Department of Defense grant to fortify SC cybersecurity

Listen to this article

This story was originally published in the Sept. 20, 2021 edition of the Charleston Regional Business Journal.

In a move toward bringing defense manufacturers up to modern cybersecurity standards, the Department of Defense has awarded S.C. Department of Employment and Workforce a second round of grant money.

This $775,829 will go to companies contracted by the Department of Defense to meet specific requirements that will keep businesses eligible for these contracts.

“Having the policies and procedures and measures around cybersecurity and protecting confidential and classified information is critically important, no matter what industry you’re in,” said Nina Staggers, deputy assistant executive director of workforce development of the Department of Employment and Workforce. “And I think that we’re seeing that more and more internationally as these attacks continue to happen.”

As part of the Department of Defense’s new Cybersecurity Maturity Model Certification model, companies part of the defense industrial base will be assessed according to various cybersecurity standards and protocols. Requirements vary at different levels of the certification, but when implemented, it will reduce risk against specific sets of cyber threats.

At the base level, a company must be able to demonstrate basic cyber hygiene practices, such as using antivirus software or ensuring that employees change their passwords, Staggers said.

Though the Department of Defense has yet to establish an overseeing body to complete these assessments, the grant money will be used to prepare companies for when that happens. The goal is to get companies to reach at least a level three out of five in terms of requirements they must meet on the certification scale.

According to Staggers, Department of Defense requirements are expected to be applied in a phased rollout over the course of fiscal year 2021 through fiscal year 2025.

As for the recently acquired funds for South Carolina, they will be facilitated through the S.C. Cyber Assistance Program, in partnership with the S.C. Manufacturing Extension Partnership and the S.C. Department of Commerce. The program aims to educate South Carolina’s defense manufacturing community about cyber threats and provide technical support that puts them in compliance with defense standards.

This second round of funding will serve 31 businesses. Each one will receive a maximum of $22,000 from the lump sum, in addition to $3,000 that they invest themselves.

“The $3,000 engagement fee is kind of the skin in the game, so to speak,” Staggers said. “It’s ensuring that the company has some personal stake in or personal investment into creating the policies and procedures that are going to ultimately be a part of how it protects itself against cyber-attacks.”

This follows a first round of grant money that wrapped up in July, which served 27 companies.

According to a study released by the S.C. Military Base Task Force and the University of South Carolina, the annual economic impact of the military community on the state is $24.1 billion, translating to 181,847 jobs and $9.9 billion in labor income for South Carolinians.

When the impact of the state’s defense industries is this great, even the smallest of security threats can be costly, both in time and money, Staggers said.

“We’re seeing nationally and internationally, just an increase in cyber-attacks, and specifically with the inclusion of smart technology,” Staggers said. “Because a lot of that is computerized, you are now at an increased risk for cyber-attacks.”

Overall in South Carolina, there are 752 defense firms fulfilling $2.1 billion in contracts. The state is also home to eight major military installations and numerous other facilities supporting 62,520 Department of Defense personnel of all branches of service, with $2.6 billion in payroll.

To further support efforts to ramp up cybersecurity priorities for defense manufacturers in the state, the S.C. Department of Commerce hosted the S.C. Cybersecurity Summit on Sept. 1 for companies with a current contract under the Department of Defense.

This day-long event that brought in more than 100 participants took place at the Columbia Metropolitan Convention Center. Guests heard from some of the nation’s top cybersecurity experts and learned about obtaining the Cybersecurity Maturity Model Certification.

“One of the things that we heard from all the speakers that we learned over the course of the year is that these attacks are not going away,” Staggers said. “It’s not going to stop — if anything, they’re going to become more prevalent, and the cost to business and industry is going to increase — just as ransoms are getting larger and larger in value.”

Staggers said the first step in shoring up protection is awareness, followed by implementation of practices, as well as the necessary funding and resources to keep practices in place.

“That’s why this funding and this program is so critical to our state,” she said. “We know that these companies need these measures in place to protect their economic viability. The ransoms are so high now that a small company may be put of business by a cyber-attack, so it’s important that we’re making them aware that this is a real threat, no matter what size you are.”