Defense Department's supply chain faces gaps, leaving Pentagon exposed: report confirms
The defense industry is facing a surge of cyberattacks, with ransomware groups such as Babuk, Ryuk, Maze, and DoppelPaymer targeting defense industry contractors. According to a report by BlueVoyant, more than half of the 300 small-to-medium sized business (SMB) subcontractors in the U.S. defense industry have critical vulnerabilities to ransomware.
These vulnerabilities include unsecured ports, unsecured data storage, and outdated software, with almost half (48%) of these companies showing severe vulnerabilities. About 10% of companies showed critical vulnerabilities, including evidence of targeted threat activity or compromise.
Non-IT tech companies, with fewer resources to address security shortfalls, have a higher risk profile. Austin Berglas, head of professional services at BlueVoyant, stated that SMBs are often the weakest link in the defense industrial base and are frequently targeted by adversaries. Adversaries prefer to exploit open, unsecured ports on smaller subcontractors rather than large, well-funded, well-secured prime contractors, according to Berglas.
The Pentagon is facing significant hurdles in securing the defense industrial base against persistent cyberattacks, months after the launch of the Cybersecurity Maturity Model Certification (CMMC) program. More than one-quarter (28%) of companies reviewed in the study would likely fail to meet the most basic requirements of the CMMC program, a Department of Defense initiative. Smaller contractors have faced challenges meeting the requirements of the CMMC program.
The Pentagon remains committed to the security and integrity of the defense industrial base in response to increased cyber intrusion efforts. However, two defense contractors have already shut down operations due to ransomware attacks. Malicious actors have also targeted other defense contractors, including F5 and Microsoft, through zero-day vulnerabilities in VPNs.
The specific small companies from the defense industrial base that had not yet implemented comprehensive security improvements to meet CMMC certification requirements in the BlueVoyant report for the year 20XX are not publicly detailed. The Pentagon is urging these companies to prioritise cybersecurity measures to protect their operations and maintain the integrity of the defense industrial base.
In conclusion, the defense industry is under threat from persistent cyberattacks, with ransomware groups targeting defense industry contractors. The Pentagon is committed to securing the defense industrial base, but smaller contractors, with fewer resources and critical vulnerabilities, are facing significant challenges in meeting the requirements of the CMMC program. It is essential for these companies to prioritise cybersecurity measures to protect their operations and maintain the integrity of the defense industrial base.
Read also:
- Upcoming iPhone Model: What We Understand Thus Far
- Diversity Among Varieties of Green: Each one has its uniqueness
- Top Trends: TheCompilation of Up-to-date Information in the World of Data News
- Renowned reproductive medicine expert, Dr. Nirmala Sadasivam, honored with the distinguished Dronacharya Award for dedicating 36 years of her career.
