Background
A mid-sized machining service provider serving various industries has a fast-growing defense business. One of the customers serving the US DoD required the company to be NIST 800-171 compliant. The CFO and the business unit leader saw this as an opportunity to build an enterprise-wide cybersecurity program in alignment with their enterprise risk management (ERM) efforts.
The company chose ResiliAnt to develop their cybersecurity risk management program in compliance with the NIST framework.
Key observations
The engagement uncovered a few critical areas that requiring leadership attention. First, the organization needed to manage cybersecurity of its IT infrastructure differently than the array of Bring-Your-Own-Devices (BYOD) and operational technology (OT) devices. Coordinating all cybersecurity related activities under a single governance mechanism was appropriate for them to realize some functional synergies. The CFO office emerged as an ideal group to manage these efforts because it was already administering the outsourced IT infrastructure management work.
Second, about 30% of all connected assets were found to be highly vulnerable. The OT devices, accounting for only 12% of all connected assets, were the most severely vulnerable. There were on average 372 unique critical vulnerabilities per OT device. The OT devices had not received the necessary attention from cybersecurity standpoint, making the company's operations vulnerable to disruptive cyber-attacks.
Third, the cybersecurity program also needed to include employee awareness and training, and cross-functional engagement to build a culture of security.
ResiliAnt is supporting the company in managing its new cybersecurity program.
ResiliAnt's proprietary solution helps organizations manage their operations technology (OT/IoT) related to cybersecurity risk. If you are interested in learning more about the solution, please reach us at info@ResiliAnt.co