Cyber Blog from the MEP National Network Summit

By: Mark Troppe and Fiona Baxter

We had the pleasure of attending the MEP Summit in Atlanta on September 15-18, and there was a strong presence there of folks working on cybersecurity efforts and presenting information relevant to OEA grantees working on cybersecurity. We thought it would be helpful to share some of our key take-aways from that event.

One of the many highlights was the presentation made by Katherine “Katie” Arrington who is currently serving as the Special Assistant to the Assistant Secretary of Defense for Acquisition, ASD(A), for Cyber. In this position, she serves as the central hub and integrator within the Office of the Under Secretary of Defense for Acquisition and Sustainment, OUSD(A&S), to align acquisition cyber strategy.

Her presentation included discussions about the new DoD Cybersecurity Maturity Model Certification (CMMC) Program being developed, with planned implementation by early 2021. Some key insights:

• CMMC does not currently negate or supersede the current DFARS requirement;
• NIST MEP is working with DoD to learn evolving details of this future new policy, including implications of its implementation, and will share with the network as more information becomes available.

This Summit had about 600 attendees, including many OEA grantees working at MEP Centers. Sessions offered topics of interest on automation, advanced technologies (robotics, additive manufacturing, etc.), and Manufacturing 4.0; industry specific strategies such as data analytics or digital supply chain for the food or medical devices industries; university partnerships to advance innovation; and of course, cybersecurity. The cyber sessions addressed cybersecurity services and practices in various MEP centers and states, leveraging partnerships, working with vendors, and a working group discussion about the implications of the Cybersecurity Maturity Model Certification (CMMC) Program. A Request for Information (RFI) was issued for organizations to serve as the Accreditation Authority for the CMMC: http://creconline.org/wp-content/uploads/2019/10/CMMC_RFI.pdf

Dave Stieren from NIST MEP reported that DoD’s Office of the Undersecretary of Defense for Research and Engineering (OUSDR&E) had signed an Interagency Agreement (IAA) providing $1.074M in special project award funding from NIST MEP to MEP Centers to serve cybersecurity needs of small and medium-sized manufacturing suppliers. Funding will run through Dec 31, 2020. Some key points:

• The effort is led by the Michigan MEP and targets serving 1,000+ small defense contractors;
• It will provide nationwide cybersecurity awareness, hands-on technical assistance, and pilot operational technology (OT) protections;
• Collaboration is planned with NIST Labs and the MxD Manufacturing USA Institute in Chicago;
• MEP Center participation is likely to occur in 20 states, in addition to MI: AL, CA, CO, CT, IL, KY, LA, MA, MO, MS, NC, NJ, NY, OH, PA, RI, SC, TX, WA, and WI. This is a subset of the 40+ MEPs involved in the MEP National Network Cyber Working Group or having a cyber practice;
• 19 MEP Centers have received approximately $9M in OEA funding, focused on working with state-based organizations; and
• The effort seeks to improve the current low implementation rates of cybersecurity improvements among defense contractors.

This funding collaboration will advance the effort to develop regional centers with cybersecurity expertise and accelerate the ability of MEP Centers to develop and share materials and approaches with other interested parties. 

NIST MEP convenes the Summit every other year for MEP Center staff, partners, and stakeholders to learn from one another, much like the annual Convening supported by OEA. We are already looking forward to the next Summit and seeing what successes and lessons learned will be shared by MEP Centers and partners next time.

In the meantime, we want to encourage those of you who are OEA grantees to reach out to your MEP Center to learn about opportunities to partner and obtain awareness and training materials. Michigan will be hosting a Train the Trainers Event on October 25 for MEP Centers to prepare to present Awareness events as part of the Cybersecurity for Defense Manufacturers Project. Michigan will also host the first Awareness event under the Project on Nov 22. You can get more information on the event here: https://cybercon.azurewebsites.net/ Future awareness events will also be listed on the previous site, with plans for more than 20 locations across the country.

MEP National Network Summit Presentations

• Manufacturing and the Internet of Things (IoT):
• Cybersecurity for Defense Manufacturers:
• One MEP Center’s Approach to Cybersecurity Services:
• Lessons Learned and Leveraging Partnerships Toward Cybersecurity Compliance:
• Growing MEPs as Cybersecurity Trusted Advisors 
• Cybersecurity: Lessons Learned (Helping Clients Comply with DFARS 7012) 
• Small Manufacturer Cyber Training Across the MEP National Network