Think Tank
Think Tank RSS FeedRSS

How Government and Defense Contractors Can Reduce Cyber Risk

Cyber Risk

A hand types on a computer keyboard. Photo: Pexels.

April 29, 2020
Scott Sawyer, SCB Contributor

In the midst of a global crisis, the manufacturing industry remains a critical part of U.S. infrastructure, particularly when it comes to defense.

The national defense program relies on job shops to make essential parts, and job shops in turn depend on government contracts to fuel their small businesses. As supply chains become more vulnerable and uncertain, it will be critical that job shops find ways to become more resilient, reliable and secure.

Government contracts come with high stakes for job shops, especially when with regard to cybersecurity. Despite housing highly sensitive manufacturing data, most job shops today are behind with their cybersecurity infrastructure. They still use on-premises systems, outdated versions of Microsoft Windows and Excel, and large file servers. In many cases, everyone on the network can access any file via a shared drive — including cybercriminals that hack the shop.

Many small job shops assume they won’t be a target for cybercriminals, but in reality, hackers are more likely to steal sensitive data if they believe the shops are less protected than the internal networks of state-of-the-art military vendors. Oftentimes, hackers are interested in stealing financial information or using the shops’ networks for phishing tactics to mine valuable information. Deploying phishing emails, hackers can exploit a weakness on the server and execute attacks throughout unprotected systems.

While this type of breach would be detrimental to any job shop, in terms of cost, reputation and trust, it can be even more severe with defense contracts. If a job-shop employee falls prey to a phishing tactic, and malware spreads throughout a shop’s e-mail contacts to reach government employees, information could be compromised within the hour. Job shops must understand that the chances of this type of breach happening aren’t slim; according to a Deloitte survey of manufacturing cyber-risk executives, four of the top 10 threats involve behavior by employees.

To ensure that defense customers are protected, especially in today’s climate, job shops need a modern cybersecurity strategy. Following are some top best practices for ensuring job-shop security and financial wellness.

Share Customer Data Safely

While many job shops have policies for how data needs to be secured within their own networks, those policies rarely govern how data is transferred to vendors, such as the sharing of computer-assisted design (CAD) files. This gray area puts job shops at risk. Every supplier, partner and material distributor must also comply with cybersecurity standards, which requires updating the way they share customer information. Any data sent over e-mail must be encrypted. Otherwise, when auditors come knocking, job shops could find themselves in a breach of contract.

Job shops can deploy collaboration tools to securely share files with third parties, ensuring that data is encrypted both in transit and at rest. Sharing access expires, so it’s not available to third parties indefinitely, and with cloud-based viewer technology, users don’t have to download files. This method not only reduces risk, but it’s also a cost-effective way to enhance cybersecurity.

Adhere to Federal Guidelines

Job shops doing defense work must focus compliance efforts on both physical parts and technical data. Specifically, they must look to the International Traffic in Arms Regulations (ITAR) and export controls, covering both the parts being shipped overseas and the technical data being disclosed to non-U.S. citizens. While manufacturing-specific cybersecurity standards such as NIST SP800-171B and ITAR are not enforced by the law, they are specified in defense contracts. When government contractors are evaluating quotes, they can (and should) consider a job shop’s cybersecurity compliance as a factor. Some will even request documentation. Government contractors are under their own pressure to ensure their supply chains are compliant, so all supply chains must prepare to be audited. That is why, with the possibility of criminal or civil fines, many manufacturers make significant investments in I.T. consultants, system modernizations and state funding to reach compliance.

Cybersecurity is and will continue to be an essential element in winning and keeping government contracts. Cyberattacks, data breaches and malware only promise to increase, as do risk, vulnerability and uncertainty. Job shops must protect themselves and their customers to succeed in the market, and help support U.S. manufacturing and defense industries.

Scott Sawyer is chief technology officer and co-founder of Paperless Parts.

Regulation & Compliance Sourcing/Procurement/SRM Supply Chain Security & Risk Mgmt Aerospace & Defense

RELATED CONTENT

RELATED VIDEOS

Popular Stories

Digital Edition

Cover nov 24 scb q4 2024

Supply Chain Innovation 2024: A Formula for Thriving in the Age of Disruption

VIEW THE LATEST ISSUE

Case Studies

Visit Our Sponsors

AutoStore Beumer Group Brightdrop
CHEP Cleo Coenterprise
Comarch Commport Cycle Labs
Dassault Descartes Enveyo
Eva Air Exiger ForwardX Robotics
Frayt Generix Georgetown University
GEP Holman Logistics iGPS
Integrity Staffing JLL Kinaxis
Korber LoadSmart Lucas Systems
Manhattan Associates Netstock OWD
Old Dominion Ortec PartnerLinQ (Visionet)
Plante Moran Quickbase RapidRatings
Rockwell Automation SAP S&P Global Mobility
TADA Tecsys Zebra Technologies