Supply chain resilience is capturing headlines as companies face challenges ranging from a lack of shipping containers to a shortage of rubber, lumber, ketchup packets, and computer chips. For small-to-medium manufacturers who are struggling with these disruptions, cybersecurity might not seem like a top priority. However, there is a relationship between supply chain resilience and your cyber defenses. By following some best practices, you can strengthen your competitiveness – especially if you’re part of the defense supply chain.
Identify Attack Surfaces and Weaknesses
Manufacturers of all sizes are facing growing pressure to cut costs and raise productivity. This is leading to increased rates of automation, digitization, and integration. These technologies provide important benefits, but the same connected machines, processes, and monitoring systems that improve efficiency also increase cyber risk. That’s especially true if supply chain partners like material suppliers and independent contractors can access your networks and other information technology (IT) infrastructure.
Examine your attack surfaces to identify vulnerabilities so that you can protect critical systems. The areas to consider include:
- operational technology (OT)
- industrial control systems (ICS)
- supervisory control and data acquisition (SCADA)
- programmable logic controllers (PLC)
- industrial Internet of things (IIoT) devices
- hardware and software suppliers
By identifying your weaknesses, you’ll know where to shore up your defenses.
Define Best Practices and Pursue Compliance
Different types of manufacturers need to meet different security requirements. This can create confusion, but there is a generally recognized best practice when it comes to cybersecurity. NIST SP 800-171, a special publication from the National Institute of Standard and Technology (NIST), contains guidelines for protecting unclassified but confidential information. Members of the defense supply chain need to comply with NIST SP 800-171 and begin thinking about Cybersecurity Maturity Model Certification (CMMC).
NIST SP 800-171 isn’t limited to a single industry, but members of the defense industrial base (DIB) need to take specific steps if they want to continue doing business with the U.S. Department of Defense (DoD). It doesn’t matter whether you’re a Tier 1 supplier or a Mom and Pop machine shop. Companies that fail to meet NIST 800-171 requirements risk losing existing defense contracts and the ability to respond to requests for quote (RFQs). In other words, it doesn’t pay to be a weak link in the defense supply chain.
Get Help from NYMEP
The New York Manufacturing Extension Partnership (MEP) is providing access to experts who can help small-to-medium manufacturers identify cybersecurity issues through hands-on exercises. Join NYMEP and its partners on April 21, 2021 for a Cybersecurity Self-Assessment Workshop. Our experts will cover NIST SP 800-171 and the Supplier Performance Risk System (SPRS) so that you can determine your SPRS score and submit it to the DoD for contract opportunities.
If you’re part of the defense supply chain, register now.