Issue link: https://iconnect007.uberflip.com/i/1440051
48 SMT007 MAGAZINE I JANUARY 2022 Feature Article by Divyash Patel MX2 TECHNOLOGY I have good news for small manufacturers looking for ways to stand apart from the com- petition: By delaying the launch of the Cyberse- curity Maturity Model Certification (CMMC), the Department of Defense (DoD) may have done you a favor. ey've handed you a gold- en opportunity to zig when everybody else is zagging. If your competitors are small- and mid-sized businesses that supply the DoD, their concerns aren't too different from yours. ey're proba- bly aware that CMMC requirements are com- ing, but that's an IT issue, so it's not a top-of- mind concern—especially compared to labor shortages, supply chain issues, inflation and so on. ey know that cybersecurity is impor- tant, but it's tangential to operations—like hav- ing locks or alarms on the building. Sure, this CMMC stuff is coming, but it doesn't seem ur- gent. Whenever a deadline gets close, there is another delay. It is as if there was a regulatory hurricane forming somewhere out in the open ocean; it might be headed our way, so we will keep half an eye on it and hope it dissipates or turns before making landfall. As everyone knows, waiting until the hurri- cane has knocked out a good part of the local power grid is a poor time to go shopping for a generator. While the DoD works out the details and timing of CMMC 2.0, its basic, foundational elements are easy to predict. As Bob Dylan put it, "You don't need a weatherman to see which way the wind blows." Eventually, and well be- fore the deadline, CMMC requirements will make their way into more and more federal contracts. Clearly, those companies that have moved toward compliance already will have a much easier time certifying, but compliance is not the only business benefit to cybersecurity. As strange as it might sound, certification itself might be the least important—for now, any- way. Your advantage will come from simply un- derstanding, documenting, and establishing Don't Hit the Snooze on Cybersecurity