Addressing threat vectors at Focus On Manufacturing Security
Focus On Manufacturing Security, hosted by Canadian Security magazine and held on April 18, shone the spotlight on many aspects of security in the industrial workplace, including IoT, cybersecurity, breach notification, industrial espionage, and safety best practices.
The day began with a comprehensive presentation by Imran Ahmad, Partner, Miller Thomson LLP, who offered insight into cybersecurity and privacy concerns that are — or should be — of paramount concern to business operations of all types, particularly those in manufacturing environments. Everything from denial of service attacks to possible identity theft are challenges now facing many organizations. “We get a call once a week about people impersonating a senior officer in a company seeking financial information,” said Ahmad. Insider threat is the biggest threat of all. There is very little to stop a person taking a picture of a crucial piece of intellectual property and sharing that with outsiders who may stand to benefit. As such, Ahmad recommended a degree of employee monitoring without overstepping reasonable boundaries into Big Brother territory. He also recommended that organizations perform threat risk assessments on a regular basis and be able to demonstrate that they have taken the appropriate steps to protect themselves and their clients. Such measures will go a long way in the event of any kind of information breach or legal action that may come as a result.
A panel of experts followed to discuss the major aspects of designing and implementing an effective physical security infrastructure, plus new security technologies and methodologies that will have an impact on future operations. The group comprised: Terry Hoffman, Principal, Zerobit1; Don Leschuk, Vice President Operations, Russell Security; Paul Laughton, Architect and Engineering Manager, Axis Communications; and Iain Morton, Executive Vice President – Eastern Canada, Paladin Technologies/Paladin Security Group.
Following lunch, Michel Juneau-Katsuya, a former CSIS intelligence officer and now CEO of The Northgate Group, offered insight into the world of espionage in its many forms including state-sponsored; company against company; organized crime; activists who may be seeking to disrupt or embarrass a corporation; as well as the most prevalent — insider threat. Juneau-Katsuya said as much as 85 per cent of espionage cases are perpetrated by an employee spying on their own company. “The wolf is in the barn,” he said. “We’ve got to be able to change that.” He recommended a comprehensive threat risk assessment at a minimum. Organizations must also recognise the vital role their own security departments have to play. If security is marginalized or treated as merely a cost centre, “you’re out of the game.”
The day closed with a primer on safety in the workplace from Jorge Bagnasco, a site safety professional with Safety First Consulting. Bagnasco covered the major legislation affecting employers in Ontario. There is a huge disparity amongst companies affected by the legislation, he said, with some going above and beyond in terms of preparation and compliance, whereas others still do not know what they need. Moreover, a health and safety manual is no good if it’s just a 3-inch thick document in a binder sitting on a top shelf, said Bagnasco. “It has be reviewed annually.”