Categorization and Risk

Manufacturing System Categorization and Risk Management

OPERATIONALIZING CYBER RESILIENCE

Each Manufacturer’s organizational risk is unique.  A Manufacturer’s risk management must inform and prioritize cybersecurity decisions. To manage cybersecurity risk, a clear understanding of the business drivers and security considerations specific to the Manufacturing organization (business and operations), the Manufacturing System and its environment including its supply chain is required.  Recurring risk assessments and validation of business drivers help Manufacturers select target states for cybersecurity activities that reflect desired outcomes.

Manufacturing Business and Mission Objectives must be aligned to a focused set of cybersecurity controls structured into three levels of security (Low, Moderate, High) applied to the manufacturing system to support critical business goals, and achieve and sustain cyber resilience.

SECURITY CATEGORIZATION

These designations identify the security capability, functionality, and specificity for a defined risk level.  Manufacturing systems or components are categorized to the Low, Moderate, or High security levels.

Categorization is based on the potential impact if a security breach jeopardizes the manufacturing system or components, operational assets, individuals, or the organization.  Security categorizations are used in conjunction with vulnerability and threat situational awareness intelligence information (accessed through the Global Manufacturing ISAO (GM-ISAO) in order to assess and mitigate the risk to the organization.  The application of the definitions of the levels below must take place within the context of the organization, the facility and the manufacturing system.

Low Impact 
The potential impact is LOW if the loss of integrity, availability or confidentiality could be expected to have a limited adverse effect on manufacturing operations, assets, personnel, the general public, or the environment.

Moderate Impact
The potential impact is MODERATE if the loss of integrity, availability or confidentiality could be expected to have a serious adverse effect on manufacturing operations, assets, personnel, the general public, or the environment.

High Impact
The potential impact is HIGH if the loss of integrity, availability, or confidentiality could be expected to have a severe or catastrophic adverse effect on manufacturing operations, assets, personnel, the general public, or the environment.

SECURITY CATEGORIZATION PROCESS
The security categorization process influences the level of effort expended when defining, designating and management the risk levels. Manufacturing systems supporting the most critical and/or sensitive operations and assets demand the greatest level of attention and effort to ensure that appropriate operational security and risk mitigation are achieved.

The process is scalable and supports intensifying security protections when needed, while maintaining a conventional baseline.  Each higher security level builds from the baseline starting the the LOW designation.  The MODERATE and HIGH designations each include all of the stipulations from the levels below.

Each security level is positioned as the platform to support the next higher level implementation or categorization. Security level implementation starts with LOW and increases in rigor through MODERATE and HIGH implementations. The LOW security level represents the starting baseline for all manufacturing systems.  The MODERATE security level will implement the LOW security guidance as well as the Moderate.  The HIGH security level implements all of the LOW and MODERATE guidance as well as the HIGH inputs.

RISK IMPACT LEVELS

Low (Limited, Serious, Severe or Catastrophic)
Moderate (Limited, Serious, Severe or Catastrophic)
High (Limited, Moderate, Severe or Catastrophic)
 

Limited Adverse Effect

Degradation in Mission Capability, System is Able to Perform Primary Functions, Effectiveness of Functions Noticeably Reduced

Minor Damage to Operational Assets

Minor Financial Loss

Minor Harm to Individuals

Serious Adverse Effect

Significant Degradation in Mission Capability, System is Able to Perform Primary Functions, Effectiveness of Functions Significantly Reduced

Significant Damage to Operational Assets

Significant Financial Loss

Significant Harm to Individuals (Does Not Include Loss or Life or Serious Life Threatening Injuries)

Severe or Catastrophic          Adverse Effect

Severe Degradation in or Loss of Mission Capability, System is NOT Able to Perform One or More of its Primary Functions

Major Damage to Operational Assets

Major Financial Loss

Severe or Catastrophic Harm to Individuals Involving Loss of Life or Serious Life Threatening Injuries