CyberSecurity Looms Large for SCV Aerospace & Defense Companies
Santa Clarita is home to more than 90 companies serving the Aerospace & Defense industry – either as Tier 1 suppliers to Department of Defense prime contractors such as Lockheed Martin, Boeing or Northop Grumman, or as Tier 2 or Tier 3 subcontractors.
Regardless of where these businesses exist in the supply chain, they have one thing in common – come December 31, 2017, all are required to comply with strict cybersecurity standards to ensure that certain types of federal information are protected when processed, stored, and used in non-federal information systems. In other words, protecting information coming out of the DoD and passing down the supply chain.
Aerospace & Defense suppliers are a key target of global adversaries, which spare no expense or effort in attempts to breach security and access data used for building U.S. defense products. And the DoD must assure that any Covered Defense Information (CDI) remains secure. What is not well understood is that CDI is much broader than just “classified” information, and cybersecurity requirements are expected to be adhered to by all sub-tier suppliers!
Compliance requirements, defense contractor expectations, and how to begin the potentially daunting task of cybersecurity assessment and remediation, were the topics of today’s well-attended SCV Aerospace and Defense Coalition breakfast meeting.
- Jeremy Stepan, President of Resurgence IT, who provided a broad overview on NIST 800-171 and DFARS 7012 (the governing standards of cybersecurity specific to any business in the defense supply chain), and key points on what companies should be doing as best practice to be secure.
- Dianna Salgado, Supplier Diversity Programs, Lockheed Martin Aeronautics, who presented insights on Lockheed Martin’s “Cybersecurity Ready” expectations of contractors in their supply chain, including completion of extensive questionnaires by suppliers using Exostar, their supply-chain collaboration and management platform.
- Chris Buthe, Manager of Delivery Resources & Cyber Physical Security Services, California Manufacturing Technology Consulting (CMTC), who provided a deeper dive into DoD requirements, security and resilience, compliance roadmap and milestones, along with a wealth of resources and information links to assist A&D companies through the journey of assessing and correcting to become safe and secure.
Mr. Buthe also announced that the DoD is funding five regional 8-hour compliance workshops in California, delivered by CMTC, to support all suppliers throughout the A&D supply chain. Participation by 25 unique businesses is required to deliver a workshop, and the SCVEDC will be working with CMTC and other partners to secure company participants and offer this valuable program. If you are interested in participating please contact Sue Arellano, Business Assistance Manager.
The Santa Clarita Valley Economic Development Corporation (SCVEDC) is a unique private / public partnership representing the united effort of regional industry and government leaders. The SCVEDC utilizes an integrated approach to attracting, retaining and expanding a diversity of businesses in the Santa Clarita Valley, especially those in key industry clusters, by offering competitive business services and other resources.