The Digital Manufacturing and Design Innovation Institute (DMDII) recently announced that information-security expert Koushik Subramanian was named director of its National Center for Cybersecurity in Manufacturing, which launched in March with $750,000 in seed funding from the U.S. Department of Defense.
Prior to his post at DMDII, Subramanian was director of risk and compliance at Uptake Technologies where he led data privacy, risk and information-security initiatives in addition to helping secure newly procured technology. Before Uptake, he worked with Trustwave helping Fortune 1000 companies become compliant with the Payment Card Industry Data Security Standard.security expert Koushik Subramanian was named director of its National Center for Cybersecurity in Manufacturing, which launched in March with $750,000 in seed funding from the U.S. Department of Defense.
“We are thrilled to welcome Koushik to the team to guide the National Center for Cybersecurity in Manufacturing as we ramp up our cybersecurity activities,” said Caralynn Collens, CEO of UI LABS, which hosts the DMDII. “His experience in the industrial IoT space will be invaluable as we continue to address the unique security needs of the connected factory for defense manufacturers and other corporate partners.”
Before we tour DMDII in September during the 2018 Smart Industry Conference, we chatted with Koushik to get his perspective on manufacturing vulnerabilities and cybersecurity concerns in the era of digital transformation. Take a look…
Smart Industry: Why are you joining this new initiative?
Koushik: I love challenges and puzzles. I have spent my entire career in cybersecurity and risk and I was fortunate to be a part of the digital transformation in the payment industry, which shares many parallels with the manufacturing industry. As attacks on the manufacturing industry increase, we need to find innovative and cost-effective ways to protect manufacturers that commonly lack resources or access to talent to help mitigate cyber-risks. It is a huge challenge to elevate the security posture across the entire manufacturing base. DMDII is where manufacturers forge their futures, and integrating cybersecurity strategies into their planning will be of the utmost importance.
What excites me the most is the 24,000 square-foot testbed here, which is filled with manufacturing technology that I can perform penetration testing on. Performing penetration testing on a commercial manufacturer can be difficult, as you have to get buy-in from management, limit the scope of testing, and test during off-hours. By having our own non-commercial testbed of manufacturing equipment, we are no longer limited and can perform more in-depth testing and find ways to mitigate security vulnerabilities and test remediation strategies at a much quicker pace.
Smart Industry: What is unique about cybersecurity in the manufacturing space?
Koushik: As manufacturers adopt more digital technologies, there is a need for connectivity and communications, which brings risk. There are also a lot of tools out there for securing iformation technology but not for operational technology.
The most common challenges are lack of resources, awareness, and access to talent. Many SMMs do not understand cybersecurity at the level that it warrants because they have not been forced to adhere to any standard other than the contracts that keep them in business.
Smart Industry: Why do hackers target manufacturing?
Koushik: A 2017 Verizon Data Breach Investigations Report found that 35% of all cyber-espionage attacks in the US are now targeted at the manufacturing sector, the largest of any single sector. These are nation-state affiliated attacks that are often looking to steal intellectual property as in the case of the recently publicized attack where Chinese Hackers stole unclassified data from a Navy contractor. There are huge implications here, specifically for manufacturers in the Department of Defense supply chains as the hacking of this information allows our adversaries to leapfrog our military innovation and provide insights into our plans, which allows them to more adequately develop counter measures. The attacks here are a matter of national security.