Many Michigan manufacturers rely on government contracts for many different reasons. Some manufacturers leverage them to grow their business while others will use them to diversify the products that they produce. New regulations though, winning government contracts a little tougher. Or at least force Michigan manufactures to take a little deeper look into their cybersecurity.
New mandates on government contracts that are set to take effect December 31 of this year may cause manufacturers to find themselves shoveling out money to keep up with new cybersecurity policies. The upkeep is estimated to range a few thousand dollars to update company policies and up to $40,000 if a manufacturer’s security equipment needs to be updated. These include access control protocols of sensitive information, maintenance of security systems, and even an increase of the company’s physical security of their server room. You can find the new requirements in the National Institute of Standards and Technology (NIST) Special Publication 800-171.
These new mandates are specifically associated with the Department of Defense, National Aeronautics and Space Administration (NASA), and the General Services Administration. The governmental units often deal with confidential or classified assignments and while they may of strong protocols to protect sensitive information, those contracted to manufacture products using that information are not always as stringent about cybersecurity.
Although the new regulations are well known across the industry, many companies fulfilling government contracts are not adhering to the recommended federal guidelines, nor do they seem to have a sense of urgency to make the changes. Beginning in 2018 though, the US Federal Government will be asking about cybersecurity protocols and not complying will be an automatic disqualification from being awarded the contract.
According to 2016 IBM X-Force Research, a cybersecurity intelligence index, the manufacturing industry ranked as the second most attacked sector in 2015. The first most attacked sector was the healthcare industry. Some manufacturers are already adept to working on classified assignments provided by government contracts, however, the pressure is now on those working on unclassified, but sensitive, materials as cybersecurity threats rise. The new requirements, announced in December 2015, are intended to mitigate the threat of cyber-attacks in the US and protect sensitive information in unclassified documents.
These regulations should not be a deterrent to working with government contacts. There is a very good chance that the increase in revenue and profits from government contracts can easily surpass the increase cost of cybersecurity. At the same time, having strong cybersecurity protocols in place can protect your Grand Rapids manufacturing business’ trade secrets and prevent potential breaches of your customers’ private information. It is also a great way to increase the value of your business if you plan on selling it. A potential buyer would it attractive that you are protected but that your business could pursue those federal government contracts.
If you are a Michigan manufacturer that works with government contracts and want more information on if you are going to be prepared for this change, or if you are a manufacturer that would like to find out more information about government contracts and all the benefits of them, contact The Business Law Group through our website or give us a call at 616-528-0007.