Skip Navigation
Search

Center for Corporate Education

HOME

IN THE NEWS

COPING WITH COMPLIANCE
Defense firms facing new U.S. Cybersecurity rules

By Ken Schachter
kenneth.schachter@newsday.com

As seen in Newsday LI Business Section
December 11, 2017

 

The clock is ticking for Long Island defense contractors facing a year-end deadline to meet new federal cybersecurity standards.

  Patricia Malone, Executive Director, Center for Corporate Education at Stony Brook UniversityStony Brook University's Patricia Malone says firms can get help to comply with the new requirements.

Companies that fail to comply risk being cut out of the supply chain, Boeing Co. executive Camille Geiger told industry representatives last week at a conference at LIU Post.

Plan Ahead

Prime contractors like Boeing will be barred from dealing with suppliers that don’t meet the standards, she said. “Be sure you have everything in place and are ready to go January 1,” she said at the conference, which was organized by Rep. Thomas Suozzi (D-Glen Cove).

Although Long Island’s heyday as a center of defense and aerospace manufacturing has passed, hundreds of such companies remain in the region. Suozzi said his 3rd Congressional District on the North Shore ranks No. 1 in the state, drawing $1.7 billion a year in defense contracts directly from the federal government. Hundreds of millions more come to Long Island through subcontracts with prime contractors.

Robert Botticelli, chairman of ADDAPT, a trade group that advocates for LI aerospace and defense contractors, said the regulations “will be a financial strain” for some companies but can’t be avoided. “Virtually every aerospace and defense company on Long Island has to deal with it,” he said.

Some companies may be able to get help through the Center for Corporate Education at Stony Brook University, which can provide government funding. We “can offset the cost for some of these companies,” said Patricia Malone, executive director of the CCE. She has set a cybersecurity breakfast for manufacturers on Thursday that will also cover the requirements.

One of the companies grappling with the new regulations is CPI Aerostructures Inc., an Edgewood aerospace manufacturer with about 250 employees. Chief executive Douglas McCrosson said the company has spent about $150,000 to meet the new standards.

Many steps to take

“It wasn’t inconsequential,” he said. “There was equipment we had to buy. There was more protective software we had to utilize. We had to change almost every aspect of how we access work on the internet. It was really extensive.”

The new security standards require the safeguarding of contractor information systems that process, store and transmit federal contract information.

As a Tier 1 supplier, CPI sells directly to prime contractors like Boeing and Northrop Gumman Corp. But the firm also has suppliers who themselves have suppliers. “There are three or four tiers in the supply chain,” McCrosson said, and every level has to be in compliance.

Typical practices

Among the practices CPI has adopted: Users are barred from accessing online data storage sites like Dropbox and iCloud; laptop hard drives are encrypted; and computers require two-factor authentication such as a password and a code transmitted to the user’s mobile phone. The company is also seeking to improve employee awareness by sending out fake emails like the ones used to trick users into revealing personal information.

Steven Kuperschmid, co-chair of the cybersecurity/data privacy group of Ruskin Moscou Faltischek in Uniondale, said lawyers can have a role in establishing cybersecurity policies. “I don’t think you can do cybersecurity effectively with just a technologist,” he said. “Determining regulatory compliance is a lawyer’s job.”

Despite the resources required, McCrosson said the standards are needed.

“Some regulations we feel are onerous,” he said, “but cybersecurity is a real threat, not only to the defense industrial base, but to the national interest . . . It’s scary out there.”

He said expert hackers are targeting defense contractors.

“These are not kids in their basements goofing around,” he said. “These are largely state actors trying to get designs. They figured out long ago that prime contractors have better defenses” and target companies farther down the supply chain.

“You’re only as strong as the weakest link,” he said.

Login to Edit