In October, Exostar sponsored a roundtable discussion as part of Aviation Week’s AerospaceDefenseChain conference. We gathered over 40 executive-level representatives from primes to Tier 2 suppliers to discuss the upcoming implementation of NIST 800-171 standards. This led to a lively conversation about the challenges both large and small companies are facing when trying to meet supply chain cybersecurity requirements.
Challenge 1: Understanding CDI
The purpose of the NIST 800-171 security requirements is to protect “Covered Defense Information,” or CDI. However, the roundtable participants agreed that they lack a clear definition of CDI. They are looking for more specific guidance, and a sense of absolutely must be keep secure. As one participant stated, “For the regulations to be effective, the government really needs to say what’s most important.”
Challenge 2: The Cost of Compliance
Although the primes are responsible for flow-down of supply chain cybersecurity, the participants noted that small and mid-sized organizations can struggle with meeting these requirements. They have fewer resources to seek out information and implement solutions. In addition, there are very few vendors providing cost-effective solutions that apply to smaller suppliers.
Challenge 3: The Human Factor
The participants also discussed that although the regulations specifically address supply chain cybersecurity, many leaks happen through human error. Technological advancements won’t keep anything secure if the people working with sensitive information are not trained properly.
So, how do organizations overcome these challenges? Some primes are helping their suppliers to address supply chain cybersecurity. Other enterprises are turning to third-party experts to outsource their security activities. All agreed that the emphasis should be on keeping information secure, over and above simple compliance.
Of course, the roundtable discussion covered more than these three challenges. For a deeper dive into the conversation, check out the post-event report, “The Clock is Ticking on Supply Chain Cybersecurity,” by Tam Harbert and Michael Bruno of Aviation Week Network.