Don't Take Cybersecurity Lightly!

Cybersecurity Compliance in The Age of Hacked Everything?

Everyone hears about cybersecurity in the news, it seems with greater and greater frequency, touching more and more of our lives.  Equifax got hacked.  The Chinese purportedly steal intellectual property and military secrets from American companies on a massive scale.  Retailers regularly report breaches of their systems exposing millions of customers’ credit card numbers to the “dark web.”

Right now, if your company is at all involved in a supply chain servicing contracts with the United States Department of Defense (DoD) as a direct supplier or as a subcontractor to a prime contractor with DoD contracts, there is a clock ticking away.  Ticking very, very loudly.

Your organization has until December 31, 2017, to become compliant with NIST SP 800-171. This is a requirement that is stipulated in the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012.  Fundamentally, the Department of Defense is taking very seriously the risk of cybersecurity and cyberespionage, and have taken a very strong stance that compliance must be achieved by the end of the year.  If a contractor is not compliant, they will not be eligible for to bid on further business.  I know in talking to a number of DoD contractors that there exists a great deal of disbelief that this deadline is “real,” that it won’t be extended, just like so many other “hard” deadlines in the past.

This time, they mean it.  Think about it – with cybersecurity in the news so much, with proof of breaches hitting the news almost daily, who in the Department of Defense would take the personal risk of relenting on a cyber-related deadline.  Would you like to be the hapless colonel called before Congress to testify after some horrible cyber incident impacts our defensive capabilities to explain why you let things slide?

Understanding What Is At Stake

What can possibly go wrong with non-compliance in a contract with the U.S. Government?

  1. Contract Termination. It is reasonably expected that the U.S. Government will terminate contracts with prime contractors over non-compliance with NIST 800-171 requirements since it is a failure to uphold contract requirements. Subcontractor non-compliance will cause a prime contractor to be non-compliant, as a whole.
  2. Criminal Fraud. If a company states it is compliant when it knowingly is not compliant, that is misrepresentation of material facts. This is a criminal act that is defined as any act intended to deceive through a false representation of some fact, resulting in the legal detriment of the person who relies upon the false information.
  3. Breach of Contract Lawsuits. Both prime contractors and subcontractors could be exposed legally. A tort is a civil breach committed against another in which the injured party can sue for damages. The likely scenario for a NIST 800-171-related tort would be around negligence on behalf of the accused party by not maintaining a specific code of conduct (e.g., NIST 800-171 controls).

As you can see from those examples, the cost of non-compliance is quite significant. As always, seek competent legal counsel for any pertinent questions on your specific compliance obligations.

How Can MAGNET Help?

MAGNET offers a proven and comprehensive four-step cybersecurity program. We will help you gauge your current situation and tailor a plan specifically for your internal capabilities, budget and time sensitivity. Here’s how it works:

STEP 1: DISCOVERY – the professional assessment of your company’s practices related to the new standard. If necessary, a gap analysis will be completed to document the scope to be remediated. (Estimated timing 1-2 weeks)

STEP 2: REMEDIATE TO MEET NEW STANDARD – supports all necessary fixes to ensure compliance. This may include updates to firewalls, patches, policy development, employee training, physical security, network configuration, etc. (Estimated timing 1-12 months)

STEP 3: TEST AND VALIDATE – verifies that all technology and physical security aspects are working properly. A penetration test may be necessary. (Estimated timing 1-4 weeks)

STEP 4: MONITORING/REPORTING – establishes ongoing monitoring and scanning of the required enterprise network. Creates a working process to log, remediate and report (as required) cyberattacks. (Ongoing)

In Summary….

  • Cybersecurity is a serious issue, particular for any company operating in the Department of Defense Supply Chain
  • Non-compliance poses significant, and potentially existential threats to your business
  • Although right now the Federal focus is on DoD contractors, expanding the scope to include anyone doing business with the government who is exposed to Controlled Unclassified Information is anticipate
  • Even if you do not do business with the government, cybersecurity is a risk to be taken seriously, and a potential competitive advantage in marketing your firm as a reliable business partner to your industrial customers
  • Follow this blog to keep informed

What can you do?

  • Bookmark this blog to stay informed (press CTRL + D for Windows users or Command + D for Mac users)
  • Follow MAGNET on LinkedIn and Twitter
  • Reach out to john.hattery@magnetwork.org if you want to discuss your organization’s project and program management, cybersecurity, procurement, product, operations, quality, workforce, specialized custom equipment, or other challenges
Print
Posted by John Hattery in Cybersecurity

Most Recent

Boosting Business through Responsible Growth

May 02, 2018 by MAGNET Ohio

Article submitted by Bank of America For mid-market companies, business success and responsible growth aren’t mutually exclusive. In fact, prioritizing responsible growth is becoming increasingly important, and successful companies are making sustainability central to their growth strategies. Beyond good corporate citizenship, they are recognizing the intrinsic link between the strength of their business and that of the communities and economies in which they operate. Leading your growth with those goals in mind builds resilience and better solutions for the future. Consider the following: Responsible growth companies perform better. Companies that consider the impact of risks and opportunities on the environment, local communities and society may produce better financial results than those that don’t. Additionally, 90% of companies believe a sustainability plan is important for remaining competitive. Responsible growth companies attract investment. A 2016 study by MIT Sloan Management Review and Boston Consulting Group surveyed 3,000 executives and managers from more than 100 countries. Findings revealed that 75% of senior executives in investment firms agree that a company’s sustainability performance is materially important to their investment decisions, and nearly half would not invest in a company with a poor sustainability record. Ninety percent of executives see sustainability as important, but only

MAGNET’S 2018 NORTHEAST OHIO MANUFACTURING SURVEY: EXECUTIVE SUMMARY

February 22, 2018 by Sam Wasylyshyn

HEADLINE The survey definitively shows that product innovation leads to more growth, while “grow your own workforce” strategies will be needed to fill the major labor shortages hampering small manufacturer growth. Emerging technologies like the Internet of Things (IoT), 3D printing, and digital manufacturing are beginning to enhance innovation and productivity, but still have significant room for adoption amongst Ohio’s small manufacturing businesses. ABOUT THE SURVEY Under the direction of the Ohio Manufacturing Extension Partnership (Ohio MEP), MAGNET: The Manufacturing Advocacy and Growth Network conducted a thorough survey of Ohio’s manufacturing base. Contributing approximately 20% of Ohio’s jobs (and driving in some regions up to 50% of Ohio’s economy), and generating a disproportionate amount of export revenues and Gross Regional Product, manufacturing is critical to Ohio. Greater than 95% of Ohio’s manufacturers are small (under 500 employees), and these manufacturers need to remain competitive both nationally and internationally to ensure our economy’s health. Ohio’s Development Services Agency and the National Institute of Standards and Technology, which runs the MEP, recognizes the importance of this sector and fuels MAGNET and the Ohio MEP program to directly serve and support innovation, efficiency, and growth in small and medium manufacturers. What manufacturers need

Manufacturing is Facing a New Reality

February 06, 2018 by Sam Wasylyshyn

How Virtual Reality and Augmented Reality Can Help Keep Our Engineers Safe and Our Manufacturing Strong Recall how difficult it was to put together complex LEGO creations when you were a child or helping a child. Now, picture assembling a fighter plane from a room full of parts. Even highly trained engineers can benefit from technology to help improve consistency and quality. Virtual reality (VR) and augmented reality (AR) are making near-perfect assembly a possibility in the manufacturing space. By wearing AR glasses that use cameras, depth sensors and motion sensors to overlay images onto the real working environment, engineers and factory workers can visualize the exact bolts, parts, part numbers and instructions on how to assemble a particular component correctly. Lockheed Martin began using AR goggles and improved F-35 assembly time by 30 percent, in addition to increasing accuracy to 96 percent[1]. In order to remain competitive, businesses should consider the ways VR and AR can improve efficiency and supply chain productivity. According to a recent BofA Merrill Lynch Global Research report[2], AR platforms can provide companies up to 25 percent in cost savings on installation of equipment. Here are four ways VR/AR is disrupting the mid-market manufacturing space: