Request Demo

Manufacturing, DFARS

Cybersecurity Manufacturing At MassMEP


On Thursday, September 26, the Massachusetts manufacturing community gathered in Worcester for the MassMEP Future of Manufacturing Symposium. From keynotes and breakout sessions, emerging technologies and processes captured the imagination and solidified the notion that it is an exciting time for American manufacturing. With the rapid pace of change and innovation comes new threats facing the industry, chief among them securing manufacturing organizations from cyberattack.

For many in the audience, cybersecurity was not top of mind. Cyber attacks are threats to the banking industry and financial services - like the quote says ‘why do you rob a bank? Because that’s where the money is.’ Well no longer. Manufacturing is now the most targeted industry for cyber attacks.

Unlike the banking, healthcare, and retail industries that has been managing and mitigating cyber threats for years, manufacturing is a relatively new target for cybercriminals. With the rise of the internet of things (IoT) and operational technology (OT) and the lack of standardization of cyber programs (50% of manufacturing executives lack confidence their protected), manufacturing is now the lowest hanging fruit for cyberattacks (39% of companies experienced a breach in 2016).

The DFARS mandate catalyzed cyber adoption and for many it was the first standardization practice. As clauses about cybersecurity began to appear in government contracting clauses, companies like Silverside Detectors were strapped to ensure that they were compliant. Many Massachusetts manufacturing teams were lacking the resources to dedicate a team to compliance or hire an outside contractor and were paralyzed by the seemingly insurmountable task of reaching compliance by the December 31st deadline. Until that point, many teams did not think of cybersecurity as a priority.

As Larry Wilson, CISO at UMass said, though, “starting a scalable cyber program early and proactively ensures that you’re protecting for scalable growth”. As a member of MassMEP, Silverside was connected to CyberSaint and the CyberStrong platform. With a limited team, CyberSaint streamlined and supplemented Silverside’s existing team to empower them with the knowledge and action plan to become DFARS compliant.

For many manufacturing organizations, a cyber program can go through sprints of rapid progress and longer periods of stagnation. The first motivation for the industry being DFARS compliant or risk losing business. Although, a proactive team (even at a company not yet big enough to have an appointed CISO) can take steps to build a foundation before their contracts are at risk - recommended best practices say start with the SANS Top 20 or CyberSaint’s NIST PowerControls (a collection of most impactful NIST Controls from the Cybersecurity Framework).

In speaking about these best practices CyberSaint CEO George Wrenn, a panelist at the event, said “These controls will require work to validate and secure. However, once you have and handle on these you and your organization will be in a strong position to scale and they will give you the ability to tailor your approach to any new regulations that emerge in the coming years.” Speaking to the future of cybersecurity in the manufacturing industry and beyond, the panel agreed that mandated standards across the industry will continue to emerge.

The panel discussion concluded with a call to action for the industry: manufacturing will only remain the primary target for cyberattacks for as long as organizations allow it. With a proactive approach, reaching beyond regulation and mandates, the industry and collectively become more secure.

If you are a Massachusetts manufacturer and want to secure your organization from cyber attack, contact Tom Andrellos at the MassMEP and take advantage of the CyberStrong platform through the MassMEP CyberSaint Partnership Program.




You may also like

Why GRC Needs IRM
on February 15, 2019

Today, every organization strives to optimize the speed with which they access information. Data is being stored, processed, transmitted and utilized in almost every day-to-day ...

Alison Furneaux
Government Shutdown Cybersecurity ...
on February 12, 2019

In January, CyberSaint CEO George Wrenn penned his thoughts on the impact of the government shutdown. In his post, George foresaw the outcome of the shutdown not being a future ...

The Cybersecurity Skills Gap: The ...
on February 7, 2019

The cybersecurity skills gap is nothing new to the seasoned cyber professional. It has been widely discussed in cyber and information security circles for some time. The main flag ...

George Wrenn
The Post-Digitization CISO
on February 5, 2019

Information leaders in digital businesses, whether focusing on optimization or a full transformation, are inherently altering their position among the executive leadership. As ...

Integrated Risk Management and ...
on January 31, 2019

With technology permeating every aspect of a business, one begins to wonder what technology is reserved for digital risk management rather than the other facets of integrated risk ...

Department of Defense Launches ...
on January 29, 2019

The Defense Federal Acquisition Regulation Supplement (DFARS) mandate, specifically Clause 252.204-7012 requiring all members of the Department of Defense’s supply chain to comply ...