Hawaii looks to fill DoD cyber standards gap

  • The Sea-based X-Band Radar (SBX) transits the waters of Joint Base Pearl Harbor-Hickam, Hawaii. A partnership of non-profit groups hopes to bring SMBs in Hawaii up to snuff with Defense Department cyber standards. (U.S. Navy photo by Mass Communication Specialist 2nd Class Daniel Barker/Released)

    A growing number of small and medium-sized businesses are finding it difficult to meet the Department of Defense’s new cybersecurity requirements for contractors, the Cybersecurity Maturity Model Certification (CMMC). But a partnership of non-profit groups hopes to bring SMBs in Hawaii up to snuff, and if that succeeds, export the program nationwide.

    Smaller companies make up a critical component of a very complex defense industrial supply chain. Lack of CMMC certification will not only affect their bottom lines, but all the companies they supply and, ultimately, the end purchaser of the goods: the military itself.

    Yet a BlueVoyant study of small businesses found that nearly three in ten small businesses would not be able to meet the requirements for even the lowest tier of the multi-tier CMMC.

    “These companies’ whole business operation is based on digital infrastructure, and now they’re being told that there are all these threats, there’s this thing called ransomware, and they’re being attacked because they’re part of supply chain,” said Kiersten Todt, managing director of the SMB-focused security advocacy group the Cyber Readiness Institute. “It’s almost like learning a new language.”

    CRI offers a number of web-based resources for companies looking to up their security, including its own certification program. But it found that companies it assists nationally still faced considerable difficulty in the face of the new CMMC standard. So CRI, in conjunction with the non-profit CyberHawaii, is launching a cohort-based support system for Hawaiian companies.

    The resulting program, Cyber Ready Hawaii, is being funded by the State of Hawaii Department of Business Economic Development and Tourism through a Department of Defense grant.

    It will match small groups (“squads”) of companies looking to work together in figuring out CMMC requirements, give them the existing resources of CRI and a mentor from either the CyberHawaii or CRI stable of experts.

    “My hope would be that this type of program could be a model and a template for other regions, other sectors to help small businesses get to a place where they can achieve the goals for something like CMMC,” said Todt.

    The program launched as a pilot with a limited number of companies in tow. It hopes to help 250 companies in total before July 2022.

    For Hawaiian firms, CyberHawaii believes, this program comes just in time.

    “Many of Hawaii’s small and medium-sized enterprises are extremely busy with their day-to-day operations,” said Jill Tokuda, co-director of CyberHawaii, in a statement. “Unfortunately, they don’t have the time, resources, or internal expertise to focus on cybersecurity until they experience a breach. CyberHawaii believes that our local entities can be ready to both prevent and respond to cyber-attacks.”