NEMA Debuts New Resources for Best Practices in Supply Chain Management

What is Supply Chain Management? 

When developing a product to be sold on the open market, engineers need to think critically about the product's life cycle and how to protect the product and its data through each stage of this life cycle. During the lifecycle of a product, many different industries will each have an important role. 

In the manufacturing or assembly process, machine builders will handle and learn about the product. After the manufacturing stage comes distribution and getting the product on the open market. During this stage, the distributors will learn about your product and how to sell it to the customer. Supporting a product once it is being sold requires maintenance personal to understand how it works and how to troubleshoot problems. 

 

An engineer working on testing equipment in a facility. 

 

Once the product has reached the end of its lifecycle, how can the product be disposed or decommissioned safely and securely? All of these stages open the product to cybersecurity risks.  These risks can be very costly to a company and should be mitigated as much as possible. By using a common guideline throughout the industry, all companies can help reduce these risks.

 

NEMA's Guideline for Supply Chain Management 

The National Electrical Manufacturers Association (NEMA) has released a guideline for supply chain best practices for electrical equipment and products. This guideline aims to help manufacturers reduce potential cybersecurity risks during the development phase. The guide covers each stage of a product's lifecycle and provides guidance to prevent potential cybersecurity threats, identify threats, how relevant the threat is, analyze implications, and gives recommendations. Below is an outline of each lifecycle phase and how the guideline helps to ensure secure products are released into the market.

 

A box on an assembly line moving through the factory. 

 

During the manufacturing and assembly stage of the lifecycle, the machine or component is in the development stage. It is during the developing stage where engineers can reduce cybersecurity threats the most. The selection of maliciously tainted components or counterfeit components should be weeded out as much as possible. The design phase is the best place to prevent cyberattacks if the product is software or requires software, such as an assembly machine. The challenge is to identify the weak points of the software and strengthen where necessary. 

operational compliance is where the manufacture ensures the device is used in accordance with the intended use. Even though security is designed into the device, it is up to the end-user to use it as intended and ensure it is used securely. This may require the user to adhere to additional standards

The deployment and operation phase is where all the designed securities are put to the test. During the deployment and operation stage, the end-user could potentially cause cyber attacks with the equipment that was deployed. The responsibility to reduce or mitigate cybersecurity risks relies on both the manufactures and customers. 

 

A conveyor belt in an industrial facility. 

 

As equipment reaches the end of its intended lifecycle, components will sometimes have sensitive data stored on them. If these components are not decommissioned properly, that data could fall into the wrong hands. Companies that deal with refurbished equipment need to know if components are obsolete or could have sensitive data stored on them. These companies need to have access to decommissioning instructions to ensure they are removing equipment and re-integrating it safely.  

 

Best Practices for Control Engineers and Manufacturers 

NEMA designed this guideline to provide manufacturers and machine builders a framework to help mitigate future cyberattacks on equipment that could carry important data. As IIoT, Industry 4.0, and Cloud computing become more popular, factory equipment is exposed to the internet. 

It is up to the manufactures and machine builders to provide equipment that will not add to the list of cybersecurity risks. NEMA is hopeful that these guidelines will help reduce cybersecurity risks and increase supply chain management operations.