In response to the DFARS mandate, Silverside Detectors successfully addressed NIST SP 800-171 requirements through the CyberSaint and MassMEP Program.
“MassMEP and CyberSaint came alongside our team, guiding them through the compliance standards and leading us to a level of preparedness matching our commitment to excellence.” said Sarah Haig, COO of Silverside Detectors
Based just outside of the Boston area in Cambridge, MA, Silverside’s team is fundamentally shifting the global security landscape. Silverside Detectors is committed to reducing the global threat of nuclear terrorism. The company’s neutron detection technology enables governments to deploy networks of detectors at nuclear material storage sites, in transit routes, and throughout cities. With a growing team made up of researchers, technicians, and engineers, Silverside is bringing their lithium thermal neutron detector to market and has had great success and traction especially in recent months.
Silverside’s customer base includes offices within the Departments of Defense and Homeland Security, and therefore the team knew that cybersecurity best practices and compliance with the Defense Federal Acquisition Regulation Supplement, per NIST Special Publication 800-171, was a priority.
The new 800-171 controls, required by DoD, went into effect on December 31, 2017. The requirement applies to all DoD primary contractors and sub-contractors in the DoD Supply Chain for the protection of Controlled Unclassified Information (CUI).
It was apparent that Silverside’s needs went well beyond responding to customer questionnaires, and that real action to identify gaps and remediate was necessary. The team was also made aware that having a System Security Plan (SSP) and Plan of Actions and Milestones (POAM) was critical to proving adherence and adequate security in accordance with Department of Defense supply chain needs. Silverside would need to manage its own compliance with the 800-171 regulations in order to prepare to scale business through and beyond 2018, and have a cost-effective cybersecurity program that will mature in parallel with the company.
Silverside Detectors needed a plan of how to approach DFARS compliance and a solution that could be put in place quickly and easily to help with the DFARS assessment, without stalling other company initiatives. Silverside’s team also realized that they would need to self-manage their regulatory requirements beyond 2018 in order to stay competitive as their operation scales.
The Massachusetts Manufacturing Extension Partnership (MassMEP) organized a program that leverages various funding options to subsidize consulting engagements paired with the CyberStrong Platform from CyberSaint Security. This program enables state or local manufacturers and DoD suppliers with rapid DFARS cybersecurity conformance.
“We are pleased to partner with CyberSaint to provide our client Silverside Detectors a solution to their Cybersecurity compliance requirement. CyberSaint provided a robust and comprehensive report out and roadmap that helped Silverside Detectors navigate through the Defense Industry and Homeland Security requirement,”
Tom Andrellos, MassMEP’s Director of Growth Services.
The CyberStrong Platform is a breakthrough Integrated Risk Management and continuously active assessment platform that helps customers become quickly and easily compliant with regulations such as DFARS 800-171. The platform guides both Information Technology professionals and non-IT professionals through the assessment framework control by control and provides actionable insights on next steps to mitigate risk, making compliance with regulations and adherence to customer questionnaires accessible regardless of company resources.
“We are excited to make the CyberStrong Platform accessible to our local community through our partnership with the MassMEP. As a company founded upon making cyber best practices accessible, it’s rewarding to see local businesses and new startups alike benefit from adopting proactive security measures,”
George Wrenn, CyberSaint’s CEO and Founder.
CyberStrong walks the user through the DFARS assessment (either the NIST SP 800-171 controls or the Handbook (HB)162 control set) and provides gap analysis and recommendations on which controls should be implemented to increase the overall compliance score while lowering risk in key areas.
Silverside asked MassMEP to participate in the DFARS cybersecurity program, which included key CyberSaint stakeholders identifying Silverside’s Target of Evaluation, qualifying what was and was not considered Controlled Unclassified Information (CUI), walking through the technology architecture and explaining the best plan of action on how to close key DFARS compliance gaps. In just three sessions, the CyberSaint team used the CyberStrong Platform to expedite the conformance process and finished the engagement successfully, and much quicker than anticipated.
“The challenge of a startup is keeping pace with regulations without depleting company resources. MassMEP and CyberSaint came alongside our team, guiding them through the compliance standards and leading us to a level of preparedness matching our commitment to excellence. Without their expertise and support, we would not be where we are today,”
Sarah Haig, COO of Silverside Detectors.
Silverside presently manages the CyberStrong SaaS Platform on its own and has at its disposal priorities on how to remediate going forward through 2018. Thanks to CyberSaint and MassMEP’s DFARS cybersecurity program, Silverside Detectors successfully addressed the NIST SP 800-171 requirements and is empowered to proactively address cybersecurity measures as the company grows.
CyberSaint Security empowers organizations to implement automated, intelligent cybersecurity compliance and risk management that enables measurement, enhances communication and improves cybersecurity resiliency. The CyberSaint team’s intellectual DNA winds deeply through the academic, tech, and investment communities in Boston, the White House, RSA, IBM, EMC, MIT, Harvard, University of Cambridge, KPMG and others.
Massachusetts Manufacturing Extension Partnership (MassMEP), part of the national NIST MEP system, is a leading resource for manufacturers. Committed to success in manufacturing, MassMEP transforms companies through solutions focused on innovative growth, operational excellence, and workforce development. The organization cultivates a sustainable community built on supportive relationships, idea sharing, achievement, and next-generation manufacturing. For more information, visit www.massmep.org.
A collaboration between the Worcester-based Massachusetts Manufacturing Extension Partnership and Burlington cybersecurity firm CyberSaint seeks to help the state’s manufacturers doing work for the government better secure their information. In an interview, MassMEP Director of Growth Services Tom Andrellos spoke about the importance of cybersecurity in manufacturing in the 21st century.
Why is cybersecurity important in manufacturing?
Manufactures are unfortunately targets of hackers and attackers. Companies have become increasingly reliant on computer systems to vertically integrate product designs, manufacturing processes, cost structures, supplier networks and proprietary information throughout their supply chain. This information becomes potentially destructive and valuable information to competitors, agencies and governments around the world. A strong cyber security practice to risk mitigate these threats are crucial to the manufacturing operation to:
- Defending your company’s vital data and information
- Preventing theft or damage to your infrastructure, equipment and systems
- Avoiding major disruptions to operations and delivery of products
- Protecting your employee’s personal information
- Shielding your organization from negative publicity
Does this disproportionately affect manufacturers?
According to a recent report from the U’S. Department of Homeland Security, manufacturing is the second highest industry with the most reported cyber attacks, only subsequent to health care.
Is this a problem particularly for manufacturers doing work for the government?
The short answer is no. All type of companies in all industry sectors are open to cyber attackers and must take this threat seriously. Based on a report the top five industries at risk of cyber attacks are health care, manufacturing, financial services, government and transportation.
When did this start becoming a problem in manufacturing?
My guess this has been going on for some time. However, over the recent years the technology and hackers are becoming more sophisticated, so it’s a consistent challenge to keep up with protecting and securing our information. As cyber criminals increasingly target manufacturers, the FBI now estimates that over $400 billion worth of intellectual property leaves the U.S each year. As we move forward this issue, it is not going away. Manufacturers must ensure cyber security is part of their annual budgets. They need to initiate supply chain compliance (you’re as good as the weakest link) and work with experts to help them identify gaps, corrective actions and plans to secure critical information.
How many Mass. manufacturers do work for the government?
It’s been estimated (2016 data) that Massachusetts defense industry network of supplier is approximately 1,800 out of the total 7,500 manufacturing companies. This ranges from our large OEM’s such as Raytheon and General Dynamics to small manufacturers of sub assemblies, sheet metal, machine parts, electronics, power supplies, etc.
How does this partnership with CyberSaint address that issue?
The partnership MassMEP has established with CyberSaint was developed to address and focus on specific industries like the defense and homeland security. The National Institute of Standards and Technology (NIST) created the cyber security framework to provide organizations with guidance on how to prevent, detect, and respond to cyber attacks. NIST required all Department of Defense manufacturers that process, store or transmit controlled information to meet the Defense Acquisition Regulation Supplement minimum security standards, or risk their future business if not in compliance with the standards. These standards must be implemented at the contractors and all levels of their supply chain utilizing the security guidance in the NIST security requirement handbook. This was a major task for many of our clients at MassMEP to navigate the process of assessing a most critical area of risk. MassMEP recognized that partnering with an expert like CyberSaint to help our clients navigate through the process addresses the issue and provides a cost effective risk mitigation plan that meets cybersecurity requirements and sustains business.
This interview was conducted and edited for length and clarity by WBJ Staff Writer Zachary Comeau.
By John Killam, Center Director, MassMEP
MassMEP is an economic driver committed to manufacturing growth. We add sustainable jobs and grow top line revenues for Massachusetts manufacturers.
When you partner with MassMEP, you are teaming up with experts who can help unleash your company’s growth potential. We work with your team to analyze your company’s needs, and then help develop and implement a sustainable roadmap to improve your company’s top and bottom lines.
MassMEP creates economic impact by transforming manufacturing enterprises and the manufacturing ecosystem. We specialize in helping businesses achieve operational excellence, develop workforce strategies aligned with your markets, and create innovative growth solutions that are strengthened by leveraging strategic public/private relationships that share a common goal: to secure America’s future through manufacturing innovation, education, and collaboration.
Case Studies: Silverside Detectors
Silverside Detectors had trouble finding qualified suppliers to bring their product from idea to commercialization. They also needed a better understanding of which markets to target.
MassMEP experts were brought in to help Silverside Detectors move forward in a timely manner. They provided mentoring, quality contacts, and quick access to a viable supply chain.
MassMEP provides Massachusetts manufacturers with the resources they need to prepare for success in today’s advanced manufacturing environment. With real-world experience and expertise, MassMEP project managers have the unique ability to help manufacturers identify, analyze, and overcome strategic, operational, and workforce challenges that may be blocking their path to growth and success.
We are an innovative, collaborative organization that helps small and medium manufacturers and businesses. We are the expert connector – we can connect you to business development opportunities, funding sources, and manufacturing knowledge. Best of all, we offer three things no other agencies can:
- Knowledge of and connections to all Manufacturing USA institutes
- An approach tailored specifically for your business
- Support from the National MEP Network
MassMEP is the official representative of the MEP National Network in Massachusetts. The Network is a unique public-private partnership that delivers comprehensive, proven solutions for manufacturers.
Strengthened by the collaboration of 51 MEP Centers and 14 Manufacturing USA Institutes, MassMEP has successfully launched projects to expand the manufacturing capabilities of SME’s, initiated statewide workforce development training, and raised awareness that has led to sustainability and collaboration.
Fourteen different public-private manufacturing innovation institutes comprise Manufacturing USA. The Manufacturing USA institutes focus on moving promising, early-stage research into proven capabilities ready for adoption by U.S. manufacturers. Collaboration at the Institutes and across the network creates an innovation community ushering in the next generation manufacturing supply chains located in America and employing Americans.
What does Manufacturing USA mean for Massachusetts?
Massachusetts has made a substantial commitment to develop the Manufacturing USAinfrastructure within Massachusetts’ academic, research, and manufacturing industries through its M2I2 program – Massachusetts Manufacturing Innovation Initiative. M2I2 advances innovations and job growth within the state through cross-collaboration among companies, universities, national labs, government, incubators, accelerators, and other academic and training institutions. Some of the exciting partnerships currently active include:
Advanced Functional Fabrics of America (AFFOA)
Headquartered in Cambridge, MA, and providing connections to MIT, UMass (Lowell, Amherst, and Dartmouth), AFFOA is accelerating widespread commercialization of highly functional fabrics. Recent breakthroughs in fiber materials and manufacturing processes are on the verge of creating and producing interactive fabrics that see, hear, sense, communicate, store, and convert energy, regulate temperature, monitor health, and change color.
National Institute for Innovation in Manufacturing Biopharmaceuticals (NIIMBL)
By working with Worcester Polytechnic Institute (WPI), UMass, MIT, and Quincy Community College, NIIMBL (headquartered at the University of Delaware) is advancing the country’s leadership in the biopharmaceutical industry while fostering economic development, improving medical treatments, and building a qualified workforce. Traditional pharmaceutical production relies on chemistry to create medical treatments. Biopharmaceutical production relies on biology—living cells produce the treatments or their components—which requires a complex manufacturing process. Biomanufacturing is used to produce many widely used treatments for a growing number of health conditions such as cancer, autoimmune disorders and infectious diseases—and generates billions of dollars in revenue worldwide. However, innovation is needed to allow more rapid and flexible production to meet healthcare demands and ensure U.S. leadership in the industry.
Advanced Tissue Biofabrication Manufacturing USA Institute (ATB)
Led by the Advanced Regenerative Manufacturing Institute (ARMI) and based in Manchester, NH, the ATB partners with WPI, MIT, Boston University, and Harvard. This institute will develop next-generation manufacturing techniques for repairing and replacing cells and tissues, which may one day lead to the ability to manufacture new skin for soldiers scarred from combat or develop organ-preserving technologies to benefit Americans waiting for an organ transplant.
Be sure to check out the MassMEP 2018 Annual Impact Report to see our results over the past year.
SAVE THE DATE: Manufacturing Our Future Summit, October 4, 2018
We have an exciting program in the works for October 4, 2018. MassMEP presents the Manufacturing Our Future Symposium featuring the Manufacturing USA Institutes and manufacturing growth opportunities.
You can read more about this event at our Event Website.
The latest news and information about Massachusetts manufacturing, workforce development, sustainability, lean methodologies, business development, and more — from your business partner, MassMEP.
- WHAT DID YOU MISS IN SAFETY COMPLAINCE FOR 2018? 02/13/2019
- Manufacturers Face an Increase in Cyber Attacks in 2019 01/31/2019
- MassMEP and ToolingU-SME Combine Efforts to Expand Workforce Education for Manufacturing Firms 01/15/2019
- OSHA Recordkeeping Updates 01/07/2019
- Challenges and Solutions for Workforce Development 01/03/2019