Risk Management in Manufacturing Cybersecurity: A Profile-Driven Approach
Risk Management
The ‘Information Security Profile’ prioritises and informs cybersecurity operations based on the company's risk administration procedures. It assists in choosing areas of focus for security operations that represent the desired results for producers by supporting periodic risk evaluations and validating company motivations. A thorough grasp of the business motivations and safety requirements unique to the Production system and its surroundings is necessary in order to manage cybersecurity threats. Because every organisation has different risks and uses ICS and IT in different ways, there will be variations in how the profile is implemented.
Companies are currently adopting industry principles and cybersecurity requirements, which the Manufacturing Information is intended to supplement, not replace. Manufacturers have the ability to identify crucial operations for key supply chains and can order expenditures in a way that will optimise their impact on each dollar. The Profile's primary objective is to lessen and manage dangers associated with cybersecurity more effectively. The Cybersecurity Framework and the Profile are not universally applicable methods for controlling security risks for essential infrastructure.
Producers will always face distinct risks due to their distinct dangers, weaknesses, and tolerances for danger. Consequently, the ways in which companies adopt security protocols will also change.
Key Cybersecurity Functions: Identify, Protect, Detect, Respond, and Recover
- Determine
Create the organisational knowledge necessary to control the potential hazards of cybersecurity to information, systems, resources, and competencies. The Identify Function's tasks are essential for using the Framework effectively. An organisation can concentrate its efforts in a way that aligns with its approach to risk mitigation and company needs by having a clear understanding of the business environment, the financial resources that assist with vital operations, and the associated cybersecurity threats. Among the outcome characteristics that fall under this function are risk evaluation, mitigation strategy, the administration of assets, leadership, and the business environment.
- Protect
Create and put into place the necessary measures to guarantee the provision of crucial infrastructure amenities. The Protect Function's operations enable the limitation or containment of the possible impact of a cybersecurity incident. Instances of results Access Management, Knowledge and Instruction, Data Safety and Security, Data Protection Processes and Instructions, Repair, and Defensive Systems are some of the classifications that fall under this role.
- Detect
Create and carry out the necessary actions to determine whether a cybersecurity event has occurred. The Detect Function's operations make it possible to find vulnerability occurrences in an efficient way. This function's result subcategories include things like abnormalities and incidents, constant security monitoring, and identification processes.
- React
Create and carry out the necessary plans to address a cybersecurity event that has been discovered. The Response Function's operations facilitate the capacity to mitigate the effects of a possible cybersecurity incident. Within this Scope, emergency planning, interactions, analysis, prevention, and enhancements are a few examples of result categories.
- Recover
Create and carry out the necessary actions to uphold resilience tactics and restore any services or competencies that were hampered by a cybersecurity incident. In order to lessen the effects of a vulnerability incident, the Recovery Function's efforts facilitate a prompt return to regular operations. The following are a few instances of outcome subcategories under this role: communications, enhancements, and recovery planning.
Conclusion
The Information Security Profile, when seen in the framework of risk mitigation, offers producers a tactical method to deal with the ever-changing cybersecurity danger scenario. The assessment directs safeguarding operations prioritisation by recognising specific business reasons and connecting with corporate goals. The Profile enhances the cybersecurity standards and established industry guidelines by taking into account the differences in vulnerabilities and organisational subtleties among producers. It highlights the significance of a customised strategy, acknowledging that every business has unique risks and weaknesses.
The fundamental tasks of the Framework, to Identify, Protect, Detect, Respond, and Recover, serve as a thorough roadmap, guaranteeing a proactive and flexible approach to cybersecurity. The Profile's ultimate goal is to increase the efficacy of risk mitigation techniques, understanding that cybersecurity is a constantly shifting and evolving subject for the manufacturing sector.
References
- https://csrc.nist.gov/news/2020/cybersecurity-framework-v1-1-manufacturing-profile
- https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8183r1.pdf
- https://mysecuritymarketplace.com/reports/cybersecurity-framework-version-1-1-manufacturing-profile/
Related Blogs
Introduction
Summer vacations have always been one of the most anticipated times in a child’s life. In earlier times, it was something entirely different. The season was filled with outdoor games, muddy hands, mango-stained mouths, and stories shared with cousins under the stars. Children lived in the moment, playing in parks, riding bicycles, and inventing new adventures without a screen in sight. Today, those same summer days are shaped by glowing devices, virtual games, and hours spent online. While technology brings learning and entertainment, it also invites risks that parents cannot ignore. The Cyber Mom Toolkit is here to help you navigate this shift, offering simple and thoughtful ways to keep your children safe, balanced, and joyful during these screen filled holidays.
The Hidden Cyber Risks of Summer Break
With increased leisure time and less supervision, children are likely to venture into unknown reaches of the internet. I4C reports indicate that child-related cases, such as cyberbullying, sextortion, and viewing offensive content, surge during school vacations. Gaming applications, social networking applications, and YouTube can serve as entry points for cyber predators and spammers. That's why it is important that parents, particularly mothers know what digital spaces their children live in and how to intervene appropriately.
Your Action Plan for Being a Cyber Smart Mom
Moms Need to Get Digitally Engaged
You do not need to be a tech expert to become a cyber smart mom. With just a few simple digital skills, you can start protecting your child online with confidence and ease.
1. Know the Platforms Your Children Use
Spend some time investigating apps such as Instagram, Snapchat, Discord, YouTube, or computer games like Roblox and Minecraft. Familiarise yourself with the type of content, chat options, and privacy loopholes they may have.
2. Install Parental Controls
Make use of native features on devices (Android, iOS, Windows) to limit screen time, block mature content, and track downloads. Applications such as Google Family Link and Apple Screen Time enable parents to control apps and web browsing.
3. Develop a Family Cyber Agreement
- Establish common rules such as:
- No devices in bedrooms past 9 p.m.
- Add only safe connections on social media.
- Don't open suspicious messages or click on mysterious links.
- Always tell your mom if something makes you feel uncomfortable online.
Talk Openly and Often
Kids tend to hide things online because they don't want to get punished or embarrassed. Trust is built better than monitoring. Here's how:
- Have non-judgmental chats about what they do online.
- Use news reports or real-life cases as conversation starters: "Did you hear about that YouTuber's hacked account?
- Encourage them to question things if they're confused or frightened.
- Honour their online life as a legitimate aspect of their lives.
Look for the Signs of Online Trouble
Stay alert to subtle changes in your child’s behavior, as they can be early signs of trouble in their online world.
- Sudden secrecy or aggression when questioned about online activity.
- Overuse of screens, particularly in the evening.
- Deterioration in school work or interest in leisure activities.
- Mood swings, anxiety, or withdrawn behaviour.
If you notice these, speak to your child calmly. You can also report serious matters such as cyberbullying or blackmail on the Cybercrime Helpline 1930 or visit https://cybercrime.gov.in
Support Healthy Digital Behaviours
Teach your kids to be good netizens by leading them to:
- Reflect Before Posting: No address, school name, or family information should ever appear in public posts.
- Set Strong Passwords: Passwords must be long, complicated, and not disclosed to friends, even best friends.
- Enable Privacy Settings: Keep social media accounts privately. Disable location sharing. Restrict comments and messages from others.
- Vigilance: Encourage them to spot fake news, scams, and manipulative ads. Critical thinking is the ultimate defence.
Stay alert to subtle changes in your child’s behavior, as they can be early signs of trouble in their online world.
Where to Learn More and Get Support as a Cyber Mom
Cyber moms looking to deepen their understanding of online safety can explore a range of helpful resources offered by CyberPeace. Our blog features easy-to-understand articles on current cyber threats, safety tips, and parenting guidance for the digital age. You can also follow our social media pages for regular updates, quick tips, and awareness campaigns designed especially for families. If you ever feel concerned or need help, the CyberPeace Helpline is available to offer support and guidance. (+91 9570000066 or write to us at helpline@cyberpeace.net). For those who want to get more involved, joining the CyberPeace Corps allows you to become part of a larger community working to promote digital safety and cyber awareness across the country.
Empowering Mothers Empowers Society
We at CyberPeace feel that every mother, irrespective of her background and technological expertise, has the potential to be a Cyber Mom. The intention is not to control the child but to mentor towards safer decisions, identify issues early, and prepare them for a lifetime of online responsibility. Mothers are empowered when they know. And children are safe when they are protected.
Conclusion
The web isn't disappearing, and neither are its dangers. But when mothers are digital role models, they can make summer screen time a season of wise decisions. This summer, become a Cyber Mom: someone who learns, leads, and listens. Whether it's installing a parental control app, discussing openly about cyberbullying, or just asking your child, "What did you discover online today? " that engagement can make a difference. This summer break, help your child become digitally equipped with the skills and knowledge they need to navigate the online world safely and confidently.
Cyber safety starts at home, and there's no better point of departure than being alongside your child, rather than behind them.
References
- https://cybercrime.gov.in
- https://support.apple.com/en-in/HT208982
- https://beinternetawesome.withgoogle.com
- https://www.cyberpeace.org
- https://ncpcr.gov.in
Starting in mid-December, 2024, a series of attacks have targeted Chrome browser extensions. A data protection company called Cyberhaven, California, fell victim to one of these attacks. Though identified in the U.S., the geographical extent and potential of the attack are yet to be determined. Assessment of these cases can help us to be better prepared for such instances if they occur in the near future.
The Attack
Browser extensions are small software applications that add and enable functionality or a capacity (feature) to a web browser. These are written in CSS, HTML, or JavaScript and like other software, can be coded to deliver malware. Also known as plug-ins, they have access to their own set of Application Programming Interface (APIs). They can also be used to remove unwanted elements as per customisation, such as pop-up advertisements and auto-play videos, when one lands on a website. Some examples of browser extensions include Ad-blockers (for blocking ads and content filtering) and StayFocusd (which limits the time of the users on a particular website).
In the aforementioned attack, the publisher of the browser at Cyberhaven received a phishing mail from an attacker posing to be from the Google Chrome Web Store Developer Support. It mentioned that their browser policies were not compatible and encouraged the user to click on the “Go to Policy”action item, which led the user to a page that enabled permissions for a malicious OAuth called Privacy Policy Extension (Open Authorisation is an adopted standard that is used to authorise secure access for temporary tokens). Once the permission was granted, the attacker was able to inject malicious code into the target’s Chrome browser extension and steal user access tokens and session cookies. Further investigation revealed that logins of certain AI and social media platforms were targeted.
CyberPeace Recommendations
As attacks of such range continue to occur, it is encouraged that companies and developers take active measures that would make their browser extensions less susceptible to such attacks. Google also has a few guidelines on how developers can safeguard their extensions from their end. These include:
- Minimal Permissions For Extensions- It is encouraged that minimal permissions for extensions barring the required APIs and websites that it depends on are acquired as limiting extension privileges limits the surface area an attacker can exploit.
- Prioritising Protection Of Developer Accounts- A security breach on this end could lead to compromising all users' data as this would allow attackers to mess with extensions via their malicious codes. A 2FA (2-factor authentication) by setting a security key is endorsed.
- HTTPS over HTTP- HTTPS should be preferred over HTTP as it requires a Secure Sockets Layer (SSL)/ transport layer security(TLS) certificate from an independent certificate authority (CA). This creates an encrypted connection between the server and the web browser.
Lastly, as was done in the case of the attack at Cyberhaven, it is encouraged to promote the practice of transparency when such incidents take place to better deal with them.
References
- https://indianexpress.com/article/technology/tech-news-technology/hackers-hijack-companies-chrome-extensions-cyberhaven-9748454/
- https://indianexpress.com/article/technology/tech-news-technology/google-chrome-extensions-hack-safety-tips-9751656/
- https://www.techtarget.com/whatis/definition/browser-extension
- https://www.forbes.com/sites/daveywinder/2024/12/31/google-chrome-2fa-bypass-attack-confirmed-what-you-need-to-know/
- https://www.cloudflare.com/learning/ssl/why-use-https/
.webp)
Introduction
The rapid advancement of technology, including generative AI, offers immense benefits but also raises concerns about misuse. The Internet Watch Foundation reported that, as of July 2024, over 3,500 new AI-generated child sexual abuse images appeared on the dark web. The UK’s National Crime Agency records 800 monthly arrests for online child threats and estimates 840,000 adults as potential offenders. In response, the UK is introducing legislation to criminalise AI-generated child exploitation imagery, which will be a part of the Crime and Policing Bill when it comes to parliament in the next few weeks, aligning with global AI regulations like the EU AI Act and the US AI Initiative Act. This policy shift strengthens efforts to combat online child exploitation and sets a global precedent for responsible AI governance.
Current Legal Landscape and the Policy Gap
The UK’s Online Safety Act 2023 aims to combat CSAM and deepfake pornography by holding social media and search platforms accountable for user safety. It mandates these platforms to prevent children from accessing harmful content, remove illegal material, and offer clear reporting mechanisms. For adults, major platforms must be transparent about harmful content policies and provide users control over what they see.
However, the Act has notable limitations, including concerns over content moderation overreach, potential censorship of legitimate debates, and challenges in defining "harmful" content. It may disproportionately impact smaller platforms and raise concerns about protecting journalistic content and politically significant discussions. While intended to enhance online safety, these challenges highlight the complexities of balancing regulation with digital rights and free expression.
The Proposed Criminalisation of AI-Generated Sexual Abuse Content
The proposed law by the UK criminalises the creation, distribution, and possession of AI-generated CSAM and deepfake pornography. It mandates enforcement agencies and digital platforms to identify and remove such content, with penalties for non-compliance. Perpetrators may face up to two years in prison for taking intimate images without consent or installing equipment to facilitate such offences. Currently, sharing or threatening to share intimate images, including deepfakes, is an offence under the Sexual Offences Act 2003, amended by the Online Safety Act 2023. The government plans to repeal certain voyeurism offences, replacing them with broader provisions covering unauthorised intimate recordings. This aligns with its September 2024 decision to classify sharing intimate images as a priority offence under the Online Safety Act, reinforcing its commitment to balancing free expression with harm prevention.
Implications for AI Regulation and Platform Responsibility
The UK's move aligns with its AI Safety Summit commitments, placing responsibility on platforms to remove AI-generated sexual abuse content or face Ofcom enforcement. The Crime and Policing Bill is expected to tighten AI regulations, requiring developers to integrate safeguards against misuse, and the licensing frameworks may enforce ethical AI standards, restricting access to synthetic media tools. Given AI-generated abuse's cross-border nature, enforcement will necessitate global cooperation with platforms, law enforcement, and regulators. Bilateral and multilateral agreements could help harmonise legal frameworks, enabling swift content takedown, evidence sharing, and extradition of offenders, strengthening international efforts against AI-enabled exploitation.
Conclusion and Policy Recommendations
The Crime and Policing Bill marks a crucial step in criminalising AI-generated CSAM and deepfake pornography, strengthening online safety and platform accountability. However, balancing digital rights and enforcement remains a challenge. For effective implementation, industry cooperation is essential, with platforms integrating detection tools and transparent reporting systems. AI ethics frameworks should prevent misuse while allowing innovation, and victim support mechanisms must be prioritised. Given AI-driven abuse's global nature, international regulatory alignment is key for harmonised laws, evidence sharing, and cross-border enforcement. This legislation sets a global precedent, emphasising proactive regulation to ensure digital safety, ethical AI development, and the protection of human dignity.
References
- https://www.iwf.org.uk/about-us/why-we-exist/our-research/how-ai-is-being-abused-to-create-child-sexual-abuse-imagery/
- https://www.reuters.com/technology/artificial-intelligence/uk-makes-use-ai-tools-create-child-abuse-material-crime-2025-02-01/
- https://www.financialexpress.com/life/technology-uk-set-to-ban-ai-tools-for-creating-child-sexual-abuse-images-with-new-laws-3735296/
- https://www.gov.uk/government/publications/national-crime-agency-annual-report-and-accounts-2023-to-2024/national-crime-agency-annual-report-and-accounts-2023-to-2024-accessible#part-1--performance-report
