Department of Defense Cybersecurity Guidelines Likely to Affect Michigan Manufacturers


Cybersecurity guidelines required by the U.S. Department of Defense are likely to have an “enormous impact” on the 800 Michigan manufacturers that received government contracts in 2016, manufacturing experts say. By the end of the year, all DoD contractors (including small businesses) must meet minimum cybersecurity requirements or risk losing their contracts.

“As we talk to small and medium-size manufacturers across the state, very few have heard of the DoD’s cybersecurity regulations,” says Elliot Forsyth, vice president of business operations at the Michigan Manufacturing Technology Center in Plymouth Township. “Time is going to become a major factor, as these companies will need to complete an information security assessment, remediate any issues, and establish a plan for monitoring and reporting — all before the end of the year.”

Forsyth adds that regulations such as having a digital firewall will be challenging for companies to accommodate. “Many of these requirements, such as data encryption and multifactor authentication, simply are not found in an everyday manufacturing environment,” he says.

The standards are outlined in a publication from the National Institute of Standards and Technology, which details 14 areas with specific security requirements to be implemented.

“As the NIST affiliate in Michigan (and) part of the Manufacturing Extension Partnership (MEP) program, (we are) very familiar with the requirements,” Forsyth says. “We have assembled a team of cybersecurity experts to offer a comprehensive process that encompasses four steps: discovery, remediation, test and validate, and monitoring/reporting. After an initial assessment, the team then tailors a plan specifically for each client’s internal capabilities, budget, and time sensitivity.”

Defense-related businesses currently employ 100,000 people throughout Michigan and accounts for $9 billion in products and services annually. Nearly $2.5 billion defense-related prime contracts were performed statewide in 2014.

“As much as this is manufacturing issue, it really is more than that,” adds Forsyth. “Cybersecurity is paramount to our nation’s security and our military’s viability.”