Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Small Manufacturer Solves the Cybersecurity Puzzle

A Small Manufacturer Solves the Cybersecurity Puzzle

This article originally appeared on Industry Week. Guest blog post by David Boulay, President of IMEC, a public-private partnership, committed to driving growth through enterprise excellence that is part of the MEP National NetworkTM.

How the Manufacturing Extension Partnership in Illinois helped Atlas Tool Works meet Department of Defense guidelines.

Atlas Tool Works is a small family-owned company that provides specialized machining and turning of tight tolerance parts, precision sheet metal fabrication, metal stamping, and complex engineered assemblies. It has 72 employees, and a long history of commitment to quality and continuous improvement.

Atlas leadership knew they needed to improve their cybersecurity. The company, being part of the U.S. Department of Defense supply chain, was required to comply with the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards or risk losing their DoD contracts. Leaders also realized that improving the company’s overall cybersecurity would protect the confidentiality, integrity, and availability of information.

Understanding the Requirements

Lacking a full-time information technology staff, Atlas Tool Works needed support to decipher the guidelines, perform an assessment, identify gaps, and execute the improvements before the December 31, 2017, compliance deadline.

Atlas contacted the Illinois Manufacturing Excellence Center (IMEC), its local representative for the Manufacturing Extension Partnership (MEP), for assistance.

Using the NIST Cybersecurity Self-Assessment Handbook as a guide, IMEC team members worked with Atlas to decipher and break down the security requirements into understandable steps.

“The [security requirements] were ambiguous as far as how it applied to us specifically,” said Zach Mottl, chief alignment officer for Atlas. “It felt open-ended, so we weren’t sure where to begin.”

Together with Atlas and its contracted IT provider, IMEC determined that Atlas was only 40 percent in compliance with the cybersecurity guidelines. They then set about hashing out an improvement plan—for network setup, policies and procedures, IT system requirements, workforce rules and training—and an implementation timeline to ensure full compliance before the deadline.

 “Going through this process was great for our organization,” said Mottl. “It’s all about developing good habits. In manufacturing there are many procedures in place like ISO [International Organization for Standardization] for the manufacturing operations, but you forget about processes related to information systems.

“The cybersecurity requirements are all about managing risk, protecting data, not letting intrusions in, and notifying the appropriate people when things happen. As a small business, we often create workarounds to simplify our work and with administrative practices in particular. But with the DFARS compliance, that is unacceptable and we now understand how essential that is for our company’s security.”

Atlas executed the implementation plan and now meets the requirements. Key changes as a result of the assessment included server room locks with passcode protection, settings changes on the server and router to track who was accessing files, and creating a log in the server for forensics records. The company also updated its hardware and software, added stricter email encryption, and offered workforce training to understand the new language and security precautions.

Mottl added, “Addressing the DFARS compliance requirements was important for us to become a more robust and secure organization. I know all businesses would benefit from the assessment, not just defense contractors.”

Results

  • Increased cybersecurity compliance from initial assessment of 40 percent to 100 percent compliance in six months
  • Full compliance to DFARS Cybersecurity requirements
  • Increased awareness and participation by staff in information security programs and reporting

 

 David Boulay is President of IMEC, a public-private partnership committed to driving growth through enterprise excellence.

MEP National Network Logo
IMEC is the official representative of the MEP National Network in Illinois. The MEP National Network is a unique public-private partnership that helps small and medium-sized manufacturers generate business results and thrive in today’s technology-driven economy. The MEP National Network comprises the National Institute of Standards and Technology’s Manufacturing Extension Partnership (NIST MEP), the 51 MEP Centers located in all 50 states and Puerto Rico.

 

About the author

David Boulay

Dr. David Boulay is President of IMEC, a public-private partnership, committed to driving growth through enterprise excellence. In this role, Boulay centers his passions on the intersection between...

Related posts

Comments

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.