BeeBright, Thinkstock, Getty Images
Industryweek 27482 012218 Cybersecurity Thinkstock Beebright2

A Small Manufacturer Solves the Cybersecurity Puzzle

June 25, 2018
How the Manufacturing Extension Partnership in Illinois helped Atlas Tool Works meet Department of Defense guidelines.

Atlas Tool Works is a small family-owned company that provides specialized machining and turning of tight tolerance parts, precision sheet metal fabrication, metal stamping, and complex engineered assemblies. It has 72 employees, and a long history of commitment to quality and continuous improvement.

Atlas leadership knew they needed to improve their cybersecurity. The company, being part of the U.S. Department of Defense supply chain, was required to comply with the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards or risk losing their DoD contracts. Leaders also realized that improving the company’s overall cybersecurity would protect the confidentiality, integrity, and availability of information.

Understanding the Requirements

Lacking a full-time information technology staff, Atlas Tool Works needed support to decipher the guidelines, perform an assessment, identify gaps, and execute the improvements before the December 31, 2017 compliance deadline.

Atlas contacted the Illinois Manufacturing Excellence Center (IMEC), its local representative for the Manufacturing Extension Partnership (MEP), for assistance.

Using the NIST Cybersecurity Self-Assessment Handbook as a guide, IMEC team members worked with Atlas to decipher and break down the security requirements into understandable steps.

“The [security requirements] were ambiguous as far as how it applied to us specifically,” said Zach Mottl, chief alignment officer for Atlas. “It felt open-ended, so we weren’t sure where to begin.”

Together with Atlas and its contracted IT provider, IMEC determined that Atlas was only 40% in compliance with the cybersecurity guidelines. They then set about hashing out an improvement plan—for network setup, policies and procedures, IT system requirements, worforce rules and training—and an implementation timeline to ensure full compliance before the deadline.

 “Going through this process was great for our organization,” said Mottl. “It’s all about developing good habits. In manufacturing there are many procedures in place like ISO (International Organization for Standardization) for the manufacturing operations, but you forget about processes related to information systems.

“The cybersecurity requirements are all about managing risk, protecting data, not letting intrusions in, and notifying the appropriate people when things happen. As a small business, we often create workarounds to simplify our work and with administrative practices in particular. But with the DFARS compliance, that is unacceptable and we now understand how essential that is for our company’s security.”

Atlas executed the implementation plan and now meets the requirements. Key changes as a result of the assessment included server room locks with passcode protection, settings changes on the server and router to track who was accessing files, and creating a log in the server for forensics records. The company also updated its hardware and software, added stricter email encryption, and offered workforce training to understand the new language and security precautions.

Mottl added, “Addressing the DFARS compliance requirements was important for us to become a more robust and secure organization. I know all businesses would benefit from the assessment, not just defense contractors.”


  • Increased cybersecurity compliance from initial assessment of 40% to 100% compliance in 6 months
  • Full compliance to DFARS Cybersecurity requirements
  • Increased awareness and participation by staff in information security programs and reporting

 David Boulay is President of IMEC, a public-private partnership committed to driving growth through enterprise excellence.

Popular Sponsored Recommendations

Are You Positioned To Tackle Supply Chain Risk?

Sept. 20, 2023
Supply chain disruption is here to stay, but you can keep ahead of potential issues — and identify new opportunities — by regularly assessing your suppliers. Download our supplier...

2022 Year in Review: Ransomware Targeting Manufacturers Worldwide

June 28, 2023
Did you know that ransomware attacks on industrial infrastructure organizations nearly doubled in 2022?

2022 ICS/OT Cybersecurity Year in Review

March 13, 2023
The annual Dragos ICS/OT Cybersecurity Year in Review Report is the most comprehensive source for the latest cyber threat intelligence, vulnerabilities, and lessons learned from...

Secure end-to-end traceability and digitalization. Ensuring security with a specific data model.

July 11, 2023
A secure end-to-end traceability answers key questions. Is the device genuine or counterfeit? Are the designs intact and untampered? How to track origins and destinations? Explore...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!