturing capabilities essential to the Department’s technical strength. This joint government- industry working group aims to develop approaches for effective ICS cybersecurity solutions.
Government and industry members of the Cybersecurity for Advanced Manufacturing (CFAM) Joint Working Group (JWG) are working collaboratively to build on the recommendations in the 2014 NDIA white paper, Cybersecurity for Advanced Manufacturing. The CFAM JWG will identify the types and boundaries of cybersecurity threats, vulnerabilities, and consequences in the manufacturing environment and define actions to mitigate those risks.
This group will address the unique needs of cybersecurity for manufacturing systems and networks in general, and for the Defense Industrial Base (DIB) in particular.
Key findings from the original study include:
- The threat is real and manufacturing companies are targets
- Factory floor systems are a weak link in safeguarding technical information
- Small business manufacturers are not well equipped to manage the risks
The CFAM JWG will identify ways to incentivize and assist manufacturers (particularly small and medium enterprises (S&ME) in defense supply chains) to improve cybersecurity in manufacturing systems by evolving policies and contract requirements, enhancing security practices, and offering industrial / contractor workforce cybersecurity training. Implementation plans will be developed for the updated courses of action.
Today, the CFAM JWG membership stands at 49 with representation from four NDIA divisions: Cyber, Logistics, Manufacturing and Systems Engineering. Industry participation ranges from large companies to a woman-owned small defense manufacturer. In addition to defense businesses, the JWG has members from academia, trade organizations, and a federally funded research and development center.
Government representation comes from two branches of the Office of the Secretary of Defense (Office of the Chief Information Officer and Acquisition, Technology & Logistics), the Office of the Joint Chiefs of Staff, the Air Force Research Laboratory, the Department of Energy, Space and Naval Warfare Systems Command - Pacific, National Institute of Standards and Technology, and the White House Office of Science and Technology Policy.
Manufacturing Environment Team
Policy Planning and Impacts Team
Technology Solutions Team
Terms of Reference and Integration Team
Preliminary Questions to be Addressed in this study are:
- Boundaries . . .
– What defines a manufacturing environment?
– What use cases are important across the life cycle of the manufacturing environment?
- Mitigations . . .
– What actions and activities can improve cybersecurity in the manufacturing environment?
– What types of education, training and cultural changes are required?
- Development . . .
– What technical solutions can increase cybersecurity in the manufacturing environment?
- Resources . . .
– What existing policies regulations, and standards are applicable and what needs to be augmented, and by whom?
– What activities implemented outside the Department of Defense can be leveraged?