Summary

Small to medium-sized manufacturing (SMM) companies are the backbone of the U.S. industrial base. However, they do not have the financial or technical resources needed to protect themselves from cyberthreats such as computer hacking, embedded malicious software, and “internet of things” sensors sending sensitive information to foreign counties. These cyberthreats can cause huge damage to the U.S. economy and national security. With relatively limited investment, cybercriminals can disrupt critical supply chains, damage key sectors, and delete or corrupt important information resources.

The Biden-Harris administration should address these threats through a government-industry partnership that uses “wargaming” analyses — i.e., virtual techniques to model and assess threats — to evaluate manufacturing cyberthreats and test strategies for ensuring supply-chain cybersecurity. As part of this partnership, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) should implement a pilot program to spread robust and scalable cybersecurity best practices throughout manufacturing-based supply chains. Coordinating the resources and expertise of other federal agencies — including the Nuclear Security Enterprise (NSE), the Department of Defense (DOD) Digital Manufacturing Institute (MxD), the National Institutes of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP), and the DOD Cybersecurity Maturity Model Certification (CMMC) program — with the resources and expertise of external entities (e.g., academic institutions) will enable the administration to become more proactive in anticipating and neutralizing cyberthreats, thus enhancing the stability and security of U.S. manufacturing supply chains.