Performing a cybersecurity assessment is a lot like a test drive. You need to know what you have and if there are things you need to fix. It helps if you know a good mechanic or, in this case, a cybersecurity expert. You can find out if you need to make repairs and, if so, how to make the right ones. By performing a hands-on assessment, you can avoid bigger problems down the road.
Transcript:
Steve Melito: Hey, welcome to New York State Manufacturing Now, the podcast powered by FuzeHub. My name is Steve Melito, I’ll be your host. And today we are here with Cory Albrecht, the Director of the Advanced Institute for Manufacturing, AIM, at Mohawk Valley Community College. We’re also with Everton Henriques, the New York MEP Solutions Director at FuzeHub. Welcome.
Cory Albrecht: Thank you, Steve.
Everton Henriques: Thank you, Steve.
Steve Melito: All right, Everton, let’s start with you. So, you have been fired up about this cybersecurity program for a long time. What’s got you going? What’s so important about this?
Everton Henriques: Well, Steve, what’s been bugging me is that for some time now we’ve been hearing about folks, business being hacked and that sort of stuff, and then finally, you think of things like what happened in Atlanta. Then you fast forward to the solar winds project, and just recently the pipelines, and you think about all of that and you’re saying, ” Our very life is being disrupted by bad actors here.” And for me, I’ll tell you what brought it even closer in the last week. As you know, I was on vacation in Aruba. Well, I had preregistered for this thing and I got there and all my registration is gone, because guess what? The parent company for that I say that was hacked and we had to register all by paper. I mean, a lot of money and a lot of time, and I quite frankly was very upset by it. So, I can tell you that this is really a major issue that’s out there. Now, fast forward to here right now, where we’re talking about New York State. FuzeHub is an economic development agency, and so is I would say AIM, even though they’re a more technical organization. And the fact is that we’re offering assistance to companies for cybersecurity. Why are we doing this? We don’t want this to happen to New York State manufacturers. I mean, the vibrancy of our state and our economic strength is based on being able to function, and so our companies need to be able to get DOD contracts and to be able to perform well. And so what we need to do is to get them to realize that cybersecurity is very important. They have to take care of their cyber hygiene. And so what do they do about that? Well, I know it’s complicated, but we want to go out and help them and so what we’re doing here is that, based on the grants that New York State has acquired and the DOD grants, is to bring this to the attention of the manufacturers and said, ” Here, we’re going to help you. We’re going to hold your hand, we’re going to have workshops, we’re going to have webinars, we’re going to have everything that we can give you as tools to help you be aware of how you can comply. And if you do the self- assessments that we’re training you to do here, you’ll be able to see your vulnerabilities and you can fix those vulnerabilities, and if you do so, guess what? You’re going to comply with something called CMMC, which is here to stay, and you’re not going to have the sort of problems that we’re experiencing today.” Now, granted, things are changing, so you’re going to have to be aware of the changes, but I think that education and those hands- on things that we’re offering to you is going to make a difference, and that’s going to keep New York companies being able to get contracts and keep the vibrancy of the state going. And so I’m really, really truly fired up about this, because I think as a state we want to be a leader in this, and I think we are. And so we’re putting a lot of effort working together to do this through the MEP system. So, that’s why I’m fired up, Steve.
Steve Melito: Let me ask you a follow- up question. Who does this apply to? Is it just the Lockheed Martins of the world and the big tier ones? What if I just make a screw or a bolt or a gasket that goes on an aircraft or a land vehicle? Does this matter to me?
Everton Henriques: It matters to everybody, Steve, because you know what? The bad actors, they’re aware that the large companies can take care of themselves from a cyber hygiene standpoint, but the little guys don’t have the money or the resources to do that, or even don’t understand it. So what do they do? They can get in and invade the system for the little guy, sit there and wait and then actually use that as a pathway into the larger guy. And an example that was given was the landscaper. Who cares about the landscaper anyway? Well, the landscaper who got the drawings for a secured facility for DOD to quote in a job, and he leaves that carelessly, a bad actor can get that. And guess what? He’s now got a picture of the entire place and he can get in if he wants to. So, everybody. If you make a screw, if you even talk to a baby who talks to someone who’s involved with applying to the DOD or to any other company, there’s a vulnerability. So, we’ve got to be cyber conscious. When we wake up every morning, let’s try to get it there as part of ourselves and said, ” Hey, let’s think secure,” because that’s what’s going to make New York strong and make America strong and make us be competitive against those guys. Because believe me, they’re trying to get us in every way they can. So, all of you, I don’t care what you do, how small it is, if you don’t think it’s important, stop for a minute and say, ” Hey, if it’s not important, why am I doing it?” It’s important because it’s your livelihood, and if it’s your livelihood, then it could be taken away by bad actors. So, that’s why I’m fired up, Steve. Everybody should be thinking about this.
Steve Melito: Well, that makes sense. The bad guys are patient, and fortunately we’ve got one of the good guys with us and he’s been waiting patiently. Cory Albrecht from AIM, I’ve got a question for you about an event that’s coming up July 15th. It’s yet another cybersecurity event and it’s virtual. So, what makes this unique?
Cory Albrecht: Okay, Steve, thanks for having me here, and Everton, hopefully we can help in the future. So, I’m glad that you will be at the July 15th event, because it sounds like your hospitality crew on your vacation could use some of our assistance too. We’ll certainly be there to help. Steve, you’re right, we do have a Cybersecurity Self- Assessment Workshop. It’s on Thursday, July 15th. It’s next in the final event and workshop that we’re having as part of the New York State Cybersecurity Assistance Fund. In my eyes, Steve, it’s unique for a few different reasons. Number one, I believe we’re the first in the state of New York to offer this type of hands- on personalized train the trainer, which we’re going to have on July 15th. And what I mean by that is we are going to have experts, and these are cybersecurity experts not only within our grant, within our MEP center and our academic institution, but we’re having cybersecurity experts through the partnerships that we have across the entire state of New York. So, on July 15th, they will be leading small to mid- size DOD contractors through all 14 parts and families of the NIST SP 800-171, as well as assisting these organizations with the hands- on help and how to calculate what is their SPRS scores as well. This is going to be a fantastic opportunity, and like I was saying, I really do feel it’s unique because right now I do feel like we were the first ones or a group of a very few to offer this train the trainer model like this in the state of New York. Also, Steve, there’s no cost for this. As Everton alluded to, this is a grant program paid for by the State of New York through the New York State Cybersecurity Assistance Fund and administered through Mohawk Valley Community College and FuzeHub. It does have a $12, 000 value, and it’s completely paid for by the State of New York through this program. And the companies and all the attendees will really learn how to go through the 800- 171 on their own. It was originally designed back in 2017, Steve, as a self- assessment tool, so this should ultimately be done personally by the internal managers that are managing cybersecurity for a small to a mid- size DOD contractor and then my friend Everton also mentioned vulnerabilities too. We have a speaker lineup, and I’ll get to it a little bit later hopefully, but we have a speaker lineup that will touch on what those vulnerabilities might be. So, attendees will be well educated and aware as far as what is this, why it is in high demand right now, and why is it so very important and critical to the manufacturers, especially the small manufacturers in the state of New York. Because of that, it’s unique. We’re more than excited to have everybody join us from 9:00 to 1:00 on the 15th of July.
Steve Melito: All right. So, you’ve convinced me this is worth attending for sure. So, how does a company register for the Self- Assessment Workshop, again, that’s happening on July 15th?
Cory Albrecht: Okay. There’s actually a few different ways, Steve, I’m going to give the easy ones first. So, hopefully everybody listening or tuning into this broadcast is familiar with the New York MEP Network and FuzeHub. You can always go to fuzehub. com, and that’s F- U- Z- E- H- U- B. com, and you can register under the Events tab. Second to that, you can go to newyorkmep.org, and that’s spelled New York M- E- P. org, and there’s a Cyber Security tab there. And then finally, Steve, we have 11 MEP centers making up the New York MEP Network here in the state of New York. We have offices from Long Island to Buffalo and everywheres in between. So, regardless of what region or what part of the state you are in here in New York, you have a regional MEP center. And if you can’t remember FuzeHub or newyorkmep. org, please, please reach out to your regional MEP center, express to them that you would like to register for the cybersecurity event on July 15th, and they will surely know how to get you into contact with the right people.
Steve Melito: All right, for sure. And so, hey, just one more time, just in case anybody missed it or they zoned out, or for whatever reason. Everybody’s time is valuable, tell us again what’s in it for the attendees? Why should they come to this event on July 15th?
Cory Albrecht: That’s a good question, Steve. I think it’s so very important. The first thing that comes to mind is DFARS compliance. There is a DFARS requirement, which Everton spoke about as well, where they have to comply with the DFARS regulation. If you want to retain and keep your DOD contracts that you currently have, if you’re in the supply chain anywheres, as you said, Steve, if you’re making nuts and bolts for an airplane, you have to meet the requirements of DFARS. If you want to bid on anything new into the future, you have to meet the requirements of DFARS. So, first and foremost, if you spend four hours with us, we will get you well on your way to meeting the DFARS requirement. Also, I would say training and knowledge as far as what’s taking place in the world today. Personalized knowledge, train the trainer type of modeling of how to perform the assessment on your own and a in- depth understanding of what those vulnerabilities might be. And then I would feel remiss if I did not mention what I feel is a absolutely fantastic speaker lineup. We have a Jake Mihevc who’s going to be a speaker. He’s a Dean of STEM and one of our cybersecurity leaders, not only at Mohawk Valley Community College, but he’s a leader in that space nationally as well. We have Paul LaPorte, who works for my group, Steve, the Advanced Institute for Manufacturing. Arguably, Paul has more hands- on experience with the small to mid- size DOD manufacturers in the state of New York from a cybersecurity assessment standpoint than any other expert in the entire state of New York. We have the PTAC Centers will be represented with Manny Doyle. And then last as a speaker, Steve, and certainly not least, will be Justin Pelletier from RIT and the RIT Global Cybersecurity Institute. So, if I had to be sold on this, and if you’re coming at me with the New York MEP Network and the grant that we have, MVCC, AIM, PTAC, and the Rochester Institute of Technology, that’s a lineup which I feel can’t be beat. And we would love to have everybody sign up and register for the no- cost Virtual Self- Assessment Workshop and presentation from 9:00 to 1: 00 on July 15th.
Steve Melito: And I believe it’s going to be time well spent. Cory Albrecht from AIM, thank you, Everton Henriques from FuzeHub, thank you. We’re all looking forward to this event that’s coming up. It’s the Cybersecurity Self- Assessment Workshop, again, July 15th. You can go and look for the registration link on newyorkmep. org, or this podcast, as you’re listening to it, probably got your attention because it came through email or a blog entry, well, we’re going to be very helpful and include a link in there. So, look for that link to sign up. It’ll be easy, it’ll be worth your time. So again, everybody, thank you for listening to New York State Manufacturing Now. This is your host, Steve Melito, signing off.