Cybersecurity Services in Defense Contractors and Manufacturers

Dense contracts are demanding, high-pressure, and time sensitive. Add in compliance requirements such as DFARS/CMMC, NIST, ISO standards, and significant dependence upon third parties, and it’s a perfect storm of cybersecurity and compliance challenges. State actors are continually looking for the ‘weakest link’ to gain intelligence on their opponents; defense contractors are at the top of the list. 

DFARS Clause 252.204-7012 requires DoD contractors, including small businesses, to:

1. Provide adequate security to safeguard covered defense information that resides in or transits through their internal unclassified information systems from unauthorized access and disclosure. 
2. Rapidly report cyber incidents to DoD at https://dibnet.dod.mil.
3. When contractors or subcontractors discover and isolate malicious software in connection with a reported cyber incident, submit the malicious software to DoD Cyber Crime Center (DC3) in accordance with instructions provided by DC3 or the Contracting Officer. 
4. Preserve and protect images of all known affected information systems identified and all relevant monitoring/packet capture data for at least 90 days from the submission of the cyber incident report to allow DoD to request the media or decline interest.

Why ProCircular?

We have a variety of manufacturing clients, large and small, and work with their teams to support their production, DFARS, and NIST compliance issues. We understand what’s essential to manufacturing for defense; we learn quickly and roll up our sleeves to get to work alongside your team to protect your operation and meet your contractual and compliance obligations.

Cybersecurity Challenges for Defense Contractors and Manufacturers

Defense Manufacturers face a range of unique problems, including:

• high compliance requirements (NIST, CMMC, DFARS) from the government and the contractors they support. 
• cost-conscious leadership (and oversight) that requires justification for every dime spent
• subcontractors and vendors that may not protect their environment from hackers
• demands in turnaround time that rarely leave minutes to spare, even on a good day
• legacy networks and software systems that were grown over time rather than designed from scratch

Cybersecurity Threats Facing Defense Contractors

• Specialized, well-funded, and highly capable state actors targeting smaller defense contractors.
• RFI/RFQ process’s well-publicized requirements provide insights into information possessed by defense contractors.
• Hackers frequently target subcontractors and vendors to access larger firms.