Cybersecurity Requirements Looming for Michigan Manufacturers


Cybersecurity guidelines required by the Department of Defense (DoD) are likely to have an enormous impact on the 800 Michigan manufacturers that received a DoD contract in 2016. By December 31, 2017, all DoD contractors (including small businesses) must meet minimum cybersecurity requirements or risk losing DoD business. Alarmingly, most manufacturers aren’t even aware of the looming deadline or what they must do to comply.


“As we talk to small and medium-size manufacturers across the state, very few have heard of the DoD’s cybersecurity regulations,” said Elliot Forsyth, Vice President of Business Operations at the Michigan Manufacturing Technology Center (The Center). “Time is going to become a major factor, as these companies will need to complete an information security assessment, remediate any issues, and establish a plan for monitoring and reporting—all before the end of the year. Also a factor is the scope of the regulations that are far beyond the basics like having a firewall,” Forsyth said. “Many of these requirements, such as data encryption and multifactor authentication, simply are not found in an everyday manufacturing environment.”

The standards are outlined in a publication from the National Institute of Standards and Technology (NIST) and fall into 14 areas with specific security requirements that must be implemented as documented in “NIST Special Publication 800-171.” The categories include:

  • Access Control
  • Awareness & Training
  • Audit & Accountability
  • Configuration Management
  • Identification & Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System & Communications Protection
  • Systems & Information Integrity

“As the NIST affiliate in Michigan as part of the Manufacturing Extension Partnership (MEP) program, The Center is very familiar with the requirements,” said Forsyth. “We have assembled a team of cybersecurity experts to offer a comprehensive process that encompasses four steps:  discovery, remediation, test and validate, and monitoring/reporting. After an initial assessment, the team then tailors a plan specifically for each client’s internal capabilities, budget and time sensitivity.”

Failure to comply with these cybersecurity standards could have an enormous impact on manufacturers across the state. Consider the size and scope of defense-related business in Michigan:

  • Total employment of nearly 100,000.
  • Michigan’s Defense Sector produces $9 billion in products and services annually.
  • Nearly $2.5 billion in defense-related prime contracts were performed in the state (2014).
  • 70% of everything a soldier shoots, drives, flies, wears, eats, or communicates with has a component that is contracted in Michigan.

Increasing the potential impact on manufacturers is the fact that the General Services Administration (GSA) and NASA also have similar cybersecurity requirements that must be met by the end of this year. The number of manufacturers potentially affected swells to more than 2,100 when taking into account contracts with those two federal agencies.

“There is no question that cybersecurity is a focal point for the Department of Defense and all major industries,” said Jennifer Tisdale, Cyber Mobility Program Manager for the Michigan Economic Development Corporation (MEDC). “With an increasingly complex and interconnected industrial base, safe-guarding manufacturing supply chains is becoming more important than ever.

“Manufacturing is the largest sector of the Michigan economy, representing more than 21 percent of the gross state product,” said Tisdale. “Additionally, there are 11,400 manufacturers in Michigan, which is nearly one of every 20 manufacturing companies in America, and they employ 14 percent of our workforce.”

“There is an incredible wave of innovation and evolution sweeping the manufacturing industry, and it’s being powered by technology and connectivity,” noted Forsyth. “With these advances, there must be an increased focus on information security, as there are tremendous competitive advantages that come with such new developments, but there are also additional areas of responsibility and concern that can be far-reaching.

“For the past 25 years, we have worked tirelessly to support our state’s small and medium-sized manufacturers, and now we are expanding our services to meet a critical and growing need for guidance and direction related to cybersecurity,” said Forsyth.

“Our goal is to ensure that Michigan’s manufacturers have access to cost-effective solutions that will enable them to remain competitive on a global scale,” Forsyth said. “These services have a direct impact on the viability and success of businesses across the state.

“As much as this is manufacturing issue, it really is more than that,” added Forsyth. “Cybersecurity is paramount to our nation’s security and our military’s viability.”

Forsyth is leading The Center’s new cybersecurity practice area, which provides information security assessment, remediation and regulatory compliance. The Center’s cybersecurity practice area adds to the in-depth consulting services for clients, including Growth Services, Operational Excellence (including Quality Systems, Lean and Six Sigma), Leadership Development, Skill Development, Accelerating Technology, Research Services, and Food Processing.

The Center will host an informational session for area manufacturers on Tuesday, February 14, from 8:30am to 11:30am. The event will include special guests from NIST who were directly involved with documenting the cybersecurity requirements. 

View a letter from the DoD’s Office of Small Business Programs
View the full NIST Special Publication

Celebrating its 25th anniversary, the Michigan Manufacturing Technology Center (The Center) is an organization dedicated to supporting Michigan manufacturers to work smarter, to compete and to prosper. The Center offers personalized consulting services to meet the needs of clients in virtually every aspect of their businesses. The Center is affiliated with the National Institute of Standards and Technology (NIST) and is part of the Hollings Manufacturing Extension Partnership (MEP Program). The Center also is closely affiliated with the Michigan Economic Development Corporation (MEDC) with the shared goal of making Michigan businesses vibrant, driving GDP growth, and creating new and lasting jobs. For more information, visit