If you follow the headlines, you’re likely familiar with recent news about major cybersecurity breaches worldwide. The security breach experienced is a wake-up call to the business community, manufacturers included. In the U.S., breaches continue to affect networks of the U.S. Treasury, Commerce, State, Energy, Justice, Homeland Security Departments and private businesses. These networks were not directly attacked as we would think. According to reports, hackers gained access into their networks by utilizing a weakness in their supply chain. As the U.S. Department of Defense is rolling out the Cybersecurity Maturity Model Certification (CMMC), this breach should show us that everyone throughout the Defense Industrial Base, no matter where they lay in the supply chain, could be affected. The attackers do not just target the large prime contractors. Even small manufacturers need to realize that they are often the primary targets to gain access into larger systems.
This major cyber attack affected companies even though they were doing everything according to cybersecurity best practices. The hackers specifically targeted the software code used in network management as the entry point to get into their targeted systems. Even though it would have been extremely difficult to determine if you were part of the breach, once it’s identified, having an Incident Response Plan is a key best practice for the manufacturer to be able to mitigate its effects.
Defense contracting is a major business opportunity across Florida. With more than $16.5 billion annually in directly-contracted Defense procurement across the state, and more than $95 billion in total annual economic impact from the military and defense presence in our state, supporting our Defense objectives is critical to Florida’s economic health as well as our national security. With the DoD ramping up its focus on cybersecurity for its supply chain, manufacturers and defense contractors of all types will need to take specific steps to protect their networks if they want to continue doing business with the DoD.
Participating in the Florida Defense Cybersecurity Training Program could be an important first step to start that process. The program was developed by the Florida Department of Economic Opportunity in partnership with FloridaMakes and the U.S. Department of Defense Office of Local Defense Community Cooperation as a series of educational and engagement events and training modules for companies within Florida’s defense industrial base and to provide Cyber Physical Security (CPS) assessments for small and medium-sized manufacturers in the defense supply chain. The next educational and awareness event is Feb 9-10, 2021.
Small to medium-sized manufacturers are required to meet a specific level of compliance to continue to do business with the DoD. The events in this Training Program discuss what it means to be “compliant” with DoD mandated standards and take an in-depth look at DFARS 252.204-7012, -7019, -7020 and -7021, NIST Special Publication 800-171 R1, and new CMMC Assessment Guides. Part of those Guides includes having an Incident Response Plan and knowing how to report a breach.
Even though major U.S. government institutions were affected, experts are taking a closer look at the source of the breach – a smaller company in their supply chain. It’s imperative that in Florida, the manufacturing community take the lead in the discussions and the exchange of ideas that will help protect Florida’s manufacturing sector from security breaches.
Learn what you need to do to protect your company from being the weakest link in the supply chain by registering at upcoming boot camps through our ongoing Florida Defense Cybersecurity Training Program. To view upcoming events, visit www.fl-cyber.com.
Article written by: Daniel Krug, a FloridaMakes Business Advisor working with the Northwest Florida manufacturing community and lead on cybersecurity projects statewide. He is active with the Northwest Florida Manufacturers Council (NWFMC) and The Technology Coast Manufacturers and Engineering Network (TeCMEN). Daniel is also a 22 ½ year-veteran of the U.S. Air Force and recently worked as an instructor for the University of West Florida’s Information Technology Academy. Contact Daniel at email@example.com.