Survey: Reasons U.S. Electronics Manufacturers May Exit Defense Market


Reading time ( words)

In a new IPC industry survey and report, one-quarter (24 percent) of electronic manufacturers say the costs and burdens of compliance with the Cybersecurity Maturity Model Certification (CMMC) may force them out of the U.S. Department of Defense’s (DoD) supply chain.

The survey conducted by IPC, the global electronics manufacturing association, also finds that for many small- to medium-size businesses (SMB), the costs and burdens of CMMC compliance may outweigh the benefits of doing business with the DoD.

In addition, 33 percent of respondents say the CMMC will weaken the U.S. defense electronics industrial base, while 18 percent are unsure, highlighting the uncertainties involved. And 41 percent believe applying the CMMC clause to their suppliers will create other problems in the supply chain.

“Cybersecurity is a must for U.S. national security, but the costs and burdens of achieving CMMC compliance under the current approach will likely force many small and medium-sized manufacturers out of the DoD supply chain, negatively impacting national security,” said John Mitchell, IPC president and CEO. “The objectives of CMMC are well-intentioned, but they must not be achieved at the expense of other key aspects of supply chain health.”

Most suppliers expect and are willing to spend upwards of $50,000 on CMMC readiness, and nearly one-third (32 percent) report that it will take them one to two years to prepare to undergo CMMC assessment. However, more than half of the suppliers say implementation costs of more than $100,000 would make CMMC readiness too expensive. DoD’s own cost analysis estimated the cost of a CMMC Maturity Level 3 (ML3) certification to be more than $118,000 in the first year. This means DoD’s own estimate of CMMC compliance costs is too high for 77 percent of the IPC survey respondents. 

“The Pentagon needs to take into consideration that most SMBs do not have dedicated cybersecurity personnel to achieve the prerequisites, and while many commercial electronics manufacturers have considerable business with the defense community, they themselves do not consider themselves a defense contractor,” added Mitchell. 

The study’s author, cyber security expert Leslie Weinstein, says the DoD can reduce the costs and uncertainties of CMMC compliance by leveraging existing industry standards and certifications, such as IPC-1791, the electronics industry’s “Trusted Supplier” standard, which was designed in collaboration with the DoD; or the certifications offered by HITRUST or the International Standards Organization.

“The DoD recognizes a variety of respected, industry-driven certifications when it comes to hiring cybersecurity professionals,” says Weinstein. “Taking the same approach to certifying suppliers would allow companies to invest more in security than in redundant audits, and it would quickly create a pool of companies who are able to bid on DoD solicitations containing the CMMC DFARS clause. And importantly, it would prevent further erosion of the U.S. defense industrial base.”    

IPC fielded the survey between February 25 and March 5, 2021 and garnered 108 responses from contract manufacturers, printed circuit board fabricators, original equipment manufacturers and suppliers who self-reported they are planning to undergo a CMMC assessment in the next five years.

Share

Print


Suggested Items

USPAE Launches $42M DoD Consortium

02/11/2021 | I-Connect007 Editorial Team
The I-Connect007 editorial team recently interviewed Chris Peters, Kevin Sweeney and Shane Whiteside, members of the U.S. Partnership for Assured Electronics (USPAE), about the award the association received from the Department of Defense to create the Defense Electronics Consortium. In this conversation, they discuss the objectives of the consortium, which was created to help the government identify and address potential risks in the electronics industry.

I-Connect007 Editor's Choice: Five Must-Reads for the Week

09/04/2020 | Nolan Johnson, I-Connect007
When compiling my Top Five, I tend to let the reader views guide my choices. Oh, sure, sometimes a news item is significant well beyond the reads it receives; that’s why this is an editor’s picks, not a strict Top Five. Still, readership habits inform my choices. That makes it even more interesting when a week demonstrates a theme so convenient as to seem contrived. Take this week, for example. In this week’s top five, four of the top five are news reports on mil-aero topics. You, dear readers, gobbled up the military and aerospace news this week. The outlier is, as we all would expect, a conference report from our very own Pete Starkey.

iNEMI 2019 Roadmap Webinar Review: Aerospace and Defence Products

08/25/2020 | Pete Starkey, I-Connect007
The iNEMI Roadmap is recognised as a valuable tool for defining the state-of-the-art in the electronics industry, identifying emerging and disruptive technologies, and setting industry R&D priorities over the next 10 years. Pete Starkey provides an overview of iNEMI's latest in a series of webinars highlighting the roadmap’s assessments of evolving product requirements, manufacturing infrastructure issues, and technological needs and gaps.



Copyright © 2021 I-Connect007. All rights reserved.