Radical Automation: Radwell International's Blog

Cybersecurity Compliance for Manufacturers

Written by Shannon Feeley | Jan 26, 2023 8:41:08 PM

Cybersecurity compliance is important for manufacturers. In today’s connected world, there are so many things that can negatively affect manufacturing operations when cybersecurity is not taken seriously. When manufacturers produce work in certain settings or for certain organizations, they are required to meet certain standards for cybersecurity compliance. What can manufacturers do to insure they meet the proper criteria no matter what? In a recent chat for USA Manufacturing Hour on Twitter, host Gina Tabasso from MAGNET in Ohio led a discussion about cybersecurity compliance for manufacturers.

 

In-Person and Outsourced IT Service

The chat began with participants sharing if they have an IT department or cybersecurity person in-house, or if they outsource IT services.

Julie Basello from Radwell International said, “We have an extensive in-house department that handles support, installation and development. They are awesome.”

To which Ruby Rusine and the Social Success Marketing team replied, “Whoa! This is cool!”

Dave Meyer from BizzyWeb said, “We're in-house and have an on-staff pro that keeps us all out of trouble. It's like herding cats”

Adam Baker from Schooley Mitchell said, “Most of our work is done in house with some specialty work farmed out to an IT firm.”

John Buglino from Optessa Inc in New Jersey said said, “In-house team that handles this for us.

Dan Bigger from Optessa Inc in New Jersey said, added, “What John Buglino said”

Janice McKee from Burger & Brown Engineering, Inc said, “We used to have a contractor but ended up busy enough to need someone in house”

Kelley Plats from NACL said, “We do our best to troubleshoot, but definitely rely on the expertise of an outsourced IT partner.”

Rusine said, “We have an in-house IT staff, an outsourced help desk support service, and subcontractors who partner with us to support our clients.”

Missy Moorefield from Southern Fasteners & Supply said, “A combo. Mainly it's in-house, but do outsource as needed.”

To which host Tabasso replied, “Seems like this is everyone's model so far!”

Baker said, “Most of our work is done in house with some specialty work farmed out to an IT firm.”

Katie McDermith, The Manufacturing Hype Girl, said, “Fun Fact- I am also IT support at @MfrsNews - we handle our things in house and our CTO takes care of all our information very well!”

Emily Kite from Obsidian Manufacturing said, “We don't have someone in house but we have a company that is outsources that helps us with any IT needs. We also have an email cyber security company we use.”

Host Tabasso said, “We have an in-house IT staff, an outsourced help desk support service, and subcontractors who partner with us to support our clients.”

 

DoD and CMMC

We encounter tons of acronyms every day! Next participants were asked, without looking on Google or asking your phone or Siri, what they think DoD and CMMC mean.

Rusine said, “I know DoD- which is the Department of Defense. I'm pretty sure CMMC has something to do with 'cyber'.”

Host Tabasso replied, “GREAT job!! You are on it.”

Kite said, “I have no clue without google.”

Brett from FreightPOP said, “Department of Defense? Defense on Demand? CMMC... no idea!”

Buglino said, “Nope, not a clue –“

Moorefield said, “Im going with Dept of Defense, but don't have a clue about CMMC.”

Meyer said, “Department of Defense, and (pulls randomly from thin air) Cats, Mice, Microchips and Crustaceans?”

Kirsten Austin from DCSC Inc. said, “I have no clue.”

Bigger said, “Dod is Department of Defense and is very big on cyber security if you work with them. The other No Idea”

Nigel Packer from PelaTis Online in the UK said, “I have seen DoD on a number of news articles but the CMMC is one I am not aware of. We have GCHQ, MI5/6, NCSC and GDPR. Cameras on every corner, online activities monitored. If I stop answering questions then I've had "a knock on the door".”

Host Tabasso said, “DoD = Department of Defense. CMMC (Cybersecurity Maturity Model Certification) is a system of compliance levels that helps the DoD determine whether an organization has the security necessary to work with controlled/vulnerable data.”

 

Compliance Date for Certification

Manufacturers who are suppliers to the DoD are required to get certified and come into compliance by a certain date. Host Tabasso asked participants if they knew what the compliance date is.

Meyer said, “Before Arnold comes back?”

Host, Tabasso replied “I love this group soo sooo much."

Bigger said, “I'm guessing a year, but that is a guess, best guess”

To which Tabasso replied, “Um, you are not off. Speculation is actually spot on. Moving targets and all that.”

Bigger responded back with, “So, I'm right or close?”

Buglino said, “Before supplying any goods/services on behalf of the DoD?”

To which Tabasso replied, “Not that soon, luckily, or everyone would be out of business.”

Rusine replied, “No clue. So, we're waiting this out.”

McKee said, “Seems like it should be now? Is there a deadline or target date for this?”

Host Tabasso replied, “Yepper. The answer's coming! But the DoD is kind of moving the dates like Google did with 3rd party cookies. It's coming. Wait. Comply. Wait. Guess when. Wait. LOL”

Austin said, “Not sure”

McDermith said, “long before they do business with the Gov't?”

To which, host, Tabasso replied, “They are already doing business. CMMC is something new due to all the hacking and trying to keep manufacturing safe and secure and running without things going down or IP being stolen.”

Baker said, “based on my experience working with the gov't, suppliers to the DoD are required to get certified "like yesterday" and the federal government will validate sometime in 2035. I don't know the real answer for this one!”

Host Tabasso responded with, “You are good!”

Host Tabasso said, “The estimate is May 2023! And it isn’t an overnight process. Companies need to get started well ahead of the deadline. People are delaying and putting it off because it is not yet a definite date. A ruling is expected by March 2023 and audits are not expected until 2026.”

 

Who is a DoD Supplier?

The chat continued with participants sharing, if they are a DoD supplier, whether they have started the compliance process. If they are not DoD suppliers, do they have cybersecurity measures in place so their website, data, and operations do not get hacked or taken down? Participants shared their thoughts.

Bigger said, “I have no idea, talk to my boss. John?”

Buglino said, “We have measures in place + are paying attention as we can be put into this mix with our current pipeline... crazy times”

Kite said, “These are all good questions. I will have to ask our President about this more!”

Rusine said, “We're not in that field. But we're aware and paying attention.”

Packer said, “I have a client who supplies certain UKGov services. I try to avoid those areas of their business. We have systems in place for our needs.”

Meyer said, “We're not a Department of Dragons supplier, but we do have a bundle of measures in place. Security is also one of the big reasons we're migrating away from WordPress for website development - always a new hack on a plugin or software add-on to deal with”

Host, Tabasso responded with, “Wow, really? The developers I know all are moving toward WordPress and have no issues. What are you using instead?”

Meyer then replied back with, “If they're not having issues they're not managing enough sites LOL. We hosted 240+ websites on WP, and are transitioning all our clients over to HubSpot CMS. I was a dedicated WP fanboy for years, but hackers keep getting craftier.”

Moorefield said, “I know we've got some things in place but (from what little I understand) I don't think we're as far along as we should be. I leave this wizardry to my IT folks and the higher-ups.”

Packer said, “I have a client who supplies certain UKGov services. I try to avoid those areas of their business. We have systems in place for our needs.”

Host Tabasso said, “Cybercrime is at an all-time high. In Q3 2022, it is estimated that 15 million data records were exposed, an increase of 37% over the prior quarter. There were more than 4,100 publicly disclosed data breaches in 2022, equating to 22 billion records exposed at a cost of $4.35 million per data breach.”

Bigger added, “It's going to keep getting worse. Imagine if these people did this only for good Food for thought”

Rusine said, “Cybercrime is one of the biggest threats to our economy and safety, and it's only getting worse.”

Then added, “These are staggering numbers and very costly.”

Moorefield said, “Ugh! Those numbers are horrible. It's scary because safety measures are implemented but the hackers immediately figure out ways”

Brett said, “These numbers are scary! Extra security measures are key, whether its for business or personal reasons!”

Kite said, “That is terrifying..."

 

CMMC Compliance Meaning

Next the chat turned to what CMMC compliance means for manufacturers and how supply chain security can be improved. Participants were asked what they felt the main types of cyber attacks are that their respective businesses need to anticipate. Participants shared their perspectives.

Bigger said, “I assume if you are in the supply chain of any mfg company that supplies the Dod, you have to comply or get out.”

Buglino said, Get documentation related to your suppliers security measures - know if/how they protect themselves + customers + you as the partner. Biggest risks are with your own employees! Have policies, trainings, and documentation in place to safeguard your own company.”

Packer responded to Buglino with, “You are right there John. The more you employ the harder it becomes to control. I have some interesting IP breaches that were done by employees’ enthusiasm to tell their friends online.”

Host Tabasso said, “There are great blogs linked here that can provide more information as to the impact of cyber attacks on manufacturers, whether a DoD supplier or not.”

Helpful Resources: https://www.manufacturingsuccess.org/growth-services/cybersecurity

 

 

********

About #USAMfgHour

Anyone who champions U.S. manufacturing can join in on a new conversation each week on Twitter using the hashtag #USAMfgHour. The chat starts at 11 a.m. Pacific Standard Time/2 p.m. Eastern. Share positive blog posts, helpful articles, news, important information, accomplishments, events, and more with other manufacturers and supporters from throughout the country.

Are you interested in hosting a #USAMfgHour chat? Contact organizers @DanBiggerUsaMfg, @DCSCinc, @SocialSMktg and @Radwell_Intl

 

 

Learn more about how Radwell can assist your manufacturing operation