Balancing efficiency with security in manufacturing
Manufacturing is an essential part of everyday life — from the cars on the road to the pens in your desk drawer, manufacturers keep the world running. When it comes to security, there are a lot of moving parts for manufacturers to consider —access management, supply chain, theft, intellectual property and more —in order to keep production on schedule.
Protecting intellectual property is a top priority for security leaders in the manufacturing industry. At Whirlpool Corporation, Chief Security Officer Erik Antons says the company has more than 7,200 patents, including unique creations which the company has spent countless hours and dollars to develop.
“This is our intellectual property and for those who play by the rules, the path is long and incredibly expensive, marked with intense periods of experimentation, self-sacrifice and continuous improvement,” Antons says. “For those who don’t play by the rules, an alternative exists to this path — take the shortcut and steal the information — and the perpetrators of this theft can be massive competitors and state actors with nearly unlimited resources. So, intellectual property theft is a major area of concern for manufacturing organizations.”
Security awareness programs are probably the most rewarding tools in our bags — they rarely cost much to employ, our employees actually learn skills and feel empowered, and they allow us to demonstrate clear value for the enterprise and we create agents of every person who attends.”
— Erik Antons, Chief Security Officer at Whirlpool Corporation
Headshot image courtesy of Antons
When it comes to assessing and mitigating risk within a manufacturing environment, Antons says he employs many of the same tactics and techniques used in other industries. The company’s process first involved creating global standards and operating procedures, including technical standards, to establish minimal expectations for all sites around the globe.
“These are amalgamations of existing sources like International Organization for Standardization (ISO), American National Standards Institute (ANSI), American Society for Industrial Security (ASIS) and National Institute of Standards and Technology (NIST) and others which have been benchmarked from other organizations,” he continues. “Standards are great, but without enforcement, they’re nothing more than good ideas, so we needed to develop an enforcement mechanism.”
For this, an audit program was created that referenced global security standards and operating procedures, including a 147-point audit checklist which covers 10 different domains.
“The self-scoring checklist is easy enough for a senior guard to employ and is intended to take no longer than three to four hours to complete. Scores are automatically tabulated, improvement plans are created, and results auto-populate on a platform which we can access any time,” Antons says. “Additionally, we conduct formal gap analyses for our major owned and managed sites. Armed with this information, sites understand their vulnerabilities and have a clear remediation plan for meeting our standards. We then work directly with those sites to ensure compliance.”
STRIKING A BALANCE
One challenge security leaders can face is finding a way to balance security measures with the need for operational efficiency within the manufacturing setting. Antons says it often requires hundreds of employees to work a single shift in a factory, so the company’s controls must be omnipresent yet discreet and, ideally, enhance production.
“For this reason, we often try to employ solutions which have the dual purpose of providing security but also enhancing the production process,” he says. “We can’t escape certain controls which do impede movement (e.g., employee turnstiles and/or badge readers), but we try to make this as simple as possible and ensure our solutions are aligned with risk.”
Antons adds that next-level programming involves creating a culture of security where employees understand risk and how to report it.
“For this reason, security awareness programs are probably the most rewarding tools in our bags — they rarely cost much to employ, our employees actually learn skills and feel empowered, and they allow us to demonstrate clear value for the enterprise and we create agents of every person who attends,” he says.
WORKPLACE VIOLENCE MITIGATION
Manufacturing organizations can employ a large number of workers in order to build their products and while workplace violence isn’t unique to manufacturing, the sheer size of the workforce can exacerbate issues. No matter the size of the facility, security is everyone’s responsibility.
“Our employees must first understand what’s acceptable and what’s not. This starts with socializing company policy and should be an element of every security awareness presentation or training,” he says. “We then need to ensure our employees understand our promise to them should they witness something strange or against policy. This facilitates reporting. If we have this level of confidence in our system, our employees will report and can be counted on to act — to some extent — as our agents. The ultimate goal is to create a culture of security.”
Antons says Whirlpool’s workplace violence prevention program has intervened numerous times before violence either manifested or escalated.
“In 2022 we saw a significant uptick in the number of workplace violence incidents over the prior year, and we started to see this trend continue through the first half of 2023,” he adds. “We interpreted this as good news — our employees were aware of our program and felt empowered to report incidents, allowing us to intervene early. In some cases, we were able to provide support to people just going through a rough patch in their lives, and this has been very gratifying.”
