Cyber Attacks Can be Devastating to Small Manufacturers
The risks are enormous and potentially devastating! 55% of small and mid-sized businesses have experienced a data breach or cyberattack. 43% of spear-phishing attacks are targeted at small businesses. 60% of impacted businesses are left severely impacted.
As a result of increased concerns about cyber-attacks, manufacturers with contracts from the Department of Defense (DoD), General Services Administration (GSA) or NASA must be compliant with defined cybersecurity requirements to protect Controlled Unclassified Information per NIST SP 800-171 or risk losing contracts. Small manufacturers in other supply chains such as automotive, medical, and energy can also expect cybersecurity contract requirements.
Companies should not wait for customer-imposed requirements to identify IT security vulnerabilities and protect their businesses. All manufacturers should take positive steps now to implement and maintain appropriate IT security controls, and know what to do if a breach does occur.
VMEC can provide resources and assistance to help manufacturers take action to protect their business. These include:
- 2 page document on Cybersecurity
- Access to NIST Manufacturing Extension Partnership and MEP National Network cybersecurity experts.
- Professional Services for Assessment, remediation, and security monitoring with local and national cybersecurity experts and service providers.
- Connection to State of Vermont partner resources such as the Vermont PTAC (Procurement Technical Assistance Center) and the VT Attorney General CAP (Consumer Assistance Program) and Small Business Initiative.
Additional resources include:
- NIST Special Publication 800-171
- Manufacturers Guide to Cybersecurity – For Small and Medium-Sized Manufacturers
- Cybersecurity Resources for Manufacturers
- Industry Info Day “Unclassified” DoD presentation
- NIST MEP Cybersecurity Self-Assessment Handbook for Assessing NIST SP 800-171 Security Requirements
- July 11, 2017 presentation given by Pat Toth, NIST Cybersecurity Program Manager
- September 27, 2017 presentation given by Patricia Giavara, VMEC Assistant Director, and Betsy Adams, VT PTAC Procurement Counselor I
- VMEC and NIST combined file, highlighting cyber risks and compliance, as well as service provider, rbTechnologies
VMEC is offering IT Security Services with local IT service provider, rbTechnologies
rbTechnologies is a central Vermont based IT service company operating since 1997. Dave Porcello joined rbTech in 2017 to provide IT security services. Dave is the founder of Vermont security firm Pwnie Express and inventor of the award-winning Pwn Plug security testing device, featured on Good Morning America, NPR, CNN, Forbes, Wired, “Mr. Robot”, and winner of SC Magazine’s Innovator of the Year. In his 16 years of field experience, Dave has served as Director of Security for Vermont Mutual, adjunct professor at Norwich University, security counsel for NPR and advisor for public figures including Steve Wozniak and Will Smith.
VMEC and rbTechnologies are offering Vermont manufacturers, including defense contractors, the following services:
- Quick IT Security Assessment (4-6 hours) including walk-through and discussion of SP 800-171 requirements
- Full IT Security Assessment that identifies and documents gaps and vulnerabilities, and a remediation plan outline
- Customized remediation projects
- Continuous proactive security monitoring and assessment follow-ups