New Cybersecurity Certification Program to Help Protect Supply Chain of U.S. Defense...

New Cybersecurity Certification Program to Help Protect Supply Chain of U.S. Defense Department

Southern is joining the nationwide effort to help the U.S. Department of Defense bolster cybersecurity in its supply chain amid concerns over the recent hack into federal agencies – including American nuclear weapons agencies.

Software produced by Solar Winds, a Texas-based company that has contracts with Fortune 500 companies and government agencies such as the Defense Department, was reported late last year to have been breached by Russian hackers. It enabled the perpetrators to “see into” the networks of clients of Solar Winds.

And just this month, a group of Switzerland-based hackers accessed footage from an estimated 150,000 surveillance cameras operated by Silicon Valley’s Verkada, Inc. The cameras operated inside of police departments, hospitals, schools, prisons and various companies, including car manufacturer Tesla.

Southern’s School of Graduate and Professional Studies has partnered with Data Intelligence Technologies of Virginia to launch a certification program this summer that will help defense contractors and subcontractors protect sensitive information.

“Security breaches occur every day, but not at the magnitude of the Solar Winds and Verkada incidents,” said Lisa Lancor, chair of the SCSU Computer Science Department. “These are huge and underscore the need to build a strong, cybersecurity workforce.”

Last year, the U.S. Office of the Under Secretary of Defense for Acquisition and Sustainment introduced the Cyber Maturity Model Certification (CMMC), a new standard for suppliers to operate within the Defense Department’s acquisition and procurement process. All companies that provide supplies for the department’s projects operations – such as defense contractors – will need to be certified. The requirements are being phased in by Oct. 1, 2025.

Contractors have been able to merely attest they were in compliance with safety standards by conducting self-assessments. But under the new system, third-party trained professionals will assess whether those standards are being met. Southern will help Data Intelligence Technologies teach those who seek to become certified assessors and professionals.

“The Defense Department has perhaps the largest global supply chain, which means it deals with a wide array of organizations,” Lancor said. “These organizations are constantly under hacker attacks. In fact, the malicious cyber activity cost to the U.S. economy in 2016 was estimated at more than $100 billion.”

She noted that cybersecurity is an increasingly lucrative field, and this certification program should prove valuable to those pursuing a career in cybersecurity. The CMMC Accreditation Body specifies a clearly defined path through its certifications with each certificate building on the next. For example, before becoming a Certified CMMC Assessor – Level 1, (CCA-1), a person would have to become a Certified CMMC Professional (CCP).

“Currently, there are no CMMC-certified assessors who can do the assessment of companies that have defense contracts, such as Sikorsky Aircraft and Pratt & Whitney,” Lancor said. “This opens up a huge market for anyone who wants to get into CMMC as a career, helping to secure organizations from external hackers. The CCP certificate is also of interest to companies that have contracts, or sub-contracts, or sub-sub-contracts, with the Defense Department so they can better prepare for their CMMC assessments.”

Manohar Singh, dean of the SCSU School of Graduate and Professional Studies, said this initiative will benefit students, as well as the local and state economy, and the national interest.

“Southern is committed to offering innovative programs in the areas critical to national interests and community service,” he said.

Lancor said the CCP, CCA-1 and CCA-3 (Certified CMMC Assessor – Level 3) will be available at SCSU, and others will roll out as the CMMC Accreditation Body defines the standards for future assessor certificates.

CCPs and CCAs must be trained by a CMMC-approved Licensed Training Provider (such as Data Intelligence Technologies), and CMMC-Accrediting Body Certified Instructors, and then tested by the CMMC Accreditation Body. When an individual passes that test, they become certified at the level of their testing and can work for a Certified 3rd Party Assessment Organization (C3PAO) that would go out and assess contractors and all of their subcontractors, according to Lancor.

She said the partnership with Data Intelligence Technologies will enable SCSU students pursuing a Master of Science degree in computer science with a cybersecurity concentration to receive the training for free.

SCSU plans to offer the following courses:

*A primer, 8-hour, online course, “Certified Professionals Essentials,” which will describe the CMMC program in detail. This is appropriate for those wishing to learn the new requirements and is designed for a varied audience from manufacturing executives who have Defense Department contracts to compliance lawyers and IT consultants who provide support for the defense industrial base.

*A CCP course that will provide 40 hours of instruction preparing someone to take the CCP exam.

*A CCA-1 course that is a three-day hybrid (mixture of in-class and online instruction) offering.

*A CCA-3 course that is a five-day hybrid offering.

For further information, go to:  https://www.southernct.edu/cmmc