Does your disaster response planning include cybersecurity? Find out why it’s becoming critical for EHSQ.
Over the past decade, cyberattacks have increased in frequency and sophistication. Today, attacks present a palpable risk to both manufacturing systems and vehicles. Since fleets of vehicles (including forklifts and burden carriers) are critical for so many kinds of operations, the attack surface expands with the size of the fleet.
“I’m most concerned by the expansion of IoT without proper security measures. We’ll soon see the first car accidents caused by cyberattacks to self-driving vehicles.” --Kim Crawley, Cybersecurity Analyst
With the expanded presence of Industrial Internet of Things (IIoT) devices and components, no one is immune from ransomware attacks, data breaches, or misrepresentation. While wireless networks of sensors and controllers can provide continuous monitoring and detection, and richer information about what it all means in near real-time, IIoT also introduces new risks. The International Automotive Task Force (IATF) noticed this shift a few years ago, and responded by updating IATF 16949, the automotive quality management standard that replaced ISO/TS 16949 in late 2018.
Many organizations are still transitioning, and in the process, learning about why cybersecurity is so essential for IIoT health and performance. This includes exploring how your organization will respond to rare and damaging events. Clause 220.127.116.11 provides guidance for risk-based contingency planning, emphasizing potential impacts to the customer, and includes response plans for:
- Equipment failures
- Interruptions in supply
- Interruptions in utility services or other critical infrastructure
- Labor shortages or strikes
- Natural disasters or fires
Recently, the IATF added a new element to this list: responses related to cyberattacks. Although they specifically call for contingency planning “cyber-attacks on information technology (IT) systems,” your operations technology (OT) on the plant floor and fleet vehicles are just as important -- and should be examined in the context of the standard.
Cyberattacks can disrupt manufacturing operations or logistics within an organization, or within the supply chain, so these updates are a positive step for IATF -- and for the community they serve.
Crawley, K.(2019, November 28). What will cybersecurity be like in 2020? Predictions from the InfoSec pros. Secure Futures by Kaspersky. Available from https://www.kaspersky.com/blog/secure-futures-magazine/security-bites-2020-plans/31587/
IATF (2018, June 26). IATF 16949:2016 – Sanctioned Interpretations (SIs). Retrieved from http://www.iatfglobaloversight.org/wp/wp-content/uploads/2018/06/IATF-16949-SIs_June-2018_REV1_26June2018.pdf
About the Author: Nicole Radziwill is the Vice President, Global Practice Leader, Quality & Supply Chain at Intelex Technologies. Before Intelex, she was an Associate Professor of Data Science and Production Systems, Assistant Director (VP) End-to-End Operations at the National Radio Astronomy Observatory (NRAO), and manager and consultant for several other organizations since the late 1990's bringing quality management to technologically-oriented operations. She is a Fellow of the American Society for Quality (ASQ) with a Ph.D. in Quality Systems from Indiana State University. Nicole serves as Editor of Software Quality Professional (SQP) journal and is a former Chair of the ASQ Software Division. She is an ASQ Certified Manager of Quality and Organizational Excellence (CMQ/OE) and Certified Six Sigma Black Belt (CSSBB).
This material provided by the Intelex Community and EHSQ Alliance is for informational purposes only. The material may include notification of regulatory activity, regulatory explanation and interpretation, policies and procedures, and best practices and guidelines that are intended to educate and inform you with regard to EHSQ topics of general interest. Opinions are those of the authors, and do not necessarily reflect the opinion of Intelex. The material is intended solely as guidance and you are responsible for any determination of whether the material meets your needs. Furthermore, you are responsible for complying with all relevant and applicable regulations. We are not responsible for any damage or loss, direct or indirect, arising out of or resulting from your selection or use of the materials.
Would you like to become a member of the EHSQ Community? Sign-up is free and easy.