Frequently Asked Questions

Cybersecurity is the protection of computer systems from the theft or damage to the hardware, software or the information on them, as well as from disruption or misdirection of the services they provide.

Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation’s security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company’s bottom line. It can drive up costs and impact revenue. It can harm an organization’s ability to innovate and to gain and maintain customers.

This clause requires defense contractors to incorporate established information security standards on their unclassified networks and to report cyber-intrusion incidents that may have resulted in the loss of controlled unclassified information. The Government intends to evaluate the efficacy of the DFARS controls in the face of low-end cyber security threats. This project call is an initial step in the continuing process of developing and refining technologies, standards and practices for factory floor data protection.

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation’s oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness at the time — a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany, and other economic rivals.

The NIST Cybersecurity Framework was created through collaboration between government and the private sector. It uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses. The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. Each Framework component reinforces the connection between business drivers and 188 cybersecurity activities.

This publication has been developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A130.

This publication provides federal agencies with a set of recommended security requirements for protecting the confidentiality of Controlled Unclassified Information (CUI) when such information is resident in nonfederal systems and organizations; when the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf of an agency; and where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category or subcategory listed in the CUI Registry. The security requirements apply to all components of nonfederal systems and organizations that process, store, or transmit CUI, or that provide security protection for such components. The requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations.

The NIST Security and Privacy Controls for  Federal Information Systems and Organizations (NIST SP 800-53), was developed by NIST to further its statutory responsibilities under the Federal Information Security Management Act (FISMA), Public Law (P.L.) 107-347. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems.

It provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors.

the Cybersecurity Maturity Model Certification (CMMC) is a new cybersecurity standard – currently being created by a collaboration betweenJohn Hopkins University Applied Physics Laboratory, Carnegie Mellon University Software Engineering Institute, Defense Industrial Base Sector Coordinating Council (DIB SCC), Office of Small Business Program, and others, the Office of the Assistant Secretary of Defense for Acquisition. This standard is anticipated to be implemented in mid-2020 and will replace the existing Defense Federal Acquisition Regulations (DFARS) requirement, which requires DoD contractors that handle Controlled Unclassified Information (CUI) to satisfy the requirements in the NIST SP 800-171. The CMMC incorporates all of the 800-171 requirements and expands upon these by adding requirements from various cybersecurity standards including:

· NIST Cybersecurity Framework (CSF)

· CIS Critical Security Controls

· CERT Resilience Management Model

· ISO 27001

· AIA NAS 9933

· Defense Industrial Base SCC TF WG

Another primary difference will be that the CMMC will require third party auditing by authorized entities. This means that the DFARS will require DoD contractors to become CMMC certified by passing an audit that confirms that they have met the appropriate level of cybersecurity for their business.

For more information refer to the Office of the Under Secretary of Defense’s CMMC document, or go visit their FAQ page.

Manufacturing Times Digital (MxD) equips U.S. factories with the tools and expertise they need to begin building every part better than the last.

It is a goal far too big for any one company to solve on its own. It requires production lines to be embedded with software and sensors, and hooked up to the cloud. Only with this ability to send and receive data can the equipment improve itself and learn from every part produced in real-time.

MxD was formerly known as the Digital Manufacturing and Design Innovation Institute (DMDII), housed at UI LABS in Chicago, Illinois.

Heartland Science & Technology Group is the trusted technology partner for the Cyber Secure Dashboard –  devoted to solving technical challenges of national, local & public interest. As a 501(C)(3) not-for-profit corporation, Heartland teams with private industry, government organizations & academia to support big-picture problem-solving. Heartland engages in scientific research & engineering development, provides & maintains technology solutions, and facilitates and manages mission-critical collaborative partnerships for clients.

Heartland Science & Technology Group is a creative, results-driven entrepreneurial group. Our not-for-profit structure affirms focus on our client’s mission, and the company’s commitment to investing its own resources in greater-good technology solutions.

The Information Trust Institute (ITI) at the University of Illinois provides national leadership combining research and education with industrial outreach in trustworthy and secure information systems. ITI brings together over 100 faculty and senior researchers, many graduate student researchers, and industry partners to conduct foundational and applied research to enable the creation of critical applications and cyber infrastructures. In doing so, ITI is creating computer systems, software, and networks that society can depend on to be trustworthy, meaning that they are secure, dependable (reliable and available), correct, safe, private, and survivable. Instead of concentrating on narrow and focused technical solutions, ITI aims to create a new paradigm for designing trustworthy systems from the ground up and validating systems that are intended to be trustworthy.

ITI’s research is organized into four themes:

Within those themes, ITI is home to several major center-scale efforts, dozens of smaller-scale projects, and a variety of initiatives designed to nurture research in specific areas.

ITI’s education programs recognize the crucial role of workforce development in ensuring the future of trustworthy information systems. Major ongoing education efforts include an annual summer intern program that attracts promising undergraduates from around the world, and the ICSSP scholarship program, which pays for up to 2 years of bachelor’s degree studies for U.S. citizen students concentrating on information assurance. In addition, ITI presents two seminar series, short courses, summer schools, workshops, and other special educational events, and provides academic advice to students who wish to concentrate on trustworthiness-related coursework.

ITI is very much an academic/industry partnership, and it welcomes collaborations with industrial and other organizations.

The Critical Infrastructure Resilience Institute (CIRI) conducts research and education that enhances the resiliency of the nation’s critical infrastructures and the businesses and public entities that own and operate those assets and systems.

CIRI is funded by a $20 million five-year grant from the Department of Homeland Security. It is led by the University of Illinois at Urbana-Champaign with collaborators from other U.S. universities and national labs.

With an emphasis on outputs-oriented research, education and workforce development, and early and continuous engagement with end users and homeland security practitioners, CIRI will explore the organizational, policy, business, and technical dimensions of critical infrastructure’s dependence on cyber assets. CIRI will examine how computer hardware and software both contribute to and threaten resiliency and how industry makes decisions about cyber assets which contribute to resilience.

A significant focus of the CIRI will be on transitioning research outputs for use by DHS operational components, other homeland security end users, policymakers, decision makers across all levels of industry and government, and community leaders.