The ability of any company to stay competitive over time is directly related to how well their business model is designed to withstand attacks and stay secure. The intent of this analysis is to evaluate how an aircraft specialty manufacturer can keep their enterprise systems and firewalls safe over the long-term.
Security Assessment and Recommendations
My Name
My Teacher
SE571 Principles of Information Security and Privacy
TOC o "1-3" h z u
AS Company Overview
Two Security Vulnerabilities
Software Vulnerability
Recommended Solutions
Telecommunications Closet Security Recommendation
Impact on Business Processes
Budget
Aircraft Solutions (AS) is a globally recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Their manufacturing plants are located in San Diego, California and a second, in Santa Ana, California. At present these plants' manufacturing systems are linked entirely over the public Internet, with firewalls protecting the headquarters systems in San Diego that have IT, Finance and Sales & marketing. Production in Chula Vista, California and Santa Ana, California are located behind the same firewall that protects headquarters. This configuration presents a myriad of security challenges for the company, with the most significant being exposure of their manufacturing planning data in their manufacturing resource planning (MRP) and enterprise resource planning (ERP) systems. SA has a second weakness of having no proxy server protection from incoming data across the public Internet. If a competitor or even a foreign nation was able to gain access to just one server, they could feasibly hack into the core MRP and ERP systems, penetrating both the AS Company Overview
The software and hardware aspects of the company's security strategies are highly ineffective today for protecting the assets critical for running a project-based business in the industries they compete in. All A&D manufacturers who compete in project-based manufacturing programs as does have MRP and ERP systems that seek to optimize materials, production instructions and costs. Today these systems are vulnerable to outside hacks and intrusion over the public Internet (just a firewall separates the core information AS is running their business on from the outside world). In addition, there is no fail-over firewall strategy in place at the hardware level, with the most elementary being proxy servers (Leong, Yu, Lee, 2003).
Two Security Vulnerabilities
MRP and ERP System Vulnerability
The most strategic systems that AS relies on to run its business are the most vulnerable given its current enterprise-wide network and telecommunications configuration of the company today. Aircraft Solutions primarily relies on project-based manufacturing, with the DCNC (Direct Computer Numerical Control) machine data essential for completing individual projects. Without this data, the company will not be able to finish projects on time and get customers to pay them. The DCNC and project-based manufacturing data in their MRP and ERP systems are the life blood of their business. The vulnerability is having projects completely stop if the data is corrupted, the threat is that of competitors stealing the data and undercutting them to their own customers, and the risk and consequences are a potential rapid drop in revenue and eventually the company going out of business. The assets involved in this DCNC (Direct Computer Numerical Control) data and machines, BPM system and as it can be clearly seen in the case, their MRP and ERP systems as well.
The second vulnerability are the lack of proxy servers and sufficient fail-over firewall protection. Today anyone skilled enough to quickly break through the single firewall with have access to all data in headquarters, and throughout the DD and CD divisions. Further, their network infrastructure is protected initially by just a router. This is incredibly insufficient for the confidentiality of the data the company is dealing with on a daily basis. If Department of Defense (DoD) customers knew this was the configuration of their network infrastructure, they would be shut down and have a security audit performed. The threat of not having proxy servers and protecting their network with just a router include having their ability to produce and fulfill orders immediately disrupted. The vulnerability is their most critical enterprise-level information could be quickly compromised and used by competitors or even foreign governments to understand which DoD-related projects they are working on. The consequences would be immediate fines from their government-based contractors and a significant loss of revenue. The risk of the company going under is a real possibility of hackers from a foreign nation hostile to the United States gained access.
Recommended Solutions
Enterprise Resource Planning (ERP) and Manufacturing Resource Planning (MRP) systems are the most vital of all IT platforms as they both galvanize a manufacturer's business operations around customer demands (Marnewick, Labuschagne, 2005). Today Aircraft Solutions relies on a single-instance BPM system, DCNC (Direct Computer Numerical Control), and it can be inferred from their project-centric nature of their business, a comprehensive ERP and MRP system. This concentration of systems into a single, enterprise-wide platform is the greatest security risk AS faces today. The recommendation is redefine its monolithic approach to managing manufacturing and create a more stratified, separate system architecture to support headquarters, DD and CD divisions. Empirical studies of distributed manufacturing systems show greater performance and most importantly, greater levels of security, stability and redundancy (Brehm, Jorge, 2005). This approach to defining stratified system by location is often called a two-tier ERP strategy (Marnewick, Labuschagne, 2005). This will significantly reduce the risks and harden the entire enterprise system architecture of the company.
The lack of proxy servers and redundant security at the hardware level, if discovered by defense agency customers, would lead to the company losing contracts. The inclusion of a corporate-wide proxy server strategy would not only protect enterprise systems, it would also streamline performance of Web-based ERP and MRP systems performance (Brehm, Jorge, 2005).
Impact on Business Processes
AS is a manufacturing business that is heavily reliant on projects specifically designed to aerospace and defense-related customers' requirements. Inherent in this type of business model is the need for building in multiple product and service cycles to ensure customers' needs are met. Relying on a two-tier ERP platform strategy increases project manufacturing performance by up to 60% or more (Soja, 2006). For AS, the adoption of a two-tier ERP strategy will increase performance significantly while also delivering a more secure, stable enterprise IT platform as well. By aligning the MRP and ERP systems to DD and CD specific information requirements, project accuracy and performance will increase significantly. It is reasonable and prudent to expect project performance to increase by at least 15% while also attaining a significantly greater levels of security as well.
You’re 81% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.