Ignyte Assurance Platform, profile picture
Uploaded byIgnyte Assurance Platform
PPTX, PDF52 views

Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing

The document outlines a webinar series focused on the necessity of cybersecurity in U.S. manufacturing, led by experts Max Aulakh and Connie Palucka. It highlights the rising threat of cyberattacks on small and medium-sized businesses, emphasizing the growing costs and impacts of data breaches, particularly in the context of compliance with Defense Federal Acquisition Regulation Supplement (DFARS) and Cybersecurity Maturity Model Certification (CMMC) requirements. The series will cover various topics including DFARS compliance, cybersecurity strategies, and risk management practices for defense contractors.

Embed presentation

Download to read offline
WEBINAR SERIES. Part 1 24 March 2021 10:30 AM EST Hosted by CATALYST CONNECTION Max Aulakh Founder & CEO Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Who’s driving this webinar? Max Aulakh Founder & CEO About our Speaker C-SUITE DEFENSE & ASSURANCE LEADER S P E C I A L G U E S T As a Data Security and Compliance Leader, he delivers DoD-tested security strategies and compliance that safeguard mission-critical IT operations. Having trained and excelled in The United States Air Force, he maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global networks — both classified and unclassified. He drove the Information Assurance (IA) programs for the U.S. Department of Defense (DoD). Facilitated by Connie Palucka Vice President, Consulting at Catalyst Connection Connie joined Catalyst Connection in 2005 and brings over 25 years of global sales, business development, and product development experience to her role as the Managing Director of Regional Initiatives. She leads a team that secures and executes grants initiatives to support manufacturers and build the region’s vibrancy. She also works with regional academic institutions, economic development organizations and regional manufacturers to build new capabilities and help make Southwestern Pennsylvania a model for the nation.
• Webinar 1: Laying the Foundation – The Need for Cybersecurity in U.S. Manufacturing • Webinar 2: DFARS & CMMC Overview • Webinar 3: DFARS NIST 800-171 Compliance Process • Webinar 4: Real Company Examples • Webinar 5: CMMC Breakdown • Session 6: Risk Mitigation 6-Part Webinar Series: CYBER RESILIENCY FOR DEFENSE CONTRACTORS
Overview • Reasons for Cybersecurity • Impact on the US Manufacturing • Modern Approach to Cyber Security
Reasons for Cybersecurity
Small & Medium Businesses Cyber Resilience Overview The impact of a data breach is disproportionately larger for smaller organizations between 500 and 1,000 employees at an average cost of $2.65 million, or $3,533 per employee. >20 % increase in cyberattacks on SMBs since 2016 60 % of the security risk that organizations face stems from having multiple security vendors and products. 43 % of cyberattacks are aimed at small businesses of small businesses are prepared to defend themselves from cyber attacks. 14 %
Threats Landscape for SMBs ● 45% SMBs report that their processes are ineffective at mitigating attacks. ● 66% have experienced a cyber attack in the past 12 months. ● 69% admit that cyber attacks are becoming more targeted. The most common types of attacks on SMBs include: ● Phishing/Social Engineering: 57% ● Compromised/Stolen Devices: 33% ● Credential Theft: 30%
Information Security Spending Global spending on cybersecurity products and services is predicted to exceed $1 trillion cumulatively over the five-year period from 2017 to 2021. This is a 12-15% year-over-year cybersecurity market growth from 2021. expect cybersecurity budgets to increase in the next three years. was estimated and allocated by the U.S. government for cybersecurity spending in 2021.
Ransom Attacks Ransomware attacks are growing more than 350% annually. Ransomware attacks are becoming more prevalent as a concern. At the end of 2016, a business fell victim to a ransomware attack every 40 seconds. This is expected to rise to every 11 seconds by 2021, according to a report by Cybersecurity Ventures. Manufacturing companies account for nearly a quarter of all ransomware attacks, followed by the professional services with 17% of attacks, and then government organizations with 13% of attacks. (Security Intelligence) This cyber attack occurs when malicious software is used to restrict access to a computer system or data, until the victim pays ransom requested by the criminal.
Impact on the US Manufacturing
Potential Business Impacts Inadequate security controls leading to internal breach of CUI and FCI. ● Engineering Data & Drawings ● Internal Data Theft Report Cyber Incidents to DoD at http://dibnet.dod.mil within 72 Hours Increasing cost of both Technology & Compliance ● Decrease quality and effectiveness of current technology implementations Potential issues with Prime for not following contract flow down requirement. ● Loss of business revenue 3 Major SMB Impacts 1 3 2
Supplier Performance Risk System & Reports • Cyber Score Submission Required • Scores are based on NIST 800-171 Assessment • SPRS Data is used for Source Selection • Accessible By: o Government Personnel with Need to Know o Contractors (your own data only) • Not Releasable Under Freedom of Information Act (FOIA)
Product Data Reporting and Evaluation Program (PDREP) automated manual Air Force Contracting Database Information System (J018) - EDA - WAWF - MOCAS - USN/USMC - USAF - Army - DCMA - DLA - GIDEP - USAF - NAVAIR - USMC Aviation Joint Discrepancy Reporting System (JDRS) Contractor Performance Assessment Reporting System (CPARS) - PPIRS-RC - FAPIIS Other (ad hoc) - DLA Contract Data - Award, Delivery, Pricing Quality Data - PQDRs, GIDEP, MIRs, Bulletins, SDRs - Surveys, Lab Reports Material Data - NSNs, application and safety criticality Contract Data - Award, Delivery Quality Data - PQDRs DCMA Supplier Risk System (SRS) Supplier Risk Data - Corrective Action Requests (CARs) - Corrective Action Plans (CAPs) - Program Assessment Reports (PARs) Bureau of Labor Statistics Contract Data - Award, Delivery System for Award Mgt (SAM) DLA - eProcurement - EBS - eProcurement - EBS Price Risk Data - PPI (inflation) Company Data - CAGE codes - Exclusion/debarment - DUNS & MPIN Item Risk Data - DMSMS Supplier Risk Data - performance ratings, testimonials SPRS Supplier Performance Risk System Data Flow DLA
Barriers & Impact of Doing Business ❑ Get trained ASAP & do not delay in learning about this new requirement ❑ Prepare for your SPRS Scores ✔ Be aware of False Claims Act ❑ Proactively communicate with your prime on your progress ✔ Primes will be accountable for “cleaning up” their supply chain ❑ Contact Ignyte staff for help
Modern Approach to Cybersecurity
Cybersecurity is Business Level Risk Management Cost of Breach (x) Cost of Security (y) $10M+ $10M+
Cybersecurity as a Corporate Program Educate
4 2 1 3 4 Main DFARS Rules DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting DFARS 252.204 7020: NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7019: Notice of NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
• In 2020, the Department of Defense (DoD) is launched the Cybersecurity Maturity Model Certification framework, developed to assess and improve the cybersecurity posture of its supply chain at all tiers. • The CMMC will help the DoD ensure that all suppliers and vendors have the appropriate level of cybersecurity practices and processes to ensure basic cyber hygiene, as well as protect controlled unclassified information (CUI) that may reside on their networks. • This year, 10 – 15 DoD Requests for Information and/or contracts will be issued with a CMMC requirement. Each contract will affect 100 – 150 suppliers. Ultimately, the DoD will use the required CMMC level in its “go / no go” decision related to vendor consideration and approval. CMMC: Cybersecurity Maturity Model Certification
Understanding DFARS, NIST 800-171 and CMMC Relationship Who needs to be DFARS compliant? All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards or risk losing their DoD contracts. Based on NIST Special Publication 800-171, manufacturers must implement these security controls through all levels of their supply chain. Where is DFARS included? DFARS clause 252.204-7012 is included in all solicitations and contracts, including those using Federal Acquisition Regulation (FAR) part 12 commercial item procedures, except for acquisitions solely for commercially available off- the-shelf (COTS) items. The clause requires contractors to apply the security requirements of NIST SP 800-171 to “covered contractor information systems”. Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171. NIST SP 800-171r1 CMMC REQUIREMENTS 20 Additional Practices 51 Maturity Processes DFARS REQUIREMENTS FedRAMP Mod Paragraphs C-G 72 Hour Report
Understanding DFARS, NIST 800-171 and CMMC Relationship How do NIST controls overlap with the emerging CMMC framework? NIST 800-171 is the backbone of the CMMC framework and it is required by all CMMC levels. For example, NIST domains cover 110 controls out of 130 required for Level 3 of CMMC. Would CMMC potentially replace NIST? The CMMC is an advanced step in the DoD’s efforts to properly secure the Defense Industrial Base (DIB). It complements and enforces NIST 800-171 as part of its requirements. Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171. NIST SP 800-171r1 CMMC REQUIREMENTS 20 Additional Practices 51 Maturity Processes DFARS REQUIREMENTS FedRAMP Mod Paragraphs C-G 72 Hour Report
Recommended Next Steps ▪ If you have a contract with DoD, bidding for one, or work with DoD Prime Contractor, the new DFAR rule will apply to you regardless of the type of your organization ❑ If you have an active contract, the assumption is that you’ve already self- attested that you meet NIST 800-171 ❑ DoD’s goal is not to eliminate organizations from the defense industrial base but to strengthen cybersecurity posture of its supply chain ❑ Keep in mind if you handle CUI/CDI, you will need at least a CMMC Level 3 ❑ Regardless of your desired CMMC Level, you should conduct an 800-171 assessment and develop your SSP and POAM Don’t wait … Start preparing now!
Why the need for cybersecurity? How and why threats are impacting US Manufacturing? What is new in cybersecurity? Today’s Lessons Learned 1 2 3
Next Week
Session 2: CMMC Breakdown What will we talk about? 1. What is Cybersecurity Maturity Model Certification (CMMC)? 2.Levels of CMMC framework and how to determine required level of compliance. When: April 21, 2021 at 10:30 AM EST Where: Same place. Please register for this webinar series here.
Questions? Thank you! Point of Contact Connie Palucka Vice President, Consulting Max Aulakh, MBA, CISSP, PMP Founder & CEO Point of Contact info@ignyteplatform.com cpalucka@catalystconnection.org

More Related Content

PDF
A Case Study of the Capital One Data Breach
byAnchises Moraes
 
PPTX
A holistic approach to risk management 20210210 w acfe france & cyber rea...
byJudith Beckhard Cardoso
 
PPTX
Cyber risks in supply chains
byAparajita Banerjee
 
PDF
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
PDF
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
byShah Sheikh
 
PPTX
Top 20 Security Controls for a More Secure Infrastructure
byInfosec
 
PDF
System of security controls
byS.E. CTS CERT-GOV-MD
 
PPTX
Cybersecurity Framework - Introduction
byMuhammad Akbar Yasin
 
A Case Study of the Capital One Data Breach
byAnchises Moraes
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
byJudith Beckhard Cardoso
 
Cyber risks in supply chains
byAparajita Banerjee
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
byShah Sheikh
 
Top 20 Security Controls for a More Secure Infrastructure
byInfosec
 
System of security controls
byS.E. CTS CERT-GOV-MD
 
Cybersecurity Framework - Introduction
byMuhammad Akbar Yasin
 

What's hot

PPT
GSA's Presentation on Improving Cyber Security Through Acquisition
byGovernment Technology and Services Coalition
 
PPTX
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
byNetEnrich, Inc.
 
PDF
Assessing Risk: Developing a Client/Server Security Architecture,
byMITDaveMillaar
 
PDF
Supply chain-attack
byvikram vashisth
 
ODP
Infosec Workshop - PacINET 2007
byChris Hammond-Thrasher
 
PDF
Reference Security Architecture for Mobility- Insurance
byPriyanka Aash
 
PPTX
Scott Hogg - Gtri cloud security knowledge and certs
byTrish McGinity, CCSK
 
PPTX
Solar winds supply chain breach - Insights from the trenches
byInfosec
 
PPTX
SCADA Security Training
byBryan Len
 
PPTX
Cybersecurity Skills Audit
byVilius Benetis
 
PDF
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
byRisk Analysis Consultants, s.r.o.
 
PDF
Introduction to NIST Cybersecurity Framework
byTuan Phan
 
PPTX
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
byAbhishek Goel
 
PDF
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
PPTX
Cybersecurity Metrics: Reporting to BoD
byPranav Shah
 
PDF
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
byTuan Phan
 
PDF
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
byKevin Fealey
 
PPTX
Threat Modeling - Writing Secure Code
byCaleb Jenkins
 
PPTX
SCADA Security Webinar
byAVEVA
 
PDF
Security operations center 5 security controls
byAlienVault
 
GSA's Presentation on Improving Cyber Security Through Acquisition
byGovernment Technology and Services Coalition
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
byNetEnrich, Inc.
 
Assessing Risk: Developing a Client/Server Security Architecture,
byMITDaveMillaar
 
Supply chain-attack
byvikram vashisth
 
Infosec Workshop - PacINET 2007
byChris Hammond-Thrasher
 
Reference Security Architecture for Mobility- Insurance
byPriyanka Aash
 
Scott Hogg - Gtri cloud security knowledge and certs
byTrish McGinity, CCSK
 
Solar winds supply chain breach - Insights from the trenches
byInfosec
 
SCADA Security Training
byBryan Len
 
Cybersecurity Skills Audit
byVilius Benetis
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
byRisk Analysis Consultants, s.r.o.
 
Introduction to NIST Cybersecurity Framework
byTuan Phan
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
byAbhishek Goel
 
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
Cybersecurity Metrics: Reporting to BoD
byPranav Shah
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
byTuan Phan
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
byKevin Fealey
 
Threat Modeling - Writing Secure Code
byCaleb Jenkins
 
SCADA Security Webinar
byAVEVA
 
Security operations center 5 security controls
byAlienVault
 

Similar to Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing

PPTX
CMMC Breakdown
byIgnyte Assurance Platform
 
PPTX
DFARS & CMMC Overview
byIgnyte Assurance Platform
 
PPTX
CMMC DFARS/NIST SP 800-171
byIgnyte Assurance Platform
 
PPTX
How I Woke Up from the CMMC Compliance Nightmare
byIgnyte Assurance Platform
 
PDF
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
byJack Nichelson
 
PPTX
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
byIgnyte Assurance Platform
 
PPTX
Supporting your CMMC initiatives with Sumo Logic
byCloudHesive
 
PDF
Cybersecurity Maturity Model Certification
byMurray Security Services
 
PPTX
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
byJack Nichelson
 
PDF
ControlCase CMMC Basics Deck Final.pdf
byAmyPoblete3
 
PPTX
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
byJack Nichelson
 
PPTX
Government Webinar: Preparing for CMMC Compliance Roundtable
bySolarWinds
 
PPTX
CMMC rollout: How CMMC will impact your organization
byInfosec
 
PDF
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
byControlCase
 
PPTX
Robert Nichols: Cybersecurity for Government Contractors
byGovernment Technology and Services Coalition
 
PPTX
Webinar: Critical Steps For NIST Compliance
byWithum
 
PPTX
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
byRea
 
PPTX
Government Contracting- The Dawn of the CMMC - Win Federal Contracts
byJSchaus & Associates
 
PPTX
CMMC for Contractors and Manufacturers – What to Know for 2023
byWithum
 
PPTX
Cybersecurity: More than A DoD Issue
byRobert E Jones
 
CMMC Breakdown
byIgnyte Assurance Platform
 
DFARS & CMMC Overview
byIgnyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
byIgnyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
byIgnyte Assurance Platform
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
byJack Nichelson
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
byIgnyte Assurance Platform
 
Supporting your CMMC initiatives with Sumo Logic
byCloudHesive
 
Cybersecurity Maturity Model Certification
byMurray Security Services
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
byJack Nichelson
 
ControlCase CMMC Basics Deck Final.pdf
byAmyPoblete3
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
byJack Nichelson
 
Government Webinar: Preparing for CMMC Compliance Roundtable
bySolarWinds
 
CMMC rollout: How CMMC will impact your organization
byInfosec
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
byControlCase
 
Robert Nichols: Cybersecurity for Government Contractors
byGovernment Technology and Services Coalition
 
Webinar: Critical Steps For NIST Compliance
byWithum
 
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
byRea
 
Government Contracting- The Dawn of the CMMC - Win Federal Contracts
byJSchaus & Associates
 
CMMC for Contractors and Manufacturers – What to Know for 2023
byWithum
 
Cybersecurity: More than A DoD Issue
byRobert E Jones
 

More from Ignyte Assurance Platform

PDF
Ignyte_ CMMC Webinar #2_News from Federal Register_Sept. 2025.pdf
byIgnyte Assurance Platform
 
PDF
Ignyte_ CMMC Webinar September 2025.pdf
byIgnyte Assurance Platform
 
PDF
Ignyte/CDW LA Aerospace and Defense Event Recap Flyer.pdf
byIgnyte Assurance Platform
 
PPTX
CMMC Day 2024 _ Ignyte _ Declassification.pptx
byIgnyte Assurance Platform
 
PPTX
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
byIgnyte Assurance Platform
 
PDF
Ignyte - US Sovereign Cloud Computing
byIgnyte Assurance Platform
 
PPTX
CMMC 2.0 Explained: Impact for SMBs
byIgnyte Assurance Platform
 
PDF
NIST_Ignyte_OSCALWorkshop_2022.pdf
byIgnyte Assurance Platform
 
PDF
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
byIgnyte Assurance Platform
 
PPTX
CMMC 2.0 | What the changes mean for organizations in the DIB
byIgnyte Assurance Platform
 
PDF
CMMC 2.0 I L1 & L2 Assessment Guidance
byIgnyte Assurance Platform
 
PDF
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
byIgnyte Assurance Platform
 
PPTX
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
byIgnyte Assurance Platform
 
PDF
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
byIgnyte Assurance Platform
 
PDF
Securing the Supply Chain
byIgnyte Assurance Platform
 
PPTX
Corporate Cyber Program
byIgnyte Assurance Platform
 
PDF
Ignyte assurance platform NIST RMF datasheet.
byIgnyte Assurance Platform
 
Ignyte_ CMMC Webinar #2_News from Federal Register_Sept. 2025.pdf
byIgnyte Assurance Platform
 
Ignyte_ CMMC Webinar September 2025.pdf
byIgnyte Assurance Platform
 
Ignyte/CDW LA Aerospace and Defense Event Recap Flyer.pdf
byIgnyte Assurance Platform
 
CMMC Day 2024 _ Ignyte _ Declassification.pptx
byIgnyte Assurance Platform
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
byIgnyte Assurance Platform
 
Ignyte - US Sovereign Cloud Computing
byIgnyte Assurance Platform
 
CMMC 2.0 Explained: Impact for SMBs
byIgnyte Assurance Platform
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
byIgnyte Assurance Platform
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
byIgnyte Assurance Platform
 
CMMC 2.0 | What the changes mean for organizations in the DIB
byIgnyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Assessment Guidance
byIgnyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
byIgnyte Assurance Platform
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
byIgnyte Assurance Platform
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
byIgnyte Assurance Platform
 
Securing the Supply Chain
byIgnyte Assurance Platform
 
Corporate Cyber Program
byIgnyte Assurance Platform
 
Ignyte assurance platform NIST RMF datasheet.
byIgnyte Assurance Platform
 

Recently uploaded

PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
PPTX
SAP SOD Management for Secure & Compliant Access | s4access
bydigitalbacklinks123
 
PDF
Guidewire Vs. Openkoda: Customizable, Open Alternative to Lagacy Core Systems
byOpenkoda
 
PPTX
AI-Powered Clinic Management Software for Trichology Clinics in India Enhanci...
byEasy Clinic
 
PDF
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
PPTX
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
PPTX
The Future of Surgical Practice How AI is Transforming Diagnostics, Schedulin...
byEasy Clinic
 
PPTX
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
PPTX
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
PDF
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 
PDF
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
PDF
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
PDF
Transforming Compliance Through Policy & Procedure Management
byInsurance Tech Services
 
PDF
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PPTX
GDS Integration Solution | GDS Integration Service
byyugababu033
 
PDF
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
PDF
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
PPTX
Microsoft Power Platform Power BI Presentation.pptx
bymazenamerican
 
PPTX
Managed Splunk Partner vs In-House: Cost, Risk & Value Comparison
byssuser6ab5a5
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
SAP SOD Management for Secure & Compliant Access | s4access
bydigitalbacklinks123
 
Guidewire Vs. Openkoda: Customizable, Open Alternative to Lagacy Core Systems
byOpenkoda
 
AI-Powered Clinic Management Software for Trichology Clinics in India Enhanci...
byEasy Clinic
 
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
The Future of Surgical Practice How AI is Transforming Diagnostics, Schedulin...
byEasy Clinic
 
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
Transforming Compliance Through Policy & Procedure Management
byInsurance Tech Services
 
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
application security presentation 2 by harman
byharmanideapad
 
GDS Integration Solution | GDS Integration Service
byyugababu033
 
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
Microsoft Power Platform Power BI Presentation.pptx
bymazenamerican
 
Managed Splunk Partner vs In-House: Cost, Risk & Value Comparison
byssuser6ab5a5
 

Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing

  • 1.
    WEBINAR SERIES. Part1 24 March 2021 10:30 AM EST Hosted by CATALYST CONNECTION Max Aulakh Founder & CEO Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
  • 2.
    Who’s driving thiswebinar? Max Aulakh Founder & CEO About our Speaker C-SUITE DEFENSE & ASSURANCE LEADER S P E C I A L G U E S T As a Data Security and Compliance Leader, he delivers DoD-tested security strategies and compliance that safeguard mission-critical IT operations. Having trained and excelled in The United States Air Force, he maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global networks — both classified and unclassified. He drove the Information Assurance (IA) programs for the U.S. Department of Defense (DoD). Facilitated by Connie Palucka Vice President, Consulting at Catalyst Connection Connie joined Catalyst Connection in 2005 and brings over 25 years of global sales, business development, and product development experience to her role as the Managing Director of Regional Initiatives. She leads a team that secures and executes grants initiatives to support manufacturers and build the region’s vibrancy. She also works with regional academic institutions, economic development organizations and regional manufacturers to build new capabilities and help make Southwestern Pennsylvania a model for the nation.
  • 3.
    • Webinar 1:Laying the Foundation – The Need for Cybersecurity in U.S. Manufacturing • Webinar 2: DFARS & CMMC Overview • Webinar 3: DFARS NIST 800-171 Compliance Process • Webinar 4: Real Company Examples • Webinar 5: CMMC Breakdown • Session 6: Risk Mitigation 6-Part Webinar Series: CYBER RESILIENCY FOR DEFENSE CONTRACTORS
  • 4.
    Overview • Reasons forCybersecurity • Impact on the US Manufacturing • Modern Approach to Cyber Security
  • 5.
  • 6.
    Small & MediumBusinesses Cyber Resilience Overview The impact of a data breach is disproportionately larger for smaller organizations between 500 and 1,000 employees at an average cost of $2.65 million, or $3,533 per employee. >20 % increase in cyberattacks on SMBs since 2016 60 % of the security risk that organizations face stems from having multiple security vendors and products. 43 % of cyberattacks are aimed at small businesses of small businesses are prepared to defend themselves from cyber attacks. 14 %
  • 7.
    Threats Landscape forSMBs ● 45% SMBs report that their processes are ineffective at mitigating attacks. ● 66% have experienced a cyber attack in the past 12 months. ● 69% admit that cyber attacks are becoming more targeted. The most common types of attacks on SMBs include: ● Phishing/Social Engineering: 57% ● Compromised/Stolen Devices: 33% ● Credential Theft: 30%
  • 8.
    Information Security Spending Globalspending on cybersecurity products and services is predicted to exceed $1 trillion cumulatively over the five-year period from 2017 to 2021. This is a 12-15% year-over-year cybersecurity market growth from 2021. expect cybersecurity budgets to increase in the next three years. was estimated and allocated by the U.S. government for cybersecurity spending in 2021.
  • 9.
    Ransom Attacks Ransomware attacksare growing more than 350% annually. Ransomware attacks are becoming more prevalent as a concern. At the end of 2016, a business fell victim to a ransomware attack every 40 seconds. This is expected to rise to every 11 seconds by 2021, according to a report by Cybersecurity Ventures. Manufacturing companies account for nearly a quarter of all ransomware attacks, followed by the professional services with 17% of attacks, and then government organizations with 13% of attacks. (Security Intelligence) This cyber attack occurs when malicious software is used to restrict access to a computer system or data, until the victim pays ransom requested by the criminal.
  • 10.
    Impact on theUS Manufacturing
  • 11.
    Potential Business Impacts Inadequatesecurity controls leading to internal breach of CUI and FCI. ● Engineering Data & Drawings ● Internal Data Theft Report Cyber Incidents to DoD at http://dibnet.dod.mil within 72 Hours Increasing cost of both Technology & Compliance ● Decrease quality and effectiveness of current technology implementations Potential issues with Prime for not following contract flow down requirement. ● Loss of business revenue 3 Major SMB Impacts 1 3 2
  • 12.
    Supplier Performance RiskSystem & Reports • Cyber Score Submission Required • Scores are based on NIST 800-171 Assessment • SPRS Data is used for Source Selection • Accessible By: o Government Personnel with Need to Know o Contractors (your own data only) • Not Releasable Under Freedom of Information Act (FOIA)
  • 13.
    Product Data Reportingand Evaluation Program (PDREP) automated manual Air Force Contracting Database Information System (J018) - EDA - WAWF - MOCAS - USN/USMC - USAF - Army - DCMA - DLA - GIDEP - USAF - NAVAIR - USMC Aviation Joint Discrepancy Reporting System (JDRS) Contractor Performance Assessment Reporting System (CPARS) - PPIRS-RC - FAPIIS Other (ad hoc) - DLA Contract Data - Award, Delivery, Pricing Quality Data - PQDRs, GIDEP, MIRs, Bulletins, SDRs - Surveys, Lab Reports Material Data - NSNs, application and safety criticality Contract Data - Award, Delivery Quality Data - PQDRs DCMA Supplier Risk System (SRS) Supplier Risk Data - Corrective Action Requests (CARs) - Corrective Action Plans (CAPs) - Program Assessment Reports (PARs) Bureau of Labor Statistics Contract Data - Award, Delivery System for Award Mgt (SAM) DLA - eProcurement - EBS - eProcurement - EBS Price Risk Data - PPI (inflation) Company Data - CAGE codes - Exclusion/debarment - DUNS & MPIN Item Risk Data - DMSMS Supplier Risk Data - performance ratings, testimonials SPRS Supplier Performance Risk System Data Flow DLA
  • 14.
    Barriers & Impactof Doing Business ❑ Get trained ASAP & do not delay in learning about this new requirement ❑ Prepare for your SPRS Scores ✔ Be aware of False Claims Act ❑ Proactively communicate with your prime on your progress ✔ Primes will be accountable for “cleaning up” their supply chain ❑ Contact Ignyte staff for help
  • 15.
    Modern Approach toCybersecurity
  • 16.
    Cybersecurity is BusinessLevel Risk Management Cost of Breach (x) Cost of Security (y) $10M+ $10M+
  • 17.
    Cybersecurity as aCorporate Program Educate
  • 18.
    4 2 1 3 4 Main DFARSRules DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting DFARS 252.204 7020: NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7019: Notice of NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
  • 19.
    • In 2020,the Department of Defense (DoD) is launched the Cybersecurity Maturity Model Certification framework, developed to assess and improve the cybersecurity posture of its supply chain at all tiers. • The CMMC will help the DoD ensure that all suppliers and vendors have the appropriate level of cybersecurity practices and processes to ensure basic cyber hygiene, as well as protect controlled unclassified information (CUI) that may reside on their networks. • This year, 10 – 15 DoD Requests for Information and/or contracts will be issued with a CMMC requirement. Each contract will affect 100 – 150 suppliers. Ultimately, the DoD will use the required CMMC level in its “go / no go” decision related to vendor consideration and approval. CMMC: Cybersecurity Maturity Model Certification
  • 20.
    Understanding DFARS, NIST 800-171and CMMC Relationship Who needs to be DFARS compliant? All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards or risk losing their DoD contracts. Based on NIST Special Publication 800-171, manufacturers must implement these security controls through all levels of their supply chain. Where is DFARS included? DFARS clause 252.204-7012 is included in all solicitations and contracts, including those using Federal Acquisition Regulation (FAR) part 12 commercial item procedures, except for acquisitions solely for commercially available off- the-shelf (COTS) items. The clause requires contractors to apply the security requirements of NIST SP 800-171 to “covered contractor information systems”. Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171. NIST SP 800-171r1 CMMC REQUIREMENTS 20 Additional Practices 51 Maturity Processes DFARS REQUIREMENTS FedRAMP Mod Paragraphs C-G 72 Hour Report
  • 21.
    Understanding DFARS, NIST 800-171and CMMC Relationship How do NIST controls overlap with the emerging CMMC framework? NIST 800-171 is the backbone of the CMMC framework and it is required by all CMMC levels. For example, NIST domains cover 110 controls out of 130 required for Level 3 of CMMC. Would CMMC potentially replace NIST? The CMMC is an advanced step in the DoD’s efforts to properly secure the Defense Industrial Base (DIB). It complements and enforces NIST 800-171 as part of its requirements. Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171. NIST SP 800-171r1 CMMC REQUIREMENTS 20 Additional Practices 51 Maturity Processes DFARS REQUIREMENTS FedRAMP Mod Paragraphs C-G 72 Hour Report
  • 22.
    Recommended Next Steps ▪If you have a contract with DoD, bidding for one, or work with DoD Prime Contractor, the new DFAR rule will apply to you regardless of the type of your organization ❑ If you have an active contract, the assumption is that you’ve already self- attested that you meet NIST 800-171 ❑ DoD’s goal is not to eliminate organizations from the defense industrial base but to strengthen cybersecurity posture of its supply chain ❑ Keep in mind if you handle CUI/CDI, you will need at least a CMMC Level 3 ❑ Regardless of your desired CMMC Level, you should conduct an 800-171 assessment and develop your SSP and POAM Don’t wait … Start preparing now!
  • 23.
    Why the needfor cybersecurity? How and why threats are impacting US Manufacturing? What is new in cybersecurity? Today’s Lessons Learned 1 2 3
  • 24.
  • 25.
    Session 2: CMMCBreakdown What will we talk about? 1. What is Cybersecurity Maturity Model Certification (CMMC)? 2.Levels of CMMC framework and how to determine required level of compliance. When: April 21, 2021 at 10:30 AM EST Where: Same place. Please register for this webinar series here.
  • 26.
    Questions? Thank you! Point ofContact Connie Palucka Vice President, Consulting Max Aulakh, MBA, CISSP, PMP Founder & CEO Point of Contact info@ignyteplatform.com cpalucka@catalystconnection.org