Supply chain attacks increased 78% between 2017 and 2018. That’s why the Department of Defense (DoD) is ramping up efforts to improve contractor compliance across its supply chain.
In fact, new language under the Defense Federal Acquisition Regulation Supplement (DFARS) requires contractors to comply with enhanced cybersecurity measures.
There are many manufacturing contractors and subcontractors in the DoD supply chain. If your manufacturing company has won a contract with the DoD, there’s a set list of clauses you’re expected to follow.
Take DFAR Clause 252.204-7012 “Safe Guarding Covered Defense Information and Cyber Incident Reporting,” for example. This clause requires contractors and subcontractors to provide adequate security to safeguard Covered Defense Information (CDI) that resides on or is transiting through a contractor’s internal information system or network.
In response to this clause, the U.S. Government stated that they couldn’t afford to have sensitive information inadequately secured by contractors. Therefore, they will be reviewing contractor risk management practices to adequately test, hunt, censor, and respond to incidents on contractor systems.
Thus, manufacturers must take the following actions to improve cybersecurity across the supply chain.
Electronic transfer of information through the supply chain is standard. However, it presents hackers with another attack path to ascertain information. To provide adequate security, manufacturers—and those contractors they communicate with in the supply chain—must safeguard CDI.
CDI generally refers to unclassified information that is collected, developed, received, stored, transmitted, or used on behalf of a contractor. This includes information that requires dissemination controls, such as:
To identify CDI in your government-supplied documents, look for information marked with control designation letters B through F, ITAR designation, or Export Control designation.
Supply chains operate more efficiently when data is shared between stakeholders, as it enables deeper communication. This hyper-connectivity, however, has exposed the risk of data hacks across the whole digital supply chain.
For instance, hackers have the ability to tamper with manufacturing companies in the following ways:
To secure DoD supply chains, manufacturers are required to report cyber incidents that affect a covered contractor information system or the covered defense information residing therein, or that affect the contractor’s ability to perform requirements designated as operationally critical support.
Additionally, manufacturers must submit malicious software discovered and isolated in connection with a reported cyber incident to the DoD Cyber Crime Center.
Finally, contractors must flow down the cause in subcontracts that involve CDI.
So, even if a manufacturer has a comprehensive cybersecurity strategy in place, they must also include the DFARS 252.204-7012 clause in the contract with a supplier that involves the use of CDI.
To prevent stolen data, manufacturers must vet business partners carefully and conduct regular security audits to ensure they’re keeping any shared data safe.
After all, a cybersecurity attack within the supply chain can destroy a manufacturer’s key assets, derailing profits in the process.
IM体育足球下载’s cybersecurity experts offer formal cybersecurity threat assessments to help you identify vulnerabilities and keep your company safe from hackers. As a result, you can prevent cyber attacks on your company’s key infrastructure. To protect your company, the experts at IM体育足球下载 can help.