Issue link: https://iconnect007.uberflip.com/i/1411055
SEPTEMBER 2021 I PCB007 MAGAZINE 9 panies do not have cybersecurity-qualified staff on site. is issue, however, is about streamlining your processes, so how does all this cyberse- curity talk fit in? In the 21st century, stream- lining processes almost always means an in- creased digital presence. at theme, we find, is scattered throughout all the process-relat- ed content in this issue. Whether it's a digital- ly optimized bill of materials, or increased au- tomation in the manufacturing process, digital is pivotal. And since these process improve- ments rely increasingly on digital formats, data security becomes paramount. In fact, I'm reminded of a manufacturing company hit by a ransomware attack. e point of entry into the company network? An unsecured computer controlling line equip- ment on the manufacturing floor. Data securi- ty is our collective responsibility, not the gov- ernment's, and not the cloud services'. Data se- curity is not simply a DoD requirement, either. Our customers should never question whether their intellectual property is safe in the hands of their manufacturing chain. No, we all have a part to play in this. What isn't quite so clear is how we're going to get there, and who's going to pay for it. PCB007 References 1. "Top cloud providers in 2021: AWS, Microsoft, Azure, and Google Cloud, hybrid, SaaS players," zd- net.com, April 2, 2021. 2. CMMC FAQ's, Office of the Under Secretary of Defense for Acquisition and Sustainment. 3. CMMC Standards for Defense Contractors, by Jacqueline von Ogden, CIMCOR, Oct. 8, 2020. 4. "Survey: Reasons U.S. Electronics Manufactur- ers May Exit Defense Market," June 9, 2021. • e CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements. • e goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels. • Authorized and accredited CMMC ird Party Assessment Organizations (C3PAOs) will conduct assessments and issue CMMC certificates to Defense Industrial Base (DIB) companies at the appropriate level. is touches virtually all of the industry, "anyone who wants to do business with the DoD will need to be certified under CMMC. Subcontractors aren't exempt—every organi- zation throughout the supply chain will need some level of certification" [3] . ere are examples of similar "whole sup- ply chain" programs, of course. Intel's Copy- Exact program (for fit, form, and functional in- terchangeability, not specifically data security) started over 20 years ago and was successfully instituted in Intel's supply chain. It's my opinion that Apple's supply chain program will be not unlike CopyExact, except concentrating on se- curity and traceability. ere will, however, be costs associated for each participating compa- ny. And that could be a problem. In June, IPC issued a press release regard- ing an IPC survey that indicated U.S. elec- tronics manufacturers may exit the defense market due to the high costs associated with CMMC [4] . In this survey, 24% of EM respon- dents said the costs and burdens of CMMC may force them out of the supply chain. In ad- dition, 41% stated that applying this CMMC requirement will cause problems for their suppliers in their supply chain. IPC reported that the DoD's estimate for the cost to reach mid-level CMMC compliance is more than 77% of the respondents are willing to spend. And IPC points out that many smaller com- Nolan Johnson is managing editor of PCB007 Magazine. Nolan brings 30 years of career experience focused almost entirely on electronics design and manufacturing. To contact Johnson, click here.