Cyber security companies teaming up with the NSA to bolster defense capabilities of underfunded arms suppliers
In the evolving landscape of national security, the defense industrial base (DIB) is no longer limited to traditional defense contractors. Today, it encompasses a diverse array of companies, including those from nascent and emerging industries such as artificial intelligence (AI) companies, commercial transportation firms, foreign-owned infrastructure operators, and more [1].
Amidst this growing diversity, small defense companies find themselves at the forefront, with 80% of the DIB comprised of small businesses. However, these businesses often have meager cybersecurity resources and minimal awareness of security best practices [2]. Recognizing the need to address this gap, the National Security Agency (NSA) is working diligently to find new solutions that are scalable to cover all of this new ground [3].
One such initiative involves collaborating with up-and-coming companies like Horizon3.ai, which offers their capabilities to small businesses within the DIB. These companies provide essential services, such as free penetration testing, to help identify security weaknesses before they can be exploited [6].
Protecting these small defense companies requires a layered approach. Strong internal AI governance and cybersecurity practices are crucial. Companies need clear governance structures to secure their AI models against manipulation, maintain transparency, and ensure proactive defense with skilled cybersecurity personnel [1].
Defensive AI systems also play a significant role. These systems monitor network behavior to detect anomalies indicating breaches, predict emerging threats, and automate patching before attacks happen [5].
Government collaboration is another vital component. The U.S. government agencies, including the NSA, US CYBERCOM, and CIA, conduct simulated attacks to test and improve defenses within strategically important industry sectors. They also facilitate dedicated intelligence sharing to disseminate the latest nation-state cyber threat information to key industry players rapidly [2].
Budget and resource prioritization are equally important. CISOs in the defense industry are increasingly allocating budgets toward AI-enabled cybersecurity capabilities, threat intelligence, and application security to counter evolving AI-powered cyberattacks [4].
The NSA is also responsible for helping defense contractors safeguard their systems. In this regard, the agency provides free security services, including classified information sharing and a protective DNS offering [7].
However, the threat is not one-sided. Small defense contractors, often focused on building advanced technology for the Department of Defense, are being targeted by nation-state-backed actors, such as those from China [8]. Despite thinking their work is not important enough to be targeted, these companies are finding themselves in the crosshairs.
This is a significant concern, given that China has stolen more corporate data from the United States than any other nation [9]. The NSA's efforts to support the DIB are aimed at addressing these challenges posed by the changing battle space.
In a recent visit to a small defense contractor, the NSA's chief of DIB defense, Bailey Bickley, noted an unsecured IT environment with printers, filing cabinets, and taxidermied animal heads in the headquarters [10]. This underscores the need for vigilance and the implementation of robust cybersecurity measures across the board.
In conclusion, protecting small defense companies in AI-driven emerging industries requires a combination of internal controls, advanced AI defenses, government collaboration for intelligence and red teaming, and leveraging external cybersecurity services, including free or low-cost penetration testing offerings like Horizon3.ai [1][2][4]. The NSA's contract with Horizon3.ai is a step in the right direction, offering free penetration tests to small firms in the DIB, helping them fortify their defenses against the ever-evolving cyber threat landscape.
- The National Security Agency (NSA) recognizes the need for solutions to address the gap in cybersecurity resources and awareness among small defense companies in the defense industrial base (DIB).
- Collaboration with up-and-coming companies like Horizon3.ai can provide essential services, such as free penetration testing, to help identify security weaknesses for small businesses in the DIB.
- Protecting small defense companies necessitates a layered approach, which includes AI governance, cybersecurity practices, defensive AI systems, government collaboration, budget prioritization, and external cybersecurity services.
