Defense sector ISAC releases supply chain security handbook for small business with manufacturing focus

By Sara Friedman / May 8, 2023 at 10:21 AM

The National Defense Information Sharing and Analysis Center has published a supply chain handbook for small business manufacturing designed to help companies address "specific and common challenges" by offering use cases and ideas to address them.

The handbook was developed by the ND-ISAC’s small and medium business working group and offers scenarios around unnecessary administrative access, outdated operating systems, USB flash drives, phishing, sharing sensitive data, physical security as well as shipping and logistics.

“This product illustrates real-world scenarios in the build-to-print defense contractor environment with use cases relevant to forging houses, manufacturers and the finishing supply chain. As part of this the document amplifies specific and common challenges and describes the risks that impact both the small business and the larger supply chain,” the handbook says. It was published May 3 on the ND-ISAC’s website.

The handbook is targeted at:

  1. U.S. Government Personnel and large Prime Contractors -- to explain common scenarios these stakeholders may not be aware of that impact security guidelines and requirements.
  2. Small businesses operating in the manufacturing supply chain -- to offer practical steps both in immediate actions and long-term strategic planning to secure data and minimize risk.

The principal authors are Allison Giddens of Win-Tech and Terry Hebert of Centurum.

The handbook includes a defense industrial base manufacturing supply chain flow chart to show how to track data from the “build-to-print contractor environment.” It says, “Activities in between the data entering a SMB manufacturing environment and the product arriving on the customer’s dock carry many risks that should be identified and mitigated.”

Each scenario provides actions that should be taken now to secure an organization’s supply chain, what needs to be addressed “soon” and a description of why mitigating the risk matters to the supply chain.

The ND-ISAC released a guide in December to assist SMBs with choosing a managed service provider to help reach compliance with the Pentagon’s Cybersecurity Maturity Model Certification program.