Securing the defense industrial base (DIB) from escalating cybersecurity threats is essential as adversaries become more sophisticated. Bailey Bickley, Chief of DIB Defense at the NSA’s Cybersecurity Collaboration Center (CCC), recently shared at CMMC CON 2024 insights and resources available to DIB companies as they adapt to CMMC 2.0 requirements. These services aim to empower companies, especially small businesses, to combat cyber threats effectively and protect U.S. intellectual property.
The Role of the NSA and CCC
The NSA combines its signals intelligence and cybersecurity missions to protect against cyber threats, leveraging insights into foreign adversaries to secure U.S. defense contractors. “Cybersecurity is still new for a lot of folks in the defense industrial base,” shares Bailey. “Your company is really good at what it does, but there’s a lot of education that has to happen in terms of the threats that you face and the steps that you need to take to bolster your networks.” The CCC is designed to bridge that gap, sharing actionable intelligence on nation-state threats and providing essential tools for DIB companies to bolster their cybersecurity.
Key Cybersecurity Threats Facing the DIB
One of the most serious threats to the DIB comes from the People’s Republic of China, which actively targets defense contractors to steal sensitive U.S. intellectual property for military and economic advantage. Ransomware is another significant threat, with cybercriminals exploiting unpatched vulnerabilities to access networks and extort small businesses. Small contractors can be prime targets for both of these types of attacks, as adversaries rely on automated mass scanning techniques that can affect companies regardless of size.
NSA-Provided Cybersecurity Services The CCC offers several free tools tailored for DIB companies to address key vulnerabilities:
- Attack Surface Management: Scans internet-facing assets, identifies vulnerabilities, and prioritizes remediation based on real-time adversarial activity.
- Protective DNS: Helps protect companies from phishing and malware attacks by screening domain queries and blocking suspicious activities.
- Autonomous Penetration Testing: Uses AI to conduct internal tests, allowing DIB contractors to customize reports, identify critical vulnerabilities, and view remediation steps instantly. This tool offers immediate feedback, enabling companies to identify, fix, and revalidate solutions without delay.
Strategies for Compliance and Progress
Bickley highlighted the importance of prioritizing cybersecurity actions to support compliance progress, encouraging contractors to focus on high-impact areas first. With the CCC’s tools, companies can effectively address vulnerabilities and establish foundational protections, aligning with both security and CMMC compliance objective
Taking Action: Enroll in the CCC Program
For DIB companies looking to enhance their cybersecurity posture, the CCC offers enrollment in their suite of free services. Companies with an active Department of Defense (DOD) contract can sign up directly at nsa.gov/ccc to access these resources.
Awareness, action, and preparedness are key as DIB companies work to secure their networks and achieve CMMC compliance. Contact CyberSheath for guidance on securing your organization against evolving cybersecurity threats and navigating CMMC requirements.