Featured Product
This Week in Quality Digest Live
Lean Features
William A. Levinson
Deciding whether you need CAPA or a bigger boat
Mike Figliuolo
No one needs recurring meetings, unnecessary reports, and thoughtless emails
Daniel Marzullo
Think and plan more deeply with this exercise
William A. Levinson
Quality and manufacturing professionals are in the best position to eradicate inflationary waste
Mark Graban
Focus on psychological safety instead

More Features

Lean News
Embrace mistakes as valuable opportunities for improvement
Introducing solutions to improve production performance
Helping organizations improve quality and performance
Quality doesn’t have to sacrifice efficiency
Weighing supply and customer satisfaction
Specifically designed for defense and aerospace CNC machining and manufacturing
From excess inventory and nonvalue work to $2 million in cost savings
Tactics aim to improve job quality and retain a high-performing workforce
Sept. 28–29, 2022, at the MassMutual Center in Springfield, MA

More News

Celia Paulsen


Getting Cyber-Creative When Business Is Slow

Downtime provides an opportunity to refocus before driving forward again

Published: Thursday, May 14, 2020 - 12:03

Nobody likes business to be slow. If you’re in a fast-paced world like manufacturing, seeing your machines or employees idle can drive a person insane. If you’re used to your production line working to capacity and suddenly business slows down, it can be a frustrating time.

When I was in the U.S. Army, we used our downtime to train and clean. On one occasion, we spent nearly two weeks waiting for a change of orders. By the end of the first week, every weapon, every desk, and every blade of grass was spotless. There was nothing left to clean, so we cleaned it all over again!

Over time, I learned that downtime can actually provide a good opportunity to refocus before driving forward again. It offers time to take inventory, get a little creative, and do some renovation, literally and figuratively. My personal downtime to-do list includes organizing my papers, redesigning my closet, playing with my 3D printer, replacing my stair treads, fixing that one light switch, learning something I’ll soon forget, and though you may laugh, improving my cybersecurity posture.

It’s true; I’m a cybersecurity geek. I’ve been a cybersecurity researcher at NIST since 2011 and am now detailed to NIST MEP as the cybersecurity services specialist.

You may also have a long downtime to-do list, but I want to encourage you to add three simple things that can have big cybersecurity rewards.

1. Take inventory

Just like with most projects, the first step in cybersecurity is knowing what you are working with. Two kinds of assets are critical: 1) any equipment that has a computer chip inside, including things like cell phones, robot arms, and of course, computers; and 2) information.

Taking inventory of these items may not be as complex as you might imagine. One of the easiest ways is simply to have a notebook or whiteboard where, for a week or so, you write down every piece of information and equipment you can think of that you use, as you think of it. When taking inventory of your information, include where that information is stored. Make sure to include those things that aren’t written down anywhere that might be essential to your business, like your grandmother’s secret dumpling recipe. For equipment or technology, try to find out if it’s connected to your network or the internet, what operating system it runs on, and if there is a log-in option (whether you use the log-in option or not).

2. Get a little creative

People don’t usually think creativity and cybersecurity go well together, but those people are straight-up wrong. Cybersecurity is a world of “what-ifs.” It’s storytelling, designing, and creating. While looking through your inventory of information and equipment, ask yourself, “What if somebody wanted to steal it?” and, “What if it was messed up, broken, or incorrect?” Tell yourself a story.

If your story sounds like something Stephen King might have come up with, it’s probably time to change the narrative. Now here’s the deceptively fun part: Dig out that old, dusty business plan of yours along with the safety policy, quality manual, and any other documents you might have. Is it like looking at your high school yearbook, full of outdated ideas (and haircuts)? Use this opportunity to write a new plan, but this time, instead of a horror novel, write one where things aren’t so scary.

A cybersecurity plan should document what your business currently does to protect information and equipment, but you can also use it to document what your business could do. This is science fiction time: Tell a story of how you are going to become a company that does cybersecurity well. It should be specific and include details on how and when you plan to reach your goals. For example, you may need to purchase new hardware, but it isn’t in your budget this year. Decide when you’ll make the purchase and include that in your plan. Basically, your cybersecurity plan is a road map to a more secure future for your manufacturing company. If you do business with the U.S. Department of Defense, you may have heard of the term plan of action and milestones that serves as a formalized version of this futuristic story.

3. Do some renovation

There are two things in cybersecurity that people tend to put off until it’s too late. These two things can have the biggest, most immediate impact. People put them off because they are tedious and often interrupt normal workflow, which makes them perfect for what to do when business is slow.

First, looking through your inventory of equipment, are you using obsolete operating systems or software packages? What about your browsers? Run those updates! Most updates fix security holes that are well-known and easy for somebody to crack into. Not updating your systems is like leaving the window down in your car and leaving your wallet on the seat. Don’t do it.

Second, change your passwords. All of them. It takes a bit to get used to a new password, so it’s best done when you’re not stressed about being able to log in immediately. Check those machines that don’t have a user log-in because they may have a hidden, administrative password used to change settings. Make your passwords (or pass phrases) long and difficult to guess but easy to remember. A good example might be a lyric from your favorite song or four seemingly unrelated words that have meaning to you.

Times when work is slow can often be times of worry and frustration, but they don’t have to be. Wisely using this time to refocus can be an immensely valuable exercise. Taking an inventory of information and technology is a simple yet powerful tool for building future cybersecurity capabilities. Imagining what a company might look like and designing a plan on how to get there can be an educational and inspiring activity. Updating systems and passwords is a must, and easiest to do when work is slow.

As a bonus, learn more about what you can do for your business with this NIST cybersecurity guide, and learn more about cybersecurity in general with this list of free and low-cost online educational content. If you’d like further advice customized to your business’s cybersecurity needs, reach out to your local MEP Center to connect with an expert from the MEP National Network.

First published April 21, 2020, on NIST’s Manufacturing Innovation Blog.


About The Author

Celia Paulsen’s picture

Celia Paulsen

Celia Paulsen facilitates efforts to improve the cybersecurity posture of small and medium size manufacturers throughout the United States as the National Institute of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP) cybersecurity services specialist. She has been at NIST for about 10 years doing research and developing guidance in areas such as cyber supply-chain risk management, small business cybersecurity, and cybersecurity for additive manufacturing. Prior to joining NIST, Paulsen was an analyst for the National Security Agency in the U.S. Army. She has an MBA in information security from California State University, San Bernardino, and bachelor’s degrees in information technology and business management.