Understanding Cyber Risk for the Defense Industrial Base
The threats of cyber attacks against a myriad of industries have been one of the top news stories of 2021. One of the most prominent attacks being used by threat actors is exploiting third-party risk by going after an organization’s supply chain. While there are unique vulnerabilities to all organizations from supply chain cyber-attacks, the threats posed to the Defense Industrial Base (DIB) are arguably the most urgent.
CHALLENGES AND THREATS TO DEFENSE INDUSTRIAL BASE ORGANIZATIONS
There are over 250,000 organizations in the U.S. DIB. The supply chain complexities are extraordinary, but the most impactful threat is the connection of the DIB to national security. Threat actors have realized that targeting vulnerable companies across the defense supply chain can be not only a profitable enterprise but also an alternate method to accessing valuable Department of Defense (DOD) information.
CURRENT RISK REDUCTION EFFORTS
To manage these risks, the DOD developed the Cybersecurity Maturity Model Certification (CMMC), with third-party assessors and certifiers to provide greater assurance that DIB companies were taking cybersecurity seriously.
While a step in the right direction, the systems to fully establish and manage the CMMC process are still in development. Unfortunately, even if fully implemented, these efforts will still fall short of the necessary continuous assessment of cyber risk needed for an industry as critical as the DIB.
WHAT’S NEEDED: CONTINUOUS SUPPLY CHAIN RISK & EXPOSURE ASSESSMENTS
The DOD’s Cyber Crime Center (DC3) launched a pilot program called Krystal Ball in 2020.
To power Krystal Ball, DC3 leveraged LookingGlass’s scoutPRIME® solution, which digitally footprinted nearly 900 DIB companies’ internet infrastructure in less than two days. This gave DC3 an outside-in view of those companies, enabling them to see what adversaries could see from the public-facing internet.
In 2021, when the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released an Emergency Directive about Chinese nation-state actors exploiting Pulse Secure software vulnerabilities to gain access to the U.S. government, DC3 used LookingGlass to identify DIB organizations that had those vulnerabilities and worked with those DIB companies to mitigate them before an attacker could exploit them.
WANT TO FIND OUT MORE?
Download the complete brief, Defense Industrial Base Solutions Brief to learn more about LookingGlass’s findings. Defense Industrial Base organizations interested in understanding their cyber risk by seeing what the adversary can see of their internet infrastructure, can contact LookingGlass for a review of their cyber risk posture.