Program Helps SC Companies Meet DOD Cyber ​​Requirements > GSA Business

Adam Haldeman was getting frustrated.

Vice President of Research and Development Pendleton Tetramer Technologies felt mired in a web of expectations of defense department. The requirement to meet cybersecurity compliance has been part of DOD contracts since 2015, Haldeman said, but few in the department’s supply chain actually complied initially.

Over time, however, pressure from the DOD has increased, and companies wishing to continue or become part of the Department of Defense supply chain must meet Tier 2 compliance requirements where unclassified controlled information is part of the mixture.

For companies like Tetramer, Level 2 or Advanced Level compliance means adhering to 110 practices to ensure the security of controlled unclassified information.

Haldeman said he understands the need for cybersecurity, but the compliance process is daunting for companies trying to get there. Besides, in a small business, people like him have other jobs to do.

Tetramer is a cutting-edge materials company with many projects underway, including a special glue that could reduce the cost of some fighter jet repairs from hundreds of thousands of dollars to hundreds of dollars by making repairs on the possible land. The client for this one is the Department of Defense.

“Many (cybersecurity) requirements are interconnected,” Haldeman said. “It’s a whole network. It’s a mess. For any business that isn’t an IT business, it’s difficult and expensive. …I was trying to do that, and the solutions weren’t even working very well. We were still not compliant. And if we continued on this path, it would take years and a lot of money. And at the end of the day, I’m not convinced that it would have worked being actually secure and compliant.

Help came from Department of Commerce SC and the SC Manufacturing Extension Partnershipwith the SC Department of Employment and Manpowerthrough a program that last year connected Tetramer and 26 other SC companies with companies such as Beryllium Information Security who specialize in guiding companies through the compliance process. the SC Cyber ​​Security Assistance Program also pays most costs, although it does not cover the cost of hardware or software.

SCMEP and the Department of Commerce are urging companies in or about to be in the DOD’s supply chain to apply for one of 31 grants offered this year to help meet these cybersecurity guidelines. Companies are required to contribute about $3,000, and the grant pays $22,000, which covers the cost of the program, according to Andy Carr, acting president and senior vice president of operations at SCMEP.

“It takes a lot of time and a good amount of resources to reach these levels and our program is designed to provide qualified resources for this, and also to provide considerable financial support so that (the cost) is not a deterrent for companies, financially,” Carr said.

He said it takes about six months to complete the process with help from one of seven vendors who work with SC companies to help them meet the requirements that are part of the company’s maturity model certification. cybersecurity. CMMC is a framework of various cybersecurity standards and best practices.

Details and an application can be found at scbizdev.sccommerce.com.

DavisAccording to Cynthia Davis, business and industry manager at the Department of Commerce, to start a business must have a physical presence, must be in business for a year, must have at least four employees and must be in the chain of DOD supply.

“Working with SCMEP and their program was important to us because the bill to do it internally was piling up,” Haldeman said. “It was important to have mitigated that cost a bit and to connect with Beryllium Information Security and chart a path that really got us there.”

As daunting as the challenge is for Tetramer, which has been in business for more than 20 years and in the DOD supply chain for much of that time, Haldeman said the process is likely to drive startups away.

“If we were 5 years old or younger, we probably wouldn’t start working with the DOD,” he said. “We probably would have avoided all of this together. They want small businesses and they want innovation and new businesses considering DOD applications, but that (cybersecurity compliance) is a big hurdle.

Contact Ross Norton at 864-720-1222.

Ryan H. Bowman