Local Manufacturing Organization at Risk of Losing Their DoD Contracts
Who Are They?
This multi-generational family run manufacturing company located in Connecticut was started in the early 1950s and has thrived by producing specialized parts for upstream contractors to the Department of Defense. They employ many local citizens with some being office employees and others working on the shop floor.
Over the years they have taken on external investors to help them keep up with the demand for their products and most recently acquired another local firm to provide them specialized equipment which will allow them to bid on a wider array of contracts as well as help with their capacity planning.
What Do They Do?
This organization has developed a process for delivering specialized motor mounts which enable the powering of some of the most unique military aircraft engines in use today. This type of contract comprises over 95% of their annual revenue and is critical to their organization’s success.
When we started working with this organization in 2015, their infrastructure was in a state of disarray. They had been purchasing whatever cheapest equipment they could find which would keep the organization operational, even if it was not the correct long term solution. This worked for them as they grew over the years, but they started getting pressure from their upstream contractors to be more secure and ensure that their organization would be able to deliver their specialized products.
At the time, they needed to be compliant with NIST 800-171, the then standard from the Department of Defense for cyber security, and were at risk of losing their DoD contracts if they did not comply. As these contracts were such a large part of their revenue, it was critical to protect these to avoid being put out of business.
Their computer infrastructure consists of consumer grade switches and wireless, no firewall, dated backup technology, and no identity access controls as everyone could see every file on their network. In addition as there was no controls on the network, they had rampant shadow IT, employees implementing technology into the network which was not approved, which led to rogue wireless networks and employees using the business internet service for personal needs such as movie streaming and personal social media. All of this was a problem for NIST 800-171, but became an increased problem as the DoD released their new standard, the Cybersecurity Maturity Model Certification (CMMC) in 2020. This coupled with the challenges of remote working in 2020 when the COVID pandemic sent non-essential employees home was a clear sign that they needed to step up their IT and cyber security game to remain a viable entity which produced products for the federal government.
What Was Our Solution?
Over the years of working with this client, we have implemented a full Defense in Depth infrastructure for them to help organize and secure their valuable data and employees. We started with a full infrastructure refresh which utilized a true Windows Active Directory with user access controls as well as a next generation firewall, complete BC/DR data backup solution, and commercial grade switching and wireless.
We also worked with them to remove all old and inappropriate devices and windows operating systems to ensure that their environment was up to date, supportable and secure. In addition to the physical changes to the environment, we provide multiple security tools to help prevent and detect data breaches as well as perform regular employee awareness training, network scans for vulnerabilities and even penetration tests to see if anyone can breach their network from the outside. All of this was required for CMMC compliance but is also smart business practice and good cyber hygiene.
Without the help of a secure IT provider such as Kyber, this organization would have been at a loss for winning new DoD contracts and their future was tenuous at best. If your organization is experiencing similar challenges with regard to IT security and compliance, Kyber can help. There is no “one size fits all” solution to these types of challenges and the Kyber team will work with you to determine what can help secure the future of your organization, DoD contracts and ultimate success.
CMMC Gap Review
As an organization considering the ramifications of CMMC 2.0 and the impact that it will have on your business, the first step to compliance is a review of the gaps you have between your current state and the required future state with regard to the CMMC controls that apply to you.
The level of CMMC 2.0 that you must be compliant with is based upon where you are in the supply chain and whether or not you obtain or create Controlled Unclassified Information (CUI). The levels and associated number of controls are below:
If you obtain or create CUI, you will need to be compliant with at least Level 2 which includes 110 controls. Understanding your compliance with these controls is a critical first step in the process. We are offering a special service to help get the process started.
Normally valued at $2,500, we will perform an initial gap review for your organization for only $995. This will result in actionable information your organization can use to start on the road to compliance. This offer is limited to the first 50 respondents, so act today to secure your review with this special offer.