Defense contractors face a long road on cybersecurity

source: axios.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

Most defense contractors believe they’re too small and inconsequential for nation-state hackers to target them, a National Security Agency official told Axios.

Why it matters: China, in particular, has been laser-focused on targeting key American critical infrastructure, officials have warned.

  • That includes defense contractors — even the small ones that are responsible for making just one component of a military weapon.

The big picture: At least 70% of the defense industrial base are small businesses, and they’re facing many of the same cyber threats as the typical small business, Bailey Bickley, chief of DIB defense at the NSA Cybersecurity Collaboration Center, said in an interview at the RSA Conference last week.

  • But many small defense contractors believe their work isn’t consequential enough to catch the eyes of adversarial hackers, she adds.
  • That’s even despite very public warnings over the last year from top U.S. cyber officials about increasing Chinese government cyber threats.

What they’re saying: “These companies are truly a target of nation-state activity, and we need them to understand that and know how to defend against it,” Bickley told Axios.

  • “The fact is, our adversaries, particularly the People’s Republic of China, [have] an incredible amount of resources to do mass scanning of the internet, mass exploitation and mass data exfil.”

Threat level: Defense contractors are rich targets for nation-state hackers looking to steal military secrets and ransomware hackers targeting small businesses, Bickley said.

Between the lines: One of the biggest hurdles for defense contractors is a lack of technical expertise and money needed to invest in cybersecurity.

  • “When you engage with these companies, they are so good at what they do, and it’s not cybersecurity,” Bickley said. “They’re really just grappling with…. ‘What do I do? Where do I start?'”

The intrigue: The NSA is well-known for its own espionage, surveillance and hacking operations, but the agency is also key in overseeing defense contractors’ cybersecurity needs.

  • The agency provides several free cybersecurity tools to defense contractors, including DNS filters, threat intelligence information-sharing programs and vulnerability scans.
  • Most nation-states and ransomware actors are just conducting basic scans of internet-facing systems to see which ones are vulnerable to attacks, and the free tools are aimed at closing those flaws before hackers find them, Bickley said.