Get the recap of John's cybersecurity advice from MITRE's recent event!
Our president and CEO, John Sinopoli, recently attended and presented at the MITRE Advanced Manufacturing (AM) Trust Showcase event at the UMass Lowell Innovation Hub in Haverhill, MA. If you weren't able to attend, you're in luck! We have a full recap—plus a video of John's presentation, including valuable advice on CMMC and cybersecurity.
An overview:
How Synagex became a compliance resource for manufacturers
A real-world example of the importance of CMMC
Taking a layers approach to cybersecurity and risk
A fun analogy to explain cybersecurity risk
Why partner relationship is key
Please enjoy our recap of the informative presentation, and feel free to reach out to the Synagex team for more information!
How did we get here?
Our story on becoming an expert resource for cybersecurity and compliance in the manufacturing industry.
When John started Synagex 6 years ago, he didn't imagine he would be working so closely with manufacturers. In fact, he imagined his clientele to be mostly in banking, considering his background working with IT in the banking industry.
Working in IT in banking presented a lot of focus on compliance, which has given Synagex an advantage in understanding industry standards that need to be met in order to continue doing business and keep growing. With audits and regulations being nothing new for John and the Synagex team, it was an easy transition to begin applying similar compliance plans and strategies to the manufacturing industry, where we saw a growing need for CMMC support.
Why is CMMC so important?
Our real-world example comparing two military jets should help explain why.
CMMC is essential to keep controlled unclassified information secure. For example, any parts that are designed or manufactured by the Department of Defense could be at serious risk of being stolen or copied—even by other countries. A famous example of this phenomena is comparing an American-made F-35 jet to a Chinese J-31 jet, which both feature strikingly similar design builds. Cybersecurity issues are speculated to have caused this copycat design.
Cybersecurity is about layers.
There's a lot of ways to talk about cybersecurity. We like to focus on risk—in layers.
Every business has a mission critical asset to protect, whether you are working for the DoD supply chain, a manufacturing organization or otherwise, and you need layers of protection to not only defend against risk, but also to contain and quarantine any threat that might get inside any part of your fortressed system.
We also want to think about layers of a company that can present risk, like you see in this risk rainbow illustration. Surrounding the mission critical assets, we have layers of risk beginning with physical access, and all the way out to humans on outermost layer—presenting the area with the most vulnerability.
An analogy of security layers with cars!
Consider the layers of protection for a family inside a 1970's Chevy vs. an autonomous vehicle.
We want to take our risk mentality and apply it when thinking about the possible risk layers that a car can present when it comes to getting the family inside from A to B. To follow this analogy, we can think of a 1970's Chevy as a flat network topology, with far less risks than say, an autonomous vehicle. Both have tires, mechanical pieces, etc. that could potentially have an issue, causing risk to our goal.
An autonomous vehicle, however, (relative to new industry operational technology) has exponentially more layers of risk. To name a few, there's GPS, cameras and sensors, and computers all powering the operation of the vehicle. These layers all need our attention to be sure they don't threaten our mission critical assets and goals!
Relationship is key.
When partnering with a cybersecurity service, a strong relationship will help you reach your goals.
Our clients often want to cut to the chase and arrive at their end goal as fast as possible—whether that's a compliance goal or otherwise. However, when talking about cybersecurity risk, the strategy and path to compliance can be so unique and personal to every individual business.
Technology alone won't solve the cybersecurity problem. While there is no one-box solution, Synagex tries to simplify the process into a package of people, process, tools, coaching and consulting. We believe the key is building a partner relationship with someone who understands your business needs and goals in order to achieve an effective and on-going result that is affordable attainable for your business.