Department of Defense Cybersecurity Requirements Loom for Manufacturers
July 18, 2017
(ROCKY HILL, Conn., July 18, 2017) – Cybersecurity guidelines required by the Department of Defense (DoD) are likely to have an enormous impact on hundreds of Connecticut and Rhode Island approved manufacturers who may have received DoD contracts in 2016. By December 31, 2017, all DoD contractors (including small businesses) must meet minimum cybersecurity requirements or risk losing DoD business. Alarmingly, most manufacturers aren’t even aware of the looming deadline or what they must do to comply.
“Since the DoD’s mandatory cybersecurity compliance rule was issued, we are finding many contractors and subcontractors of all tiers seem to be unaware of the impending deadline and subsequent repercussions for noncompliance,” said Maribel Morgan, Director of Strategy & Technology at CONNSTEP, Inc., Connecticut’s manufacturing extension partnership.
The DoD Chief Information Officer must now be notified within 30 days of contract award of any security requirements not implemented at the time including cybersecurity compliance. In other words, if contractors don’t have proof of compliance, they risk removal from the approved DoD vendor list.
Joining CONNSTEP in spreading awareness about the DoD’s requirements is the Connecticut Procurement Technical Assistance Program (CT PTAP), Polaris MEP, the Manufacturing Extension Partnership center for Rhode Island and the Rhode Island Procurement Technical Assistance Center (RIPTAC).
The standards are outlined in a publication from the National Institute of Standards and Technology (NIST) and fall into 14 areas with specific security requirements that must be implemented as documented in, “NIST Special Publication 800-171.”
The categories include:
- Access Control
- Awareness & Training
- Audit & Accountability
- Configuration Management
- Identification & Authentication
- Incident Response
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System & Communications Protection
- Systems & Information Integrity
Failure to comply with these cybersecurity standards could have an enormous impact on manufacturers. Consider the size and scope of defense-related business in New England:
- New England defense contracting has generated more than $62B and over 319,000 jobs*
- The New England Defense sector produces $33.92 billion in products and services annually.*
- Nearly $34 billion in defense contracts to New England firms and institutions, $12.7 billion for Connecticut and $0.5 billion for Rhode Island.*
[*source: New England Defense Contracting Facts and Figures 2011]
Increasing the potential impact on manufacturers is the fact that the General Services Administration (GSA) and NASA also have similar cybersecurity requirements that must be met by the end of this year. The number of manufacturers potentially affected swells when taking into account contracts with those two federal agencies.
With cybersecurity a focal point for the DoD and all major industries, safe-guarding manufacturing supply chains is becoming more important than ever.
“We’re working with CONNSTEP and the Polaris MEP to spread the word through as many information channels as we can,” says Lisa Wood, Statewide Director, CT PTAP. “We’re planning information sessions, webinars and other forms of immediate education that Connecticut and Rhode Island contractors can access as solid resources to educate themselves on the compliance process. Together, we can provide a multitude of resources for businesses of all sizes to help them achieve compliance,” she adds.
Morgan is leading CONNSTEP’s new cybersecurity practice area, which provides information security assessment, remediation and regulatory compliance. CONNSTEP’s cybersecurity practice area adds to the in-depth consulting services for clients, including Growth Services, Operational Excellence (including Quality Systems and Lean), Leadership Development, Skill Development, Accelerating Technology, Research Services and Food Processing.
To view the letter from the DoD’s Office of Small Business Programs: http://www.acq.osd.mil/osbp/docs/Cybersecurity_04272016.pdf
About CONNSTEP, Inc.
Based in Rocky Hill, CONNSTEP is a consulting firm strategically helping companies in Connecticut to grow their businesses and improve operational methodologies, leading to increased profitability, improved efficiencies and creating sustainable competitive advantages in the marketplace. Partially funded by the Connecticut Department of Economic and Community Development, CONNSTEP is the Hollings Manufacturing Extension Partnership center for NIST, a U.S. Department of Commerce agency, which gives access to a national network of 58 MEP centers with more than 440 service locations and more than 1,300 trusted business advisors and technical resources.
About Polaris MEP
Polaris MEP is a statewide non-profit organization that provides competitive manufacturing business improvement programs to grow RI’s manufacturing industry. An affiliate of NIST, Polaris MEP is also a business unit of the University of Rhode Island Research Foundation.
About CT PTAP
CT PTAP’s mission is to provide marketing and procurement assistance to Connecticut businesses interested in selling their goods or services to federal, state, or local governments. CT PTAP is a Partner Program of seCTer (South Eastern Connecticut Enterprise Region). A statewide program serving all cities and towns in the state, CT PTAP also serves as a Procurement Technical Assistance Center funded, in part, through a cooperative agreement from the Department of Defense through a program administered by the Defense Logistics Agency.
The Rhode Island Procurement Technical Assistance Center (RI PTAC) is a member of a nationwide network of 98 federally funded Procurement Technical Assistance Centers providing a variety of services to Rhode Island based businesses of all sizes to help them navigate the complexities of contracting with federal agencies, state purchasing departments, and local government. RI PTAC is a Partner Program of the Rhode Island Commerce Corporation (CommerceRI). RI PTAC services are free to all Rhode Island businesses.
“CONNSTEP solved a huge problem for us and helped us bring our delivery rate to 100%. As a direct result of that, we have been awarded with an increase in business which, ultimately, will also benefit (our supplier) Har-Conn.”
“I see great value in the new experiences and perspectives CONNSTEP brings to our business, at reasonable prices. They’re not like consultants, they’re like partners in the business – willing to roll up their sleeves and help.”
“CONNSTEP has proved to be a tremendous resource for ESI. CONNSTEP has helped us to adapt to today’s marketplace and remain a quality minded, competitive global player. Our ISO/TS16949 implementation process was efficient and rewarding. I look forward to our future projects with CONNSTEP.”
“CONNSTEP worked with FuelCell Energy to educate and facilitate Lean initiatives and to help meet our needs to establish an overall production improvement plan. This plan has been utilized over a period of time as a ‘guiding light’ to spur numerous improvements that dramatically reduced our product cost.”
“CONNSTEP is a valuable partner to Hologic, providing the expertise and ‘outside eyes’ everyone needs to keep their continuous improvement on track. We are now well-positioned on a dynamic growth path and look forward to a long-term relationship with CONNSTEP.”
“Our experience working with CONNSTEP has brought us benefits we never expected. It’s a great team to work with!”
“The goals of the team were to reduce manufacturing lead-time, reduce floor space utilized, and increase worker productivity. All the goals were met. CONNSTEP helped us to better compete.”
“The Business Growth Program is working well for us. We enhanced our website following the meetings to improve our SEO and become more visible to search engines. The segment on negotiating … promoted changes in our thinking and improved how we interact with customers. The mentoring between sessions was helpful in boosting our progress.”