Breaking Down Barriers for SMBs: The Army S&T Roundtable on Cybersecurity Compliance for Small Businesses in Washington, DC

Small businesses are truly at the forefront of innovation. Think of the scrappy entrepreneurs noticing a problem and working creatively to provide a solution. It’s this kind of on-the-ground innovation that drives industries forward – and the armed forces are no exception.

That’s why SBIR was founded in 1982: to “fund a diverse portfolio of startups and small businesses across technology areas and markets to stimulate technological innovation, meet Federal research and development (R&D) needs, and increase commercialization to transition R&D into impact” (https://www.sbir.gov/). To date, more than $50 billion has been awarded through almost 180,000 grants.

Seems like the program is a wild success, right? Unfortunately, within the past few years, the army in particular has recorded a downturn in participation in SBIR. While the reasons are varied, one main reason is the burden of complex cybersecurity regulations. These regulations require a significant level of funding and expertise that the SMB market struggles to find.

To address the problem, the Army turned to the Science and Technology Centers to organize a series of roundtable discussions. These roundtables bring together representatives from different branches of the armed forces with industry experts. The topics range widely, but all sessions are focused around increasing participation in SBIR and related programs.

I was honored to be invited to participate as a panelist in the fourth roundtable in this series, which focused on issues related to cybersecurity compliance requirements – specifically, the CUI program and CMMC.

Is your organization preparing for CMMC? Join the CMMC Early Adoption Waitlist.

How We Can Help

In my opening statement, I spoke of my experience working with the SMB market, both as a small business owner myself and as a consultant to others. Specifically, I discussed the barriers many business face before even beginning the compliance journey, which make the process seem too burdensome from the start. These are information barriers:

The first barrier is communication around upcoming changes. While all organizations have daily discussions of budgets and trade-offs, none feel the pressures of those conversations more acutely than SMBs. Taking that in mind, consider an upcoming regulation – perhaps CMMC 2.0, as a timely example. Organizations everywhere are deciding when, and how much, to invest in preparedness for CMMC compliance. Each uncertain factor is another vote to wait and see, to put that dollar toward a more certain outcome, to weigh the risk of noncompliance a little lighter than the opportunity cost of a different investment. This balancing act is a constant, ongoing one for SMBs. And it can result in real pain once the day comes when the organization finally decides to pursue compliance, at greater cost and likelihood of missing something in the fray. The solution is to communicate as clearly as we can, as early as we can, about upcoming changes. Use the information at our disposal to help organizations make educated investments. With more information and fewer unknowns, more confident decisions can be made.

The second barrier is ongoing resource availability. Myself and the other panelists can interact directly with organizations seeking compliance, and we can have great impact in those direct interactions. But we cannot be there all the time. After we get off the call or head back from the onsite visit, what stays behind to help SMBs? They need trusted resources to serve as our proxy. To that effect, I shared the characteristics of useful, trustworthy resources I’ve found to be most helpful in my time working with SMBs.

My opening statement ended on a hopeful note. I was encouraged to see the powerful people around the table who had all come together to solve the same problem. In that group lies the responsibility and capability to ease the burden of compliance. I reminded the people in the room that they are uniquely positioned to take these steps. We can just be assessors, or we can be partners and advisors for the SMB market – making things clearer, not muddier, and easier, not harder.

In that spirit, I thought I would share some of these resources for any SMB wondering if they can tackle the project of compliance. And if you need a partner in your CMMC journey, reach out to us here at CG Silvers Consulting. Our CMMC Early Adoption Waitlist is open here.