Companies within the Defense Industrial Base (DIB), like machine, pharmaceutical and aerospace product manufacturers, are increasingly the subject of frequent attacks in pursuit of the billions of dollars tied up in Department of Defense (DoD) projects. The SolarWinds breach, the REvil cybergang hit on a defense contractor and others incidents making headline news are the overt evidence of these escalating targets – but it’s estimated by Black Kite that “twenty percent of America’s largest 100 defense contractors are highly susceptible to a ransomware attack.”
The DoD is naturally taking action. The safeguard of defense-related information has been named a major priority, says the DoD, leading the agency to unveil its “enhanced” CMMC 2.0 program in November of last year. With three different levels of compliance (“Foundational,” “Advanced” and “Expert”), CMMC 2.0 will undergo implementation through the rulemaking process, which can span from nine months to two years, and then ultimately fold the program into a contractual requirement. This means that any company that processes, stores or handles Federal Contract Information (FCI) must perform a CMMC Level 1 self-assessment.
Proper Protection of CUI
For manufacturers with FCI, CMMC 2.0 compliance involves the control of removable media, such as PCMCIA memory cards and USB drives, and encrypting this media to properly protect Controlled Unclassified Information (CUI). The process of storing and transferring machine programs is already a time- and labor-consuming task: often companies set up a kiosk for programmers to peruse programs, copy the selected machine code onto a USB, trek back to the machinery and copy the program to the machine. One manufacturer estimated that it took them 10 minutes of set-up time to upload a program and get the routers – per part. The total time devoted to this process amounted to around 83 hours a month.
CNC machine programs with PCMCIA media cards and USB drives also make revision control virtually impossible. Programs that were never proven can be exported to machines, machined “not to spec” and lead to the scrapping of parts, rework, or worse, customer rejections. Companies can then find themselves scrambling to repair customer concerns and spending additional time and labor sourcing the correct program, and ultimately going through the machine program transfer process over again.
Now, with CMMC 2.0, machinery using removable storage devices can also lead to noncompliance. Solutions to achieve compliance, however, may hold even greater possible benefits for manufacturers.
DNC for Compliancy, Reliability, and Greater Productivity
A modern DNC networking solution, like Predator DNC as available through Shop Floor Automations, can work towards helping companies eliminate removable drives from CNC manufacturing equipment altogether. Serving as one industrial network for all your CNC machines, robots, CMMs, PLCs, 3D printers and other equipment, a well-designed DNC networking system ensures that only your latest files are tapped from their central location and, when changes occur, the edits are stored back on your file server.
Even more so, CNC program revisions can be controlled through a bar code or QR code reader to eliminate errors and transfer the proven/released part program every time into the CNC for complete traceability. Securing greater control of your CNC program revisions can lead to a reduction in the amount of rework and scrap that plagues companies utilizing untested programs. All in all, the implementation of a proper DNC networking solution can equate to a more productive team and a more consistent and reliable manufacturing process.
Set up your organization for CMMC 2.0 compliance while realizing significant gains in productivity and reliability – contact a DNC networking specialist at Shop Floor Automations to discuss your unique defense environment today.