Manufacturers in Defense Department supply chains have known for years that they have to prove they’re operating at peak efficiency to compete in that space. For many, that meant pursuing ISO certification.
Now the DoD plans to apply the same rigor and expectations of supply chain contractors for cybersecurity. Any manufacturer that hasn’t taken steps to beef up its cybersecurity hygiene will need to start ASAP if it hopes to be a part of any DoD prime contactor’s supply chain.
Scott Singer, owner of cybersecurity consulting company CyberNINES, says he’s concerned that not all companies are as secure as their managers think they are.
“Our country’s supply chain is built on small business,” Singer says. “A lot of the ways people are trying to attack a Lockheed Martin or a BAE Systems or a Medtronic is through that supply chain where it’s not protected. So, it’s critically important that we protect that supply chain and help small- and medium-sized businesses become secure.”
The core of CyberNINES’s business is helping small- and medium-sized manufacturers comply with Defense Federal Acquisition Regulation Supplement (DFARS) around cybersecurity. Those regulations are in the midst of an evolution.
Several years ago, in the early days of the DFARS cybersecurity regulations, the government allowed manufacturers to “self-attest” that they were meeting the cumbersome regulations.
But now cybersecurity concerns are at a fever pitch, partly because of the Solar Winds breach, in which a major information technology firm with tens of thousands of clients that use its software was hacked by likely foreign cyber terrorists. A system once reliant on self-attesting is about to get more demanding.
Interested in learning how your cybersecurity checks out? Enterprise Minnesota is scheduling assessments that will provide you with insight and feedback on your security maturity. Contact us today.
As of Nov. 30, manufacturers were to have begun using a complex security standard measurement system and post their scores in a federal database. If their score suggests they’re not fully compliant, they need to tell the government when they plan to reach 100% compliance.
To complicate matters, there’s a new system coming online soon that will replace the self-attesting scores. It’s called the Cybersecurity Maturity Model Certification (CMMC) system, and eventually it will affect all prime and subcontractors working with the Department of Defense. This system, which will roll out in phases between now and 2026, will require manufacturers to undergo third-party auditing similar to ISO certification.
The CMMC takes a different approach than the portal score system, however. It offers five “maturity” levels (level 1 is the lowest, level 5 is the highest) corresponding to a manufacturer’s cybersecurity preparedness. Which contract you can bid on depends on your maturity level.
By 2026, any company wishing to work with the DoD will need that certification.
“All of a sudden there’re huge teeth in this,” Singer says.
Read more about how cybersecurity issues will affect manufacturers in the Spring 2021 issue of Enterprise Minnesota® magazine.
February 4 – A Model for Manufacturing Excellence Using ISO 9001
ISO expert Keith Gadacz will show you how to leverage the value of ISO and how it can be used to optimize your business. Online via Zoom Learn more and register
February 25 – Strategically Navigating an Uncertain Future
Our strategy and revenue growth expert Steve Haarstad will show you how to shorten your strategic outlook to help navigate uncertainty and plot a course for your company’s continued success. Online via Zoom Learn more and register
March 30 – Investing in Your People to Create Leaders at All Levels
Talent and Leadership expert Abbey Hellickson will be discussing how to determine and develop leadership competencies in your organization to help foster a company culture of growth and resilience. Online via Zoom Learn more and register
April 8 – How to Manage a High Performing Business: ISO
Learn the key elements of effective business management systems and the value of ISO 9001:2015 certification from expert David Ahlquist. Online via Zoom Learn more and register
MN Dual-Training Pipeline seeking industry feedback
MN Dept. of Labor and Industry’s (DLI) Dual-Training Pipeline program is an innovative approach to addressing workforce needs and is looking to add three new advanced manufacturing jobs to the curriculum. DLI is seeking survey feedback to validate competency pyramids for the jobs. Jan. 31, DLI.MN.gov Read more
Low tech gets it done
Regular, focused communications coupled with face-to-face communication is a low-tech, low-cost avenue to continual improvement. Jan. 28, IndustryWeek.com Read more
EDA grant targets south central MN manufacturers hit hard by pandemic
An Economic Development Administration grant is set to aid south central Minnesota manufacturers that have been negatively impacted by the pandemic. Jan. 28, KEYC.com Read more
What’s fueling the EV drive?
Electric vehicles are garnering significant attention, but is the market ready to make the shift? Jan. 27, IndustryWeek.com Read More
– – –
Enterprise Minnesota is dedicated to helping Minnesota manufacturers grow profitably. If you are interested in receiving The Weekly Report to your inbox, please visit our subscription page.