New risks threaten defense industry's cybersecurity, report claims


Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.

The defense industry base was pummeled with new cybersecurity vulnerabilities in 2020, increasing the contractors' supply chain risk, according to a new industry report.

The National Defense Industry Association recently released its 2021 Vital Signs report, in partnership with Govini, addressing key areas that affect the overall health of the defense industry base, including issues like information security, demand, productivity, workforce diversity and financial performance.

Overall industrial security, which includes threats to information security and intellectual property took a hit, scoring 56 out of a possible 100 points, according to the report, which evaluated scores from 2018 through 2020.

That score is just a point lower than what was reported in 2019 but was also solely due to the sheer number of new cybersecurity vulnerabilities reported in 2020: 17,305, which is up 18% since 2018. That number was 6,447 in 2016, according to the report.

As a result, gains made by increased security for intellectual property rights, which saw a boost FBI investigations, were erased.

"American industry faces persistent, increasing threats of intellectual property theft, economic espionage, cybercrime, and other forms of attacks," the report states. Additionally, the drop in an already low score is part of "larger trends in the erosion of industrial cybersecurity despite increasing attention and resources being dedicated to combating the threat."

The report comes as the Defense Department works to implement a unified cybersecurity standard for contractors called the Cybersecurity Maturity Model Certification program, and as defense companies work to comply with the China-made telecommunications equipment ban.

Industrial base security is a pressing concern of many in Congress. Sen. Joe Manchin (D-W.Va.) brought up the issue Feb. 2 during the confirmation hearing for Kathleen Hicks to be deputy defense secretary, saying prime contractors needed to be responsible for the network security of their subcontractors.

"The big boys, the Boeings and all that -- hold them accountable for basically the security of their networks down into their subcontractors. That's where we're getting picked off," Manchin said, seemingly alluding to the DOD's CMMC program that would require all defense contractors to meet certain cybersecurity standards before getting contracts.

"That's where basically the hacking -- that's where all the information is being stolen from. That has to be secured and it has not," he said.

Manchin went on to say that there was no financial penalty for prime contractors that suffered a security breach through a subcontractor.

Hicks' response: "we have to improve the accountability and change the incentives."

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected