Univerity of Utah Manufacturing Extension Partnership and Procurement Technical Assitance Center to help Utah companies meet new federal cybersecurity requirements

The University of Utah Manufacturing Extension Partnership Center and the Procurement Technical Assistance Center are partnering to host two cybersecurity workshops on Tuesday, August 29 at Salt Lake Community College Miller Campus and at Weber State University Davis Campus.

As of Dec. 31, 2017, all Department of Defense (DoD) contractors, including small businesses, are required to meet minimum cybersecurity requirements or risk losing government business. More than 268 Utah businesses contracted with the DoD in 2016, and many are not aware of the updated security guidelines to which they must comply.  

“Cyberattacks are an international, national and local problem,” said Chuck Spence, director of Utah PTAC. “This workshop is very timely. Small businesses are not immune and must take precautions to protect themselves against data breaches.”

According to IBM, small and medium-sized businesses are hit by cyberattacks 4,000 times a day. The U.S. National Cyber Security Alliance found 60 percent of small companies are unable to sustain their businesses over six months after a cyberattack. 

“Small businesses in every sector have become targets of cyberattacks because they are seen as an easy point-of-entry into larger businesses and government agencies,” said Theresa Drulard, MEP Center director. “Our upcoming cybersecurity workshops will be informative and useful for everyone—especially businesses interested in DoD contracts, and for those without a cybersecurity plan.”

The federal government published new cybersecurity guidelines as a result of the increased concerns over cyberattacks. The requirements are outlined in a publication from the National Institute of Standards and Technology (NIST) and fall into 14 areas with specific security requirements that must be implemented as documented in “NIST Special Publication 800-171.” Categories include:

  • Access control                    
  • Awareness & Training                
  • Audit & Accountability                
  • Configuration Management            
  • Identification & Authentication            
  • Incident Response                
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System & Communications Protection
  • Systems & Information Integrity                    

According to NIST, 55 percent of small and medium-sized businesses have experienced a data breach or cyberattack, 43 percent of all spear-phishing attacks are targeted at small businesses, and $38,000 is the average cost for a small business to overcome a data breach.
The MEP-PTAC cybersecurity workshops will include a special guest from NIST, Pat Toth, who was directly involved with documenting cybersecurity requirements, and cybersecurity experts who will discuss how to comply with the new guidelines.

Register for the workshop at Weber State University, Davis Campus
Register for the workshop at Salt Lake Community College, Miller Campus
The full NIST Special Publication is available here: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf