Small Manufacturers need cyber help... NIST MEP must offer messaging!

I'm on a bit of a diversion this year. My goal is to not attend any security conferences during the year. I've blown that of course, but so far, I've attended conferences for insurance, litigation, and yesterday, manufacturing.  Why? Well, first, security conferences are becoming just to crowded. There's a boatload of noise out there, and even the best conferences are becoming overrun. Second, I really want to see how other industries are dealing with cyber, and there's not a better way than to sit in on meetings, attend a conference, or smoke a couple'a cigars with someone you've never met before in another industry.

So yesterday I spent two hours in a session with the Research Triangle Park Institute (RTI) in Manchester, NH. They've partnered with NIST's Manufacturing Extension Program (I'm not sure the parallel is correct, but I likened it to the Agriculture's Cooperative Extension Service but for Manufacturing companies). Anyway, RTI partnered with NIST MEP to produce market intelligence for companies who are considering moving into other products, expanding what they currently sell, etc.

Essentially what RTI offered was an analysis framed by Porter's five forces. Porter authored a model that framed five competitive forces that every business should (must?) consider when devising strategy.  I'm a believer.  I used this model in nearly every job and start-up that I've been involved with in the last 15 years --including (especially) my government position as the Director of the DCISE.  RTI offers a simplified view of Porter --something for manufacturers. They work with the company, mind-map the forces, using free software, exchange the mind map with the manufacturers, and in the end, offer a report --how best to build, position, and market this new R&D or technology.

I was a bit taken aback however... do they realize that that newtech that they're researching is probably highly sought after by others? And that the reason the mind mapping software is free is because someone else is reading your stuff? Do they consider that in this new normal, someone will steal that newtech if they're not careful?

So I asked the question (you knew I would!) "Do you consider who will want to steal that technology?" "How do you protect it during R&D?" "How long can you hold that market if the tech gets stolen during early stage strategy development?"  I've written hundreds of pieces over the years. Many describe stolen R&D. Manufacturing companies aren't the target because they make cool stuff, they're targeted for efficiencies, processes, and industrial engineering techniques. Wouldn't it be nice if it could be stolen during development of those processes?

OK NIST,   if you're going to send an FFRDC out to see small and medium sized manufacturing companies, eat your own dogfood and talk to them about protecting their IP.  RTI is your FFRDC.  Check their messaging before sending them into the field..

Great idea. Incomplete messaging and execution.