Cybersecurity Guidelines Underway for Michigan Manufacturers

Companies working with the Department of Defense have less than a year to meet minimum cybersecurity guidelines.


Facebook Share Icon LinkedIn Share Icon Twitter Share Icon Share by EMail icon Print Icon

Working with the DOD in Michigan? It’s time to start thinking about documenting your cybersecurity activities.

According to Elliot Forsyth, vice president of business operations at the Michigan Manufacturing Technology Center, which is based in Plymouth, Michigan, cybersecurity guidelines required by the Department of Defense are likely to have an enormous impact on the 800 Michigan manufacturers that received a DOD contract in 2016. By Dec. 31, 2017, all DOD contractors (including small businesses) must meet minimum cybersecurity requirements or risk losing DOD business. In addition, most manufacturers aren’t even aware of the looming deadline or what they must do to comply.

“As we talk to small and medium-size manufacturers across the state, very few have heard of the DOD’s cybersecurity regulations,” Mr. Forsyth says. “Time is going to become a major factor, as these companies will need to complete an information security assessment, remediate any issues, and establish a plan for monitoring and reporting—all before the end of the year. Also a factor is the scope of the regulations that are far beyond the basics such as having a firewall. Many of these requirements, such as data encryption and multifactor authentication, simply are not found in an everyday manufacturing environment.”

The standards are outlined in a publication from the National Institute of Standards and Technology (NIST) and fall into 14 areas with specific security requirements that must be implemented as documented in “NIST Special Publication 800-171.” To learn more, read “Cybersecurity Requirements Looming for Michigan Manufacturers.” 

Mr. Forsyth leads the center’s new cybersecurity practice area, which provides information security assessment, remediation and regulatory compliance. The area adds to the in-depth consulting services for clients, including growth services, operational excellence (including quality systems, lean and six sigma), leadership development, skill development, accelerating technology and research services. In addition, the center will host an informational session for area manufacturers on Tuesday, Feb. 14, from 8:30 to 11:30 a.m. The event will include special guests from NIST who were directly involved with documenting the cybersecurity requirements. Read “Explore: Cybersecutiry Compliance” for more information and to register.