Cybersecurity. This buzzword is popping up all over the place right now — and with good reason. Cybercrime and espionage are big business: according to the Center for Strategic and International Studies, they account for $445 billion dollars lost annually across the global. 

While businesses and the public face some risk of being attacked by cybercrime, at far greater risk are the country’s manufacturers. Currently, there is an incredible wave of innovation and evolution sweeping the manufacturing industry, and it’s powered by technology and connectivity. These new developments bring tremendous competitive advantages, as well as new risks requiring a greater focus on information security. 

Government regulation is pushing many Michigan manufacturers to deal with their cybersecurity issues. All Department of Defense (DoD), General Services Administration (GSA), and NASA contractors must meet the Federal Acquisition Regulation (FAR) Minimum Cyber Security Standards by December 31st, 2017. Given the increasingly complex and interconnected industrial base, safeguarding manufacturing supply chains has become more important than ever. Alarmingly, this requirement has been poorly communicated by governmental agencies, and many manufacturers are left wondering whether they need to comply and what to do to get compliant. 

Failure to comply with these cybersecurity standards could have an enormous impact on manufacturers across the state. Consider the size and scope of defense-related business in Michigan:

• Total employment of nearly 100,000.

• Michigan’s Defense Sector produces $9 billion in products and services annually.

• Nearly $2.5 billion in defense-related prime contracts were performed in the state (2014).

• 70% of everything a soldier shoots, drives, flies, wears, eats, or communicates with has a Michigan contracted component.

If you’re like many other businesses, you may not know what is expected or even how to get started. Not to worry. MMTC-West has assembled a team of leading cybersecurity experts to help ensure compliance with the standards described in NIST Special Publication 800-171 (see the sidebar below for details).

MMTC’s comprehensive 4-step cybersecurity program will help you evaluate your current situation and tailor a plan specifically for your internal capabilities, budget, and time sensitivity. Here’s how it works:

1. DISCOVERY

The professional assessment of your company’s practices related to the new standard. If necessary, a gap analysis will be completed to document the scope to be remediated.

2. REMEDIATE TO MEET NEW STANDARD

Supports all necessary fixes to ensure compliance. This may include updates to firewalls, patches, policy development, employee training, physical security, network configuration, etc.

3. TEST AND VALIDATE

Verifies all technology and physical security aspects are working properly. A penetration test might be necessary.

4. MONITORING/REPORTING

Establishes ongoing monitoring and scanning of the required enterprise network. Creates a working process to log, remediate, and report (as required) cyberattacks. 

If you have, or are thinking about obtaining, a DoD, GSA, or NASA contract, connect with an MMTC-West business development specialist in your area to learn more. Contact us at mmtcwest@rightplace.org or (616) 301-6247.