Sens. Chris Coons, D-Delaware; Lindsey Graham, R-South Carolina; and Kristen Gillibrand, D-New York, along with Reps. Jimmy Panetta, D-California; and Mike Gallagher, R-Wisconsin, introduced, on April 12, the Enhance Cybersecurity for Small Manufacturers Act.
The act gives the Department of Defense and Hollings Manufacturing Extension Partnership program additional tools to help small manufacturers in the defense supply chain eliminate potentially significant cybersecurity risks.
As of December 2017, Department of Defense suppliers must comply with new, tougher cybersecurity requirements to ensure information relevant to defense manufacturing supply chains is protected.
The Hollings Manufacturing Extension Partnership Program interacted with more than 1,000 small manufacturers regarding the Department of Defense’s cybersecurity requirements. This outreach by the MEP program revealed a lack of awareness of the new cybersecurity requirements among small manufacturers in the defense supply chain and a deficiency of financial and technical resources required to manage cybersecurity risks.
If cybersecurity vulnerabilities remain unaddressed, defense supply chains face a higher likelihood of serious and exploitable vulnerabilities, as well as a substantial reduction in the number of suppliers compliant with Department of Defense requirements, and therefore ineligible to provide products and services to the Department of Defense.
The bill will help small manufacturers by requiring the dissemination of cybersecurity resources to raise awareness of new requirements and best practices to address a widespread lack of awareness of cybersecurity threats among small manufacturers in the defense industrial supply chain; authorizing MEPs to conduct voluntary self-assessments of small manufacturers to understand operating environments, cybersecurity requirements and existing vulnerabilities; and authorizing MEPs to help small manufacturers implement security measures that are adequate to protect sensitive defense information if vulnerabilities are uncovered.
“Small manufacturers are essential to the defense supply chain,” said Coons. “I’m very concerned that many of these manufacturers have not been able to implement the Department of Defense’s new cybersecurity requirements. The MEP program is well-positioned to help these manufacturers. This bill provides the Department of Defense and MEPs with the tools to ensure we’re closing any vulnerabilities that could harm our national security."