Protecting Small Businesses One Company at a Time
As our world has gotten ‘smaller’ due to the advanced technology we all rely upon, the proverbial ‘front lines’ of the battlefield have changed. These lines of demarcation are no longer just for the infantry; acquisition organizations and acquisition professionals are positioned squarely ‘at the front’ supporting our warfighters. Every company within the U.S. Government (USG) acquisition chain, including every small business within the Defense Industrial Base (DIB), is relied upon to defend our nation through the secure technologies they build and deliver to the USG.
And there are no small players within the supply chain. Every product development lifecycle begins with acquiring components that will comprise a finished product (deliverable), and the veracity of the components determines the security of the deliverable. If even one original component is compromised, the entire system is compromised, and our national security is put at risk.
A single ‘link’ in the chain may not feel their decisions can make or break the nation’s security, but that is exactly the risk that comes with nearly every online action taken. The threat is real, and nation states, international hacking syndicates, and other threat actors cast a wide net to find any inherent weakness – attempting to compromise one seemingly innocuous small component in a major system that they can manipulate.
According to global data and business intelligence leader Statista, there were 115 claimed supply chain attacks in the United States in 2022. Overall, supply chain attacks saw a year-over-year increase of 37 percent between 2021 and 2022. These alarming statistics should serve as a wake-up call to anyone in the acquisition industry that does not believe they are a target.
Fortunately, organizations like DAU exist to train acquisition professionals on best practices to secure the chain and to mitigate inherent risk. In a blog earlier this month, General Duke Richardson (Commander of Air Force Materiel Command) emphasized the need for early technology insertion and improved digital methods across the entire materiel life cycle to both speed development and improve security. When leadership ‘gets it’ and emphasizes best practices, we are all the better for it.
The entire DIB and USG must continue to look for cost effective ways to ensure the integration of cybersecurity best practices across the development lifecycle. To that end, the Department of Defense sponsors a no-cost-to-the-user cybersecurity platform called Project Spectrum (https://projectspectrum.io). Sponsored by the U.S. Department of Defense (DoD) through the Office of Small Business Programs (OSBP), Project Spectrum provides a comprehensive suite of tools, training, and resources for small businesses, organizations, DIB companies, or any entity that wants to implement/bolster its cybersecurity preparedness.
Project Spectrum employs leading experts in the cybersecurity industry and makes them available to every registered user at no cost. By joining Project Spectrum, you will have one-on-one consultation access to these cybersecurity ‘gurus,’ as well as to the myriad tools and best practices within the platform that can help a user better comprehend and adopt security best practices, how to recognize and mitigate threats, and how to improve an organization’s overall cyber hygiene.
Project Spectrum’s intention is to secure the DIB one business at a time. Their overarching mission is to make networks more secure by leading users through network security assessments that evaluate the current level of NIST / CMMC compliance. If you are a small business that needs to achieve a specific level of compliance to bid on current/future government contracts, Project Spectrum will provide you with the knowledge and tools necessary to make infrastructure changes and develop the documentation required to reach that level.
In addition to cybersecurity experts, Project Spectrum offers a myriad of online courses you can take at your own pace to improve your cybersecurity knowledge. The platform also provides vendor-agnostic cybersecurity tool evaluations that can inform decisions on available software and hardware that can improve a company’s security posture.
To reiterate, Project Spectrum costs you nothing yet provides vast resources on cybersecurity best practices that will better inform your decisions going forward. Simply visit the website to see what is available; if you are intrigued, you can take advantage of free registration and begin a no-cost cybersecurity compliance and enhancement journey that will make your business more secure, as well as ensure the security of the supply chain and our nation.
ATTENTION: As part of the fall 2023 Small Business series, DAU will be hosting a webinar on 25 October at 1:00 ET with Project Spectrum. Please attend the webinar to learn more about Project Spectrum - the comprehensive cybersecurity resource that provides state-of-the-art cybersecurity tools and training aimed toward improving the overall cyber hygiene of the Defense Industrial Base (DIB). For more information on the event and to register visit the DAU Event Page at https://www.dau.edu/events/fall-small-business-series-project-spectrum-oct-25-2023