Grant Money is Available to Help Protect Your Business from Cyber-Attack

Purdue MEP has been awarded a Department of Defense (DoD) Office of Economic Adjustment (OEA) grant focused on improving the cybersecurity health of small-to-medium manufacturers in the DoD supply chain. The goal of the effort is reduce the loss of defense technology intellectual property (IP) and minimize the DoD supply chain disruptions, which result from the compromise of manufacturers’ information systems by hackers. Companies that express an interest in future DoD work might be eligible as well as current DoD suppliers. Additionally, for those companies that are not eligible for the grant, Purdue MEP has negotiated a special rate for Purdue MEP clients.

The Loss of IP and Business Disruption is a Persistent and Growing Issue for Small Business

The compromise of large companies such as Target in 2013 or Equifax in 2017 are well publicized, however, the cyber-attacks on small businesses are growing rapidly — from 18 percent of all cyber-attacks in 2011 to a whopping 43 percent of all cyber-attacks in 2015. (USA Today, Oct 2017)

There are several reasons why small businesses are a growing target of cyber-attacks.
First, smaller businesses are one of the ways hackers reach larger targets. A smaller business may not be as financially attractive as a large enterprise, but their IP can be just as valuable. Many smaller businesses are suppliers and vendors for bigger companies, with access credentials to their secure networks. Once attackers gain access to a smaller business, they obtain those credentials and move on to more lucrative entities.

Second, smaller businesses are easier targets. Even if they know they are vulnerable, small and midsize businesses often cannot afford the technology or expertise to establish a suitable security approach. The conventional security purchased by most businesses cannot stop a targeted attack. By focusing on smaller businesses, attackers are taking the path of least resistance to financial rewards, IP, and access to high-value targets. And third, smaller businesses are expendable targets. Attackers can afford to casually breach small and midsize businesses and lie dormant for months, waiting for the right time to emerge and steal data or vandalize systems. (USA Today, Oct 2017)

With thousands of small businesses in the DoD supply chain, the DoD was forced to act in order to reduce the loss of defense technology IP and disruption of the supply chain. As a result, the DoD implemented new contracting rules that require businesses working with DoD to attain a minimum level of cyber-health.

Cybersecurity Is Required to Satisfy DoD Contracts

In response to this persistent and growing threat, as of 31 December 2017, the DoD added a new defense federal acquisition regulation (DFAR) to their contracts. This addition requires all contractors and subcontractors that store controlled unclassified information (CUI) on their information systems to meet the guidelines of National Institute of Standards and Technology Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. CUI is “information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies.” For example, the prints that detail the dimensions of a component part of a military aircraft, vehicle, or vessel could be CUI.

Purdue MEP Can Help Indiana Manufacturers Raise Their Cyber-Health

The DoD recognizes these necessary cyber-health improvements require companies to incur additional expenses. As such, the DoD issued the cybersecurity grants to offset these costs.. Using this grant money from the DoD OEA, Purdue MEP has established the Defense Cybersecurity Assistance Program (DCAP). This program is designed to strengthen small to medium-sized defense suppliers through a cybersecurity awareness assessment. Upon completion of the assessment, Purdue MEP provides expert support to implement the critical tools to secure controlled unclassified information, as well as verification of compliance to the NIST SP 800-171 guidelines. Any manufacturing business, current or aspiring DoD suppliers, that would like additional information should contact Purdue MEP. Additionally, for companies that are not interested in government work, Purdue MEP has negotiated a special rate with our trusted vendor.

Writer: Robert Goosen, 765-496-4101, rgoosen@purdue.edu

Writer: Gene Jones, 765-496-7802, jonesew@purdue.edu