Job shops across the country are critical to maintaining the United States’ infrastructure, as well as to supplying numerous essential parts for national defense manufacturing programs. And, while government contracts help shop owners drive their businesses forward, shop owners know better than anyone that supply chains are becoming increasingly global and complex networks, which contributes to wider uncertainty. While many job shops receive government contracts, it is critical that their information technology processes are keep secure and dependable. Otherwise, they risk losing those contracts.
Today many job shops today do not have up-to-date cybersecurity systems in place, despite their contracts with government agencies and contractors, and the critical information included with such contracts. Rather, shop employees continue to store defense drawings and models on shared drives, which allow anyone on a network to acquire any file they may choose. This makes it easy for hackers to gain access to the network, mining data and stealing important information.
Shop owners believe that because they are smaller than large military contractors their shops are not primary targets for hackers. However, their size is what makes them appealing: bad actors know that job shops do not have the same cybersecurity processes in place, meaning it is much easier for them to gain access to a network via simple tactics like phishing.
In a 2019 survey of more than 300 manufacturing executives, 50% reported that they had experienced a cybersecurity breach in the past 12 months.
Once hackers have access to a network they mine for important information related to defense contracts. This may result in monetary losses, a damaged commercial reputation, and lack of trust by suppliers and customers. For job shops with defense contracts, the repercussions can be ruinous: if a phishing attack is successful and the malware proliferates throughout a shop’s email contacts to government employees, their information could be comprised within one hour.
Once an attacker gets onto a network, the damage can spread shockingly fast. At one shop an employee downloaded and ran malware sent via email. Immediately it spread itself by emailing all of the shop’s email contacts. Within an hour, the shop was getting phone calls from customers, which included government employees, about spam messages, stolen credit card numbers, and virus alerts. The shop owner had spent years building his business and reputation, and it was ruined almost instantly.
It is critical for job shops to implement an up-to-date, cybersecurity strategy. To be successful, this strategy must detail how shop owners safely share customer data and adhere to federal compliance procedures.
Safely distributing customer data — As more job shops conduct their business digitally, it is vital for them to follow best practices for securely transferring customer data to vendors. Regardless of the file type (CAD, contract, even email) shops must ensure that correspondence is safe.
Additionally, each digital correspondence from a supplier, partner, or material distributor also must to be protects, as each unsecured item puts the enterprise at risk.
With government contracts, job shops must understand and accept that the cybersecurity guidelines apply to every company in the supply chain. As such, shop employees must proactively reach out to every vendors so that they fully understand the cybersecurity processes they have in place, and to ensure that each bit of customer data remains secure.
One way to safely share customer data with third parties is to use secure collaboration tools, which encrypt data while it is being transferred and when it is at rest. Many of these tools will also allow only the shared file to be accessed for a certain period, which creates an extra layer of protection because third-party vendors will not have indefinite access to the customer files.
Further, many of these security solutions do not require users to download and save each file thanks to cloud-based viewing technology, giving shop employees a better understanding of where their intellectual property lives.
By investing in secure collaboration tools, job shops can maintain their cybersecurity strategies in a cost-effective manner.
Adhering to federal guidelines —In addition to sharing customer data files securely, it is critical for shops to comply with federal mandates. The ITAR and export control laws do not stipulate how to protect data, but new defense contracts demand that organizations adhere to new standards like NIST SP800-171. If an organizations does not comply with these industry guidelines, it risks losing access to customers and new business.
In the future, government contract provisions will become more pronounced as cybersecurity continues to play a critical role in all organizations. As part of the new Cybersecurity Maturity Model Certification (CMMC), rolling out in the next 6-12 months, government contracts will require a third-party certification, and prime contractors will need to pass these requirements down through their supply chain. As such, as contractors go through the cybersecurity assessment process, job shops should prepare to have their own internal processes, as well as their vendors, audited.
It is imperative for shops to put compliance programs in place ahead of any audits to ensure that they comply with industry mandates. This requires creating and following internal processes, instructing employees, and investing in solutions to safely store sensitive data.
Today’s business climate is more than competitive: it's compliant. It’s no longer enough for a shop to pay the annual ITAR registration fee and forget about security for the rest of the year. Job shops must invest in a robust cybersecurity strategy to win and retain government contracts. By protecting customer data, shops will keep their place in the U.S. manufacturing and defense industrial network.
Scott Sawyer is the chief technology officer and co-founder of Paperless Parts, an online marketplace for custom parts, with proprietary technology to eliminate costs associated with sourcing and quoting.
