How to Protect Critical Manufacturing Sector from Insider Threats?

By CIOReview | Friday, September 27, 2019

CISA serves to monitor and access information for insider threat detection and mitigation.

FREMONT, CA: Keeping in mind the importance of the security of the manufacturing sector, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a new guide coinciding with National Insider Threat Awareness Month that emphasizes on continuous and active monitoring for threats to keep critical operations safe.

Most insider threats exhibit risky behavior and can be identified before attempting malicious acts like theft, cyber espionage or attacks, sabotage, and workplace violence. Other unwitting insiders unintentionally disclose proprietary or additional sensitive information, download malware, or lead to some cybersecurity events. At the same time, it is tragic to hear that the critical manufacturing sector such as primary metals, electrical and appliance equipment, machinery, and transportation manufacturing shows the highest number of attacks on industrial control systems. Here, unmitigated insider risk can increase the risk of the attack.

To avoid this, an insider threat program should be introduced that includes a multidisciplinary team from within the organization who are properly trained and experienced in risk management. The team should take measures to detect, mitigate, deter, and report threats. These insider threat hubs stop potential insider threats by carrying out appropriate security countermeasures, including awareness programs. Eventually, the workforce involved must spot and report risks, thereby dealing with such threats while considering the organizational justice—employee perceptions of fairness in the workplace.

User Activity Monitoring (UAM) is another critical measure against risk and is employed on networks to discover malicious cyber activity, log risk indicators, and even head off workplace shootings at an early stage before accomplishment. It also plays a crucial role in prevention, assistance, and response to acts of violence. UAM development should include consideration of potential acts of violence against organizational resources, including suicidal ideation.

In an organization, the established insider threat program applies a risk management strategy tailored to the critical manufacturing sector. It includes identifying critical assets that users have the most access, and conducting a risk assessment that consists of the development of countermeasures, and planning responses that could include suspending access to information or changes in employment status.

The team members of the threat program including cyber/IT, personnel, information, or physical, can assist with mitigation response options like adjusting the UAM or other inspections, updating the security protocol, and providing the necessary training to create awareness to the workforce. Only a more protected critical manufacturing sector from insider threats will be regarded as a stronger sector.