ITAC logo
ITAC Cybersecurity Resources
ITAC logo
ITAC Cybersecurity Resources
Grant Funding Opportunity NOW OPEN
Up to $300k at 50% cost share for qualifying* projects.
Grant Funding Opportunity Open
Qualifying* small and medium-sized US manufacturers, that received an ITAC, Onsite Energy/CHP TAP, or qualified equivalent assessment since 2018 can now apply for grants for implementation of assessment recommendations at up to 50% of qualifying* project costs with a maximum of $300,000 per grant.
See Complete Announcement
Grant Program - Open Solicitation
IMPORTANT: The grant program now operates on a rolling basis and applications may be submitted at any time through the year, with quarterly reviews.
*See Full Grant Solicitation for full qualification and selection details.

As systems to control energy-using manufacturing equipment become more connected to the internet, it is important for plant operations staff to have an understanding of cybersecurity risks and to coordinate risk management activities within their organization.

Small businesses may not consider themselves targets for cyber-attacks. However, they have valuable information cyber criminals seek, such as employee and customer records, bank account information, and access to larger networks. They can be at a higher risk for cybersecurity attack because they have fewer resources dedicated to cybersecurity.

By addressing risk areas, you can protect your business from damage to information or systems, intellectual property theft, regulatory fines/penalties, decreased productivity, or a loss of trust with customers.

ITAC Cybersecurity Assessments

Industrial Training and Assessment Centers work with manufacturing clients to increase awareness of cybersecurity risks and potential mitigation activities. As part of facility site visits, ITAC clients may elect to receive cybersecurity risk assessments to identify security and privacy deficiencies to the business infrastructure, with a focus on vulnerabilities associated with industrial controls systems.

The ITAC Industrial Control Systems Cybersecurity Assessment Tool includes 20 simple questions to characterize industrial controls systems and plant operations. The tool then provides a high level assessment of risk (high, medium, or low). The companion User Guide provides additional context for the questions included in the tool, to help clients understand how certain business practices lead to cybersecurity risk. Upon conclusion of the assessment, the tool generates a customized list of action items associated with the risks identified. For additional guidance, ITACs refer clients to additional technical resource materials available through the NIST Manufacturing Extension Partnership (MEP) and other organizations.

Cybersecurity_Tool

ITAC Industrial Control Systems Cybersecurity Assessment Tool

Download Assessment Tool Download User Guide

Cybersecurity Fundamentals for Small and Medium Sized Manufacturers

Most plant operations managers are not cybersecurity experts, but can benefit from a basic understanding of cybersecurity risks and mitigation activities. A guidance document provided by NIST, NIST Small Business Information Security: The Fundamentals, provides a thorough and easily readable overview of cybersecurity basics.

As a first step, organizations need to understand their cybersecurity risks, to determine where the organization is vulnerable and may be subject to disruption of systems and processes. Organizations can use helpful checklists from the NIST document, or other cybersecurity assessment tools, to conduct the following activities:

Once risks are understood, organizations can determine appropriate mitigation activities. Example activities are shown below, grouped into the five broad categories of the NIST Cybersecurity Framework:

IDENTIFY

Identify and control who has access to your business information Conduct background checks Require individual user accounts for each employee Create policies and procedures for information security

PROTECT

Limit employee access to data and information Install surge protectors and uninterruptible power supplies (UPS) Patch your operating systems and applications Install and activate software and hardware firewalls on all your business networks Secure your wireless access point and networks Set up web and email filters Use encryption for sensitive business information Dispose of old computers and media safely Train your employees

DETECT

Install and update anti-virus, -spyware, and other –malware programs Maintain and monitor logs

RESPOND

Develop a plan for disasters and information security incidents

RECOVER

Make full backups of important business data/information Make incremental backups of important business data/information Consider cyber insurance Make improvements to processes/procedures/technologies

Additional Cybersecurity Assessment Tools

Once an organization has a basic understanding of cybersecurity risks and vulnerabilities, a more detailed assessment can be used to determine mitigation actions and security controls. Some of the common tools used to perform assessments are listed below. The CSET tool is one of the more comprehensive tools available for small and medium-sized manufacturers. Organizations can explore resources available to help conduct assessments (e.g., ITACs, MEPs, third party vendors).

Additional Resources

National Institutes for Standards and Technology Manufacturing Extension Partnership (MEP)
Provides cybersecurity resources for small manufacturers, based on the NIST Cybersecurity Framework
Department of Homeland Security National Cybersecurity and Communications Integration Center (NCIC)
Provides resources focused on industrial controls systems
Federal Communications Commission
Industry and University Cybersecurity Studies