A federally-backed effort to improve cybersecurity of US manufacturing

The more compute-intensive manufacturing becomes, the more companies and their factories need cybersecurity protection. Now a new cyber roadmap is out from a gr...

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The more compute-intensive manufacturing becomes, the more companies and their factories need cybersecurity protection. Now a new cyber roadmap is out from a group called the Cybersecurity Manufacturing Innovation Institute. The group is backed by the Energy Department. Joining the Federal Drive with Tom Temin with more, the institute’s CEO, Howard Grimes.

Interview transcript:

Tom Temin: Mr. Grimes, good to have you with us.

Howard Grimes: Glad to be here, Tom.

Tom Temin: Tell us more about the institute. Who comprises it and what its purpose is here?

Howard Grimes: The institute is funded by the Department of Energy, there are 15 other what are called manufacturing innovation institute in the United States. Some of these are funded by the Department of Defense, some funded by the Department of Energy, like ours. And then there’s the National Institutes of Standards and Technology, or NIST also funds one. So they are all public-private partnerships. And our groups or partnerships of both industry and the federal government and academia. So in that sense, you know, we’re the only institute that’s focused exclusively on cybersecurity of U.S. manufacturing and enabling via cybersecurity practices and innovations to make U.S. manufacturers the most competitive in a fiercely competitive global environment.

Tom Temin: Sure. And can you describe some of the companies that are members, the company side?

Howard Grimes: Yeah, certainly, we have over 35 companies total. So just a subset of those I can mention here, General Electric, Lockheed Martin, Cisco, and many others.

Tom Temin: So some household names.

Howard Grimes: In addition to those are called original equipment manufacturers or OEMs. We also have a focus on small and medium manufacturers, because they comprise about 98% of U.S. manufacturers and are part of the supply chain to the companies I just mentioned.

Tom Temin: And just out of curiosity for a cybersecurity focus, and you call the organization CyManII, which is a sort of conglomeration of the words that make it up why the Energy Department and not NIST or somewhere in Commerce or [Department of Homeland Security], for that matter?

Howard Grimes: Yeah, so it’s very clear, actually. So the Department of Energy has been and is focused on increasing energy efficiency in a number of different areas, including U.S. manufacturing. Why do they have an interest in U.S. manufacturing? Well, if you think about it this way, the United States uses about 100 quads of energy a year, and of those 100 quads across the entire United States on an annual basis, 27 of those are used by U.S. manufacturers. So getting energy efficiency into the U.S. manufacturing ecosystem ultimately saves an enormous amount of energy in the United States, and thus why the focus of the DOE. Now why cyber in that is because to save energy, you have to and U.S. manufacturers are driving forward on this at amazing speed in the sense that they are digitizing their environments and ecosystems at two times the rate of any other industry in the world. But as they digitize those environments, they exponentially increase what we call the cyber attack surface area and the cyber attack volume. Traditionally, cybersecurity people talk only about the surface area. And that’s because most cybersecurity is focused on the perimeter defense, keeping the bad guys out of your network. In manufacturing, there’s both IT and OT are operational technology networks. And the OT comprises that volume factor that I spoke about.

Tom Temin: Sure. And increasingly there is interconnection between the IT and the OT, which we’ve seen can introduce vulnerabilities versus say in the 1970s when operational technology was self contained within a factory. Fair to say?

Howard Grimes: Yeah, very fair to say. In fact, the security of the past was based on what we call air gapping that OT environment. In other words, no connectivity to it. But that is not efficient and has already dramatically begun to change in there’s now a convergence of IT and OT networks, and you’re 100% right, that introduces new levels of cyber vulnerabilities into those operational and information technology levels.

Tom Temin: We’re speaking with Howard Grimes, He’s CEO of the Cybersecurity Manufacturing Innovation Institute. And for the Institute and federal funding and some of the companies you mentioned are major federal contractors. So the cyber issue is maybe several fold, including disruption of operations, but also the theft of intellectual property, which can be very damaging to competitiveness, would that be a good way to describe the issues you’re concerned with?

Howard Grimes: Yeah, certainly. First, understand that U.S. manufacturing is the number one cyber attack target for what we call our nation state adversaries, those nation state adversaries are sponsored by their home governments. And depending on the country that we’re talking about, the intellectual property can be the number one target of those nation state sponsored adversaries. So again, if you look across the board at all cyber attacks in the United States, close to 35% of them are leveled strategically against U.S. manufacturers, and of that, a large proportion are focused on IP theft. Now, keep in mind, we need to already think about what we call the post quantum world. The reason for that is is that in today’s world, cryptographic keys are somewhat successful in thwarting the decryption of stolen data. But there are countries now that are focused entirely on stealing as much of our data as they possibly can, because they’re also investing heavily in quantum computing, which makes the current cryptographic keys obsolete. So the idea is steal the IP now, we’ll decrypt it later. The IP theft is a major focus of the institute in how we protect, again, U.S. manufacturers from that theft.

Tom Temin: Sure. And of course, NIST, I think is about to or may have, by the time this airs have chosen cryptographic algorithms for quantum types of applications. We’re actually working with NIST on that, also. Let’s get to the roadmap that has just published, what’s in it, who is it intended for? And what’s its purpose?

Howard Grimes: Yeah, so the roadmap is the first roadmap of its kind focused on developing and outlining a multi-year multi-stakeholder strategy for cyber securing U.S. manufacturing and in doing so making those manufacturers more productive, more energy efficient and obviously much more cyber secure than is currently possible. So the roadmap looks at different manufacturing sectors and outlines very detailed plans for how the institute will go about putting those companies on a trajectory that again, will result in increased efficiency of operations, increased productivity of operations, and also a significant cyber hardening of those operations all simultaneously, we talk about that as epsilon or energy efficiency ROI. So instead of having cybersecurity being a financial black hole of investment in a never ending stream of additional firewalls and different approaches to network segmentation in the light, the institute is about is really going back to the fundamental mathematics, the fundamental physics and the fundamental engineering systems of systems designs, so that we create new architectures that are far more superior than anything currently available. We work with companies today, of course, on what their needs are for today. But the raison d’être of the institute, if you will, is creating these new generation of architectures with embedded trusted integrity of supply chains and developing really novel innovations that introduce a whole new era, if you will, of cybersecurity.

Tom Temin: And the Defense Department has a gambit that they’re trying to get off the ground, the Cybersecurity Maturity Model Certification Program, CMMC. I’m sure a lot of your members and you are aware of that program. And almost everybody has been thinking about that. Is there some harmonization between CyManII’s efforts? And CMMC? Are you taking that into account in the roadmap, that this could be a requirement coming down the pike?

Howard Grimes: Yeah, absolutely. So not only are CMMC requirements out there, but you just mentioned NIST requirements are out there and various standards and agencies and entities have other approaches to standards for interoperability and the like. No, we are hyper aware of the CMMC requirements. And towards that end, I worked with the University of Texas system and specifically our home university, which is University of Texas at San Antonio and worked with the Texas legislature to stand up what we call the Tex-Mex Hub for Texas times manufacturing transformation hub. We’re doing that in collaboration with the Port at San Antonio, and we’re standing up a workforce development hub at the port initially focused on delivery of CMMC training to manufacturers in the state of Texas. I’ve already initiated detailed discussions with the state of Virginia. George Mason University is one of our members as well as Virginia Tech and Virginia Commonwealth and so I’ve met with all of those universities to initiate a second training hub in the D.C. metro area and we’ll be moving out nationally from them. And initially again, those training hubs will focus on the immediate need of the CMMC requirements and helping manufacturers understand the requirements and more specifically training them on how to meet those standards.

Tom Temin: Sounds like we’re nearing convergence here, Howard Grimes is CEO of the Cybersecurity Manufacturing Innovation Institute. Thanks so much for joining me.

Howard Grimes: You bet.

 

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    NISTNIST, building, campus, National Institute of Standards and Technology

    A team at NIST helped keep methane and other greenhouse gases where they belong

    Read more
    People use Oculus VR headsets at the Panasonic booth at CES International, Tuesday, Jan. 8, 2019, in Las Vegas. (AP Photo/John Locher)

    Navy looks to turn cybersecurity into a game, literally

    Read more