The Foundation for Manufacturing Excellence (FME; Washington) announced a host of services and resources for manufacturers seeking to meet the Department of Defense (DoD) minimum cybersecurity requirements. All DoD contractors and subcontractors that process, store or transmit Covered Defense Information (CDI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security requirements.
These tools, a combination of free online resources and affordable in-person consulting services with cybersecurity experts, are made available through the MEP National Network.
“Despite a Dec. 31, 2017, deadline to meet the new DoD information technology requirements, many small- and medium-sized DoD manufacturing contractors do not have the knowledge or resources to upgrade their information technology systems and are at risk of losing their contracts,” explained John Lloyd, chairman FME’s board. “For others, the inability to meet these new security guidelines greatly diminishes their competitive edge.”
FME is the educational foundation for the Manufacturing Extension Partnership (MEP) Centers, a public/private partnership program under the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce focused on assisting U.S. manufacturers.
Small manufacturers are often seen as an easy entry point into larger supply chains. The MEP National Network’s cybersecurity support program is also available to manufacturers operating in commercial supply chains who want to protect their information assets from the risks of cyber attacks and better manage their organizational risks.
“When we began supplying products to the DoD, we didn’t meet cybersecurity requirements for defense contractors and we risked losing a big portion of our business,” explained Mike Kelly, president of Calienté LLC, a supplier of thermal target systems to the U.S. military. “The Purdue MEP Center, part of the MEP National Network, connected us with cybersecurity experts who provided a detailed gap analysis of our protocols and procedures according to DoD requirements and created an action plan to ensure compliance as quickly as possible. We protected one quarter of our business revenue and averted operational losses in money and client goodwill that could have resulted from an information breach.”
In addition to consulting services and webinars, the MEP National Network offers the following online resources:
- “Cybersecurity Self-Assessment Handbook for Assessing DFARS Security Requirements.” This handbook provides a step-by-step guide to assessing a manufacturer’s information systems against the DFARS security requirements.
- Cybersecurity Self-Assessment Tool. This tool enables U.S. small manufacturers to self-evaluate the level of cyber risk to their businesses.
- The “Manufacturing Profile” of the Cybersecurity Framework. A roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices.
- “Information Security for Small Business: The Fundamentals.” A report with guidance on how small businesses can provide basic security for their information, systems, and networks. This publication also offers an overview of cybersecurity best practices.
Whether you are a manufacturer implementing a cybersecurity program or a DoD supplier looking to achieve compliance, local members of the MEP National Network are available to provide resources. To learn more, visit www.nist.gov/mep/mep-center-quick-list.