Cybersecurity Requires a Culture Change 

The industry talks a lot about culture change, but I’m almost certain they are not referring to cybersecurity. I’m even more certain that most shops do not have a dedicated IT person focused on cybersecurity. Meet Eric Slaughter.

Slaughter is a full-time IT Manager for MoldMaking Technology’s 2019 Leadtime Leader Award Winner X-Cell Tool and Mold (Fairview, Pennsylvania) who believes there needs to be a change in the culture across manufacturing so that cybersecurity is no longer just a luxury a company has.

“We are attacked every single day here,” Slaughter says. By attacked, he means attempted penetrations or probing of common networking protocols over the internet from Iran, China, India, Germany, the Netherlands and Africa. Eric’s job is to help thwart those network penetration tests, including on their VPN. “Agencies out there are checking our VPN to see if we have unpatched VPN vulnerabilities that they can exploit. So, the thing that's supposed to be the most secure is now also under attack.”

A VPN takes your computer out onto the internet and connects it to the firewall at the company, making it look like your computer on the internet is on the inside of the network. In reality, all the communications that go across the VPN cannot be seen because they are encrypted at the firewall and at the computer, which each have a “key” to unlock for communications to go back and forth.

Steps to Security

Slaughter says awareness, education and vigilance are key to cybersecurity for every shop. Today, a common threat are links connected to a botnet sent via email. These emails appear authentic, so employees click on the links. His job is to elevate everyone's awareness about this trend and to build confidence in their system, which will never send an employee an email like that. His reaction to security reports cannot always be in real-time; but the setup provides visibility about what is happening so he can address each situation. “I can't be everywhere at all times. This isn't 100-percent tracking of all perils, but it is an early warning system,” Slaughter says.

He describes his whole action plan as “grooming people” to be aware of what's going on because it's going to happen again. It seems to be working as the shop has had threats on the network that resulted in zero damage and zero downtime. “I am building up awareness. They are my front line,” Slaughter says.

The top item on Slaughter’s to-do list when he started at X-Cell was looking at the shop’s infrastructure and network equipment and then laying in several miles of Category 6 network cable. This cable takes the transmission from the NIC or WiFi on your computer to switching equipment, the internet, cameras, CNC machines, security systems, fire alarms, printers, etc. It is the nervous system of the network that he helped build from scratch.

Slaughter notes that Category 5 network cable is the traditional option, which can accommodate the speeds X-Cell requires on the network, but Category 6 takes the shop to the next level. They basically over planned for future capacity.

The number one vulnerability challenge, according to Slaughter, is finding a good way to interface 20-year old computerized machine technology with new security control software and getting them to talk to each other securely. “It’s taking something that was never designed to run in a secure environment and making it secure,” Slaughter says.

Cybersecurity is not just for big business. Slaughter believes in bringing big business knowledge to the smaller business affordably so that they can compete securely. “But never assume this is something you can do on your own. You want a second pair of eyes looking at you looking at yourself. Find a consulting firm to help you.”