OCD Tech was pleased to have been a sponsor at the National Defense Industrial Association (NDIA) New England 4^th Annual Cyber event at Northeastern University’s Innovation Campus at Burlington. The event that took place on October 10, 2019, provided a platform for industry and government officials to share information, thoughts, and concerns on the upcoming Cybersecurity Maturity Model Certification (CMMC) announced by the Pentagon earlier this year. The overarching theme of the day, exemplified by the event’s location, was the need for government, industry, and academia to come together on this single cybersecurity standard.

The CMMC is not another checklist, says Katie Arrington, Chief Information Security Officer for Acquisition. She explained that instead, this is a framework of standards and controls to secure the DoD, national security interests, and the supply chain from nation-state and non-nation-state cyber threats. Ms. Arrington spoke at length at the event to inform those in attendance that this new framework is necessary, achievable, and imminent.

The CMMC, its first form to come out in January 2020 for training purposes, introduces levels of certification based on what information the contractor, subcontractor, or supply chain provider has in their possession. For example, a major defense contractor would be a Level 5, with the most stringent hurdles for certification, where a small business that, hypothetically, sews backpacks for the Army would have a Level 1 obligation which Ms. Arrington describes as “basic cyber hygiene”.

Many of OCD Tech’s industry partners asked: “How is my small business supposed to pay for this?” Ms. Arrington addressed this concern, explaining that the cost for certification may be rolled into the bid for the DoD job. Small businesses were kept in mind during the creation of this framework with Ms. Arrington continuing to say that we cannot expect our small businesses to protect themselves against nation-state attacks. The Level 1 certification would require things like regular password changes, 2-factor authentication, and the use of anti-virus software.

Cybersecurity Leadership Panels

Although the CMMC was the hot-button issue of the day, the team from OCD Tech was pleased to participate in panels discussing cyber-related issues and observe a drone demonstration put on by Northeastern University’s Expeditionary Cyber and Unmanned Aerial System Research Development Facility.

OCD Tech’s own Scott Goodwin, Senior IT Security Analyst, sat on a panel discussing securing data from the Cloud. Mr. Goodwin spoke to an issue that many IT auditors see: clients that believe that moving their stack to the cloud will result in less regulatory obligation. He continued to caution against this and urged companies to always be aware of which regulations that they are obliged to comply with based upon the contracts they hold.

OCD Tech’s team was pleased to be a part of this information session and to not only listen and learn, but to share our own experiences and knowledge. OCD Tech looks forward to next year’s NDIA Cyber Event and to continue to grow with the exciting changes and challenges of the expanding cyber environment.