Threats to Small Defense Businesses Can Have an Outsized Impact

Threats to Small Defense Businesses Can Have an Outsized Impact

Defense Industrial Base (DIB) manufacturers in the United States thoroughly understand the concepts of regulation and compliance. Almost no aspect of their business is outside the reach of some state-level or federal oversight agency or law. As some of the most sensitive organizations in existence, they are also no stranger to risk.

Risk exists at all levels, both inside and outside of the building, from physical locks to hiring trustworthy employees to finding honest (and secure) vendors and partners. Then of course there are the risks associated with a growing number of cyber threats, from passive malware-infected files and websites to sophisticated, persistent attacks. Cyber risk mitigation is the difference between business as usual, and a state-sponsored criminal burrowing deep into your network and planting a botnet node to steal sensitive information and turn your own devices against you.

Unfortunately, strong cybersecurity is clearly not an ingrained mindset in small and mid-sized DIB businesses. If you’re not convinced, take a look at some highlights from a September 2018 U.S. Department of Defense Presidential report entitled “Assessing and Strengthening the Manufacturing and Defense Industrial Base and Supply Chain Resiliency of the United States”:

  • In a broad survey of over 9,000 classified contract facilities within the DIB, more than 6,600 small business facilities lagged significantly in their cybersecurity measures, as compared to large firms.
  • Fewer than half of the surveyed DIB facilities classified as small businesses had any cybersecurity measures in place at all.
  • There is a significant lack of awareness of federal cybersecurity requirements within small manufacturers.
  • There is also a significant lack of awareness of the flow-down obligations owned by second and third tier suppliers to primes in the DIB.
  • To quote the report, “Gaps in the cybersecurity sector lead to pervasive and persistent vulnerabilities to the industrial base, contributing to the erosion of manufacturing and decreasing economic competitiveness and national security.”

This should cause all of us to lose sleep. Some of these small businesses create solutions that are deployed in Top Secret government and DoD networks, and in some cases they have barely a whiff of cybersecurity in place to keep bad actors from infiltrating their processes.

At Owl, we help DIB organizations secure their IP, their core manufacturing processes, data repositories, and their distribution networks, with easy-to-implement solutions. DIB companies can be ruined by cybercrime, which typically affects the entire supply chain – and even national security as a whole – not just one entity. If your DIB organization isn’t properly defended from cyber threats, the time to act is now. A safe and secured nation may never thank you later, but it’s far too important to ignore. This is not mere hyperbole. It really does matter.

To learn more about Owl Cyber Defense Cross Domain solutions visit:

About The Author

Dan Callahan has been in the federal market since 1984. Dan’s primary roles have centered around gathering federal agency IT requirements in categories such as enterprise software, high performance computing, complex telecommunications and cybersecurity. He manages client requirements from the US civilian intelligence community.

Why Do A Medical Device Assessment, Part 4: Access Granted

In the last post, we got up close and personal with the device, and now it was time to really try to dig into the administrative functions. While the unauthenticated (non-password-protect...
October 29, 2020
Charlie Schick Healthcare Consultant

Why Do A Medical Device Assessment, Part 3: The Device

In the previous two posts in this series, I talked about the reasons cybersecurity analysis on medical devices is necessary and some processes behind device analysis. In the next coupl...
October 21, 2020
Board inspection
Charlie Schick Healthcare Consultant

Why Do A Medical Device Assessment, Part 2: How We Do It

In my last post, I talked a bit about the cybersecurity challenges around medical devices. In this post, I want to tell you a bit about the process of device cybersecurity analysis, wi...
October 15, 2020