New software tool to help manufacturing companies meet complex cyber security standards

Researchers at the University of Illinois at Urbana-Champaign have created a new software tool that will help companies, including manufacturers, improve the security and resilience of their cyber systems through standardized risk management processes.

Due to changes in the Dept. of Defense's acquisition regulations (the DFARS), companies who want to manufacture products for the DoD must meet new and heightened cyber security standards established by the National Institute of Standards and Technology (NIST). The deadline for compliance is December 31^st of this year.

The Illinois tool, called The Dashboard, is a web-accessible software package that simplifies the process of implementing the new DFARS provisions while simultaneously meeting the NIST Cyber Security Framework (CSF) standard. Thus, users of The Dashboard comply with both standards at once – saving time and effort. Development and testing of The Dashboard is being funded through the Digital Manufacturing and Design Innovation Institute, a Department of Defense-funded next-generation manufacturing research and development center based in Chicago.

Manufacturing security is of high importance to everyone, but particularly the government, said Randy Sandone, principal investigator of the Dashboard project and executive director of the Critical Infrastructure Resilience Institute at Illinois. Our goal for this tool is to make it easier for contractors and subcontractors alike to evaluate their security risks and make improvements to their systems so that they not only comply with government requirements but address the growing cyber security threats to the manufacturing sector.

The tool presents a simple, point-and-click interface to the broad range of cybersecurity controls required of management, IT administrators, and individual users to achieve compliance with the DFARS and the CSF. It helps organizations achieve and maintain a standardized, integrated and mature cyber risk management process that is widely recognized for its efficacy in reducing risk and improving the resilience of systems.

The Dashboard will be commercially available this fall. It was developed in Illinois' Information Trust Institute.

While Sandone plans to debut the tool in the manufacturing sector, he says it could be applied to many other areas, such as cyberinsurance, healthcare and maritime petroleum operations.

For cyber insurance, the Dashboard could facilitate the widespread adoption of a standardized cyber risk management process. This, in turn, can help facilitate a more robust cyber insurance market by reducing the burden on underwriters to evaluate a myriad of home-grown cyber risk management processes as they evaluate the underwriting risks of individual insurance policies.

The NIST framework is the gold standard and this tool will make it easier for any company to achieve and maintain that high level of cyber security protection, Sandone said.