New Cybersecurity Regulations may cost Manufacturers their Government Contracts

Manufacturers with government contracts have until December 31 to conform to new federal guidelines, issued by the U.S. Department of Defense, mandating suppliers adopt a variety of cybersecurity best practices, countermeasures, and reporting standards to continue to qualify for contracts.

The new mandates, covered in the standards described in NIST Special Publication 800-171, apply to contractors for the Department of Defense, National Aeronautics and Space Administration (NASA) and the General Services Administration. Many Michigan manufacturers have worked with federal agencies on classified projects; these regulations are meant to safeguard sensitive information in unclassified material, particularly as the threat of cybersecurity breaches grows.

The manufacturing industry has become the main target for cybercriminals over the years. The news, trade journals, and professional organizations such as the Michigan Manufacturers Association all have stressed the importance of manufacturers becoming aware of this growing threat.

• IBM released a study in 2016 titled, X-Force Research 2016 Cyber Security Intelligence Index, which found that the manufacturing sector was second only to healthcare as the most attacked industry in the country.

• The most recent Carbon Black Threat Report places the manufacturing industry at the top of the target lists for ransomware and malware.

• According to the Ponemom Institute, the average price for a small business to clean up after they have been hacked stands at $690,000; for mid-market companies, it is more than $1 million.

The Carbon Black Threat Report states that when considering the total amount of ransomware seen in 2016, manufacturing companies (16% of total ransomware instances), utility/energy companies (15.4% of all ransomware instances) and companies (12.6% of all ransomware instances) led the way.

The Carbon Black Threat Report also states that overall, malware continues to target every industry with manufacturing companies (21.8% of total malware), non-profit organizations (16.4% of total malware), and utility/energy companies (15.6% of total malware) leading the way in 2016.

YYTECH Can Help

Yeo & Yeo Technology, along with the Michigan Manufacturing Center (MMTC), has implemented a process to ensure manufacturers meet the necessary qualifications of NIST Special Publication 800-171.

We begin the process with an exploratory call between YYTECH, your team, and MMTC. This is done to acquire technical info on your network, firewall, etc. to assess your company’s practices related to the new standards.

Once this discovery call is complete, YYTECH and the MMTC will provide your company with a list of necessary fixes to assure compliance. This is where the work gets done. New standards may include updates to your network, policies, firewalls and employee training. Once we test and validate that all security aspects are up-to-date, we can establish ongoing support, motoring and reporting to ensure standards continue are met and your data is secure.

Contact your YYTECH Account Executive to learn more about this program and how YYTECH can get you on track before December 31!