Issue link: https://iconnect007.uberflip.com/i/1472190
JULY 2022 I SMT007 MAGAZINE 81 By Zac Elliott Securing intellectual property has become a priority for man- ufacturers, and recent reports from the U.S. and EU govern- ments highlight the risks and direction for securing the supply chain. In Febru- ary, the U.S. Department of Homeland Security pub- lished an assessment of supply chains support- ing electronics manufacturing 1 . Following closely in March, Europol released the 2022 Intellectual Property Crime Threat Assessment report 2 , bringing attention to the risks counterfeit electronic compo- nents pose to supply chains. Then in April, the direc- tion for the U.S. Department of Defense Cybersecu- rity Maturity Model (CMMC) program became clearer as NIST released a draft of Special Publication 800- 82 3 , which serves as the framework for securing operational technology within the defense contrac- tor network. Let's look at some of these recent pub- lications and how they affect manufacturers. Intellectual Property Security The CMMC program is an initiative to improve information security within the U.S. defense con- tractor network. The program has been ongoing for a few years, but last November, the Department of Defense announced plans to clarify and enhance the program in an update dubbed CMMC 2.0. The goal of the update is to make CMMC a program that can be implemented by the entire defense indus- trial base, including smaller subcontractors that may not have expertise in cybersecurity. Three key components of the CMMC program are: • Contracts with the U.S. Department of Defense that include clauses requiring security for controlled unclassified information (CUI) • Security frameworks and guidelines built on NIST standards and publications • Third-party auditing of the CMMC controls implemented at manufacturers Securing information is not necessarily a new topic for most manufacturers. Security controls Lean Digital Thread: The Secure Digital Thread around information technology (IT) processes are generally in place for most publicly traded compa- nies to adhere to financial regulations, and ongoing concerns about malware and hacks lead most orga- nizations to keep their network secure from exter- nal threats. Even smaller companies can leverage outsourced IT contractors and cloud-based systems to have a well-managed, secure infrastructure. Of course, exploits occur, companies get hacked, and intellectual property is stolen, but not because we do not know how to secure IT systems. It is usually the case that some generally accepted control was not implemented, or social engineering was used to exploit the organization. What may be a new challenge for manufactur- ers is the requirement in CMMC 2.0 to secure the operational technology (OT)—the machines and processes building the products. Typically, these machines are on segregated "unmanaged" net- works that fly under the radar of traditional IT secu- rity. But with CMMC 2.0, manufacturers will need to implement similar security controls in this relatively uncontrolled environment. To read this entire column, click here.