Are you looking for a shipping solution? Maybe you need to change freight carriers? Find out what the hard working and reliable people at Team Worldwide can do over land, sea and air
Van Duyne: CMMC Implementation, What It Means for Small Businesses
WASHINGTON, D.C. – Today, the Subcommittee on Oversight, Investigations, and Regulations is holding a hybrid hearing titled “CMMC Implementation: What It Means for Small Businesses.”
Subcommittee Ranking Member Beth Van Duyne's opening statement as prepared for delivery:
Thank you, Mr. Chairman. Just a few short weeks ago we saw how a malicious ransomware attack perpetrated by foreign actors on the Colonial Pipeline can cause chaos across the entire Eastern seaboard. And not long after that, another attack shut down one of the leading meat producers in the United States. The potential for profit and opportunity to disrupt the U.S. critical infrastructure has invited a number of cybercriminals to target U.S. network vulnerabilities. One of the softest targets to obtain valuable Department of Defense information is through our small contractors.
Recognizing the increased vulnerabilities of small contractors, the DOD initiated a new cybersecurity assessment framework called the Cybersecurity Maturity Model Certification to assess contractor implementation of cybersecurity requirements. While no one disputes the federal government’s need to address the growing cybersecurity risks facing our nation; I am deeply concerned that the CMMC has created yet another hurdle to keep small businesses from competing in the defense marketplace.
A major concern is the cost of compliance. No matter how you look at it, adding stringent cyber security requirements will be a costly endeavor for small businesses that are already recovering from a pandemic. With limited resources compared to the competitors in the defense contracting space, small businesses are understandably wary of deploying that capital, without assurance that their investment will return in future work.
The Federal government has already experienced a thirty-eight percent decline in its industrial base for the past decade, and measures like this will only exacerbate this exodus. Simply put, we need to ensure a competitive contracting environment for small business. This would not only benefit our small employers, but would be a net benefit for our national defense.
I have also had major concerns with the rollout of the CMMC, for a number of reasons. First, the assessments may be inconsistent and unfair because the process is being handled by many newly-trained assessors. There are also many questions outstanding about how subcontractors will be treated under this new framework. And finally, I’m worried that small contractors will be shut out of the conversation entirely, and forced to the end of the line. The fact is that this new process may threaten the livelihood of many small businesses. No assessment means no certification, and no certification means no work. Small businesses rightly fear they won’t be given a fair share, left to fend for themselves, as we have too often seen when it comes to sweeping government reforms.
Dealing with cyber threats is an extremely nuanced issue that will require continued collaboration. And while the DOD may have good intentions with the CMMC initiative, we must ensure that the voices of small businesses operating in the defense industrial base are heard and have their concerns addressed. I look forward to hearing the testimony of the witnesses today, and I yield back.
Subcommittee Ranking Member Beth Van Duyne's opening statement as prepared for delivery:
Thank you, Mr. Chairman. Just a few short weeks ago we saw how a malicious ransomware attack perpetrated by foreign actors on the Colonial Pipeline can cause chaos across the entire Eastern seaboard. And not long after that, another attack shut down one of the leading meat producers in the United States. The potential for profit and opportunity to disrupt the U.S. critical infrastructure has invited a number of cybercriminals to target U.S. network vulnerabilities. One of the softest targets to obtain valuable Department of Defense information is through our small contractors.
Recognizing the increased vulnerabilities of small contractors, the DOD initiated a new cybersecurity assessment framework called the Cybersecurity Maturity Model Certification to assess contractor implementation of cybersecurity requirements. While no one disputes the federal government’s need to address the growing cybersecurity risks facing our nation; I am deeply concerned that the CMMC has created yet another hurdle to keep small businesses from competing in the defense marketplace.
A major concern is the cost of compliance. No matter how you look at it, adding stringent cyber security requirements will be a costly endeavor for small businesses that are already recovering from a pandemic. With limited resources compared to the competitors in the defense contracting space, small businesses are understandably wary of deploying that capital, without assurance that their investment will return in future work.
The Federal government has already experienced a thirty-eight percent decline in its industrial base for the past decade, and measures like this will only exacerbate this exodus. Simply put, we need to ensure a competitive contracting environment for small business. This would not only benefit our small employers, but would be a net benefit for our national defense.
I have also had major concerns with the rollout of the CMMC, for a number of reasons. First, the assessments may be inconsistent and unfair because the process is being handled by many newly-trained assessors. There are also many questions outstanding about how subcontractors will be treated under this new framework. And finally, I’m worried that small contractors will be shut out of the conversation entirely, and forced to the end of the line. The fact is that this new process may threaten the livelihood of many small businesses. No assessment means no certification, and no certification means no work. Small businesses rightly fear they won’t be given a fair share, left to fend for themselves, as we have too often seen when it comes to sweeping government reforms.
Dealing with cyber threats is an extremely nuanced issue that will require continued collaboration. And while the DOD may have good intentions with the CMMC initiative, we must ensure that the voices of small businesses operating in the defense industrial base are heard and have their concerns addressed. I look forward to hearing the testimony of the witnesses today, and I yield back.
Ready for reliable and friendly service in a towing company? Combined with competitive rates? Call Force 1 Towing and Auto Body in Catasauqua at 610-266-6721
