For manufacturers that work with the Department of Defense, compliance requirements include following Defense Federal Acquisition Regulation Supplement cybersecurity rules, such as the highly anticipated “cybersecurity maturity model certification.”
The basics: CMMC is the U.S. Defense Department’s proposed method for checking that their suppliers have sufficient cybersecurity protections to safeguard the Department’s information.
The big picture: All manufacturers should secure their businesses against cyberattacks, whether they’re obligated to do so or not. According to the National Institute of Standards and Technology Manufacturing Extension Partnership Cybersecurity Services Lead Celia Paulsen, one of the most important—and most often neglected—steps manufacturers can take is simply to understand the structure and information flow within their own companies.
- “A lot of companies don’t know how information flows in their companies and how their companies work,” said Paulsen. “Once you have that information, you’ll be able to scope out the rest of the compliance efforts.”
- “In some cases, you might find that all of your controlled information can be limited to one computer. If so, great! Keep it separate and you won’t need to worry as much about the rest of the business,” she added.
All aspects of the business, from physical structures to software, should be considered when thinking about security. According to Paulsen, looking at your business from the outside-in can turn up problems that are easily fixed.
- “Think of it as if you were looking to protect your house,” said Paulsen. “Begin by looking at the business physically – are there locks on the doors and windows? Do you have backup power?”
NAM resources: Are you prepared in the event of a ransomware attack? Built specifically for manufacturers, NAM Cyber Cover was designed to provide risk mitigation and protection. Find out more at www.namcybercover.com.
Read the full story here.