By Chris Mitchell, vice president, global government relations, IPC
The U.S. Department of Defense’s new cyber security standards for defense contractors are creating significant costs and uncertainties for electronics manufacturers, but industry leaders are trying to make it work, according to participants in IPC’s North American Executive Forum call on January 6.
When fully implemented over the coming year, the DoD’s Cybersecurity Maturity Model Certification (CMMC) program will require cyber security certification for all contractors doing business with DoD, including contract bidders, subcontractors, and companies that sell commercial products or services to DoD. A non-profit governing organization, the CCMC Accreditation Body (CCMC-AB), will certify third-party inspectors who will then certify companies/businesses/contractors against the various CMMC standards/levels.
However, cyber security expert Leslie Weinstein told IPC members the DoD’s implementation of the CMMC program has been plagued by confusion since it was launched as a pilot program last January. Deadlines have been missed and reliable information has been lacking, Weinstein said. In the months ahead, more uncertainties may arise as the Biden administration takes charge at DoD and the program is potentially expanded to cover other federal agencies.
An instant poll conducted during the call underscored the industry’s concerns. Of the 47 industry leaders who responded, 30% said the U.S. defense market constitutes more than 50% of their business. Sixty percent said their companies would seek CMMC certification despite the costs and difficulties, but 62% said the program will likely result in shrinking the U.S. defense electronics industrial base. More poll results can be found here.
IPC will continue to advocate for the industry’s interests in the CMMC program and to help with industry compliance efforts, including new educational resources and webinars slated for later this quarter. Click here to access a prior IPC webinar featuring Leslie Weinstein, and don’t hesitate to contact me if you have questions or suggestions.