Nearly 90% of the Pentagon supply chain fails basic cybersecurity requirements

CyberSheath commissioned Merrill Research to conduct a survey of 300 DIB contractors

State of The Defense Industrial Base Report

A thorough analysis of the state of cybersecurity of the U.S. defense industrial base (DIB) reveals that nearly 90% of its contractors do not meet the required security standards.
Image by Pete Linforth from Pixabay

A thorough analysis of the state of cybersecurity of the U.S. defense industrial base (DIB) reveals that nearly 90% of its contractors do not meet the required security standards.

Defense contractors possess sensitive national security information and are being constantly targeted with sophisticated hacking operations led by state-sponsored hackers.

The State of The Defense Industrial Base Report was commissioned by CyberSheath and carried out by Merrill Research.

The survey questioned 300 U.S.-based DIB contractors via an online survey in July 2022.

The supply chain of the departments in question was evaluated using the Supplier Risk Performance System (SPRS), which is the U.S. Department of Defense’s (DoD’s) single, authorized system to retrieve supplier security performance information.

Contractors who do not possess an SPRS score of 70 or higher are deemed noncompliant with the Defense Federal Acquisition Regulation Supplement (DFARS) criteria.

The DFARS is a set of cybersecurity regulations the DoD imposes on its contractors. The DFARS, which has been in effect since 2017, demands a score of 110 to be considered fully compliant.

Data presented by Atlas VPN shows that a startling 89% of contractors have an SPRS score of less than 70, which means that they do not meet the legally required minimum.

Over 25% of the supply chain received SPRS scores between -170 to -120, while only 11% of surveyed contractors received a score that is regarded as compliant.

The research conclusions show a clear and present risk to U.S. national security.

These findings should not be easily overlooked, considering the current global political tensions and the constant barrage of attacks from state-sponsored hackers.

Areas of noncompliance

Approximately 80% of the DIB does not monitor its systems 24/7/365 and does not use security monitoring services headquartered in the U.S. Using foreign cybersecurity services has a risk on its own.

Additionally, 80% do not have a vulnerability management system, 79% do not have a robust multi-factor authentication (MFA) system in place, 73% do not have an endpoint detection and response (EDR) solution, and 70% of organizations have not implemented security information and event management (SIEM).

These security measures are legally required by the DIB, and if they are not satisfied, the DoD and its capacity to undertake armed defense face a major danger.

This Conference is designed for anyone involved with 7×24 infrastructures – IT, data center, disaster recovery and network/ telecommunication managers, computer technologists, facility or building managers, supervisors, and engineers.

Nearly 90% of the Pentagon supply chain fails basic cybersecurity requirements

CyberSheath commissioned Merrill Research to conduct a survey of 300 DIB contractors

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest data center news and information.

Nearly 90% of the Pentagon supply chain fails basic cybersecurity requirements

CyberSheath commissioned Merrill Research to conduct a survey of 300 DIB contractors

Share This Story

Related Articles

GDIT Research study finds nearly 90% of federal agencies are planning 5G adoption

NSF-ISR Information Security Program Poised to Protect the DoD Supply Chain

Software supply chain risk report sets the bar for enterprise AppSec future

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest data center news and information.