An official website of the United States Government 
Here's how you know

Official websites use .gov

.gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

DOD Focused on Protecting the Defense Industrial Base From Cyber Threats

You have accessed part of a historical collection on defense.gov. Some of the information contained within may be outdated and links may not function. Please contact the DOD Webmaster with any questions.

The Defense Department relies on the entrepreneurial companies and their innovative, hard-working employees in the defense industrial base, or DIB, to create capabilities for warfighters.

A person cuts asphalt with a machine.
Contractor Cut
A contractor cuts through asphalt at Ellsworth Air Force Base, S.D., Dec. 20, 2016.
Photo By: Air Force Airman 1st Class Christina Bennett
VIRIN: 161220-F-BH261-060C

Through procurements from private-sector sources, the department leverages the best technologies and innovations to give service members the battlefield advantages they need to win decisively, Deputy Defense Secretary Kathleen H. Hicks said.

"DIB cybersecurity is and will remain an expanding priority for the U.S. Department of Defense. More than 220,000 companies provide value to the department's force development, and the DIB is now facing increasingly sophisticated and well-resourced cyber-attacks that must be stopped," she said, referring to the defense industrial base. 

These cyber-attacks threaten the U.S. and the rules-based order on which the global economy relies, Hicks said. Markets cannot function effectively in an environment where adversarial countries are leveraging their national power to steal intellectual property, to sabotage commercial activity, and to threaten supply chains.

A ship worker picks up equipment.
Pallet Load
Newport News Shipbuilding contractor Maurice Askew, loads a pallet onboard the USS John C. Stennis in Newport News, Va., Jan. 12, 2022.
Photo By: Navy Seaman Apprentice Rajah Lee Thornton
VIRIN: 220112-N-FF561-0002

Recent examples of malicious cyber activity, such as the Colonial Pipeline ransomware attack and the SolarWinds espionage campaign, have shown that adversaries continue evolving their exploitation of cyberspace to steal sensitive information and disrupt systems, she said.

DOD has made protecting the defense industrial base from these threats a priority, David McKeown, deputy chief information officer for cybersecurity said.

Men install insulation panels on a roof.
Roof Work
Contractors install insulation panels on the Creech Memorial Building roof at Shaw Air Force Base, S.C., June 28, 2017.
Photo By: Air Force Airman 1st Class Destinee Sweeney
VIRIN: 170628-F-IW330-1005C

Addressing the DIB, McKeown said that "whether your company bends metal, develops capabilities, provides services or whatever its relationship with DOD, you should remain vigilant and prepare your company to defend and recover from cyber events."

Ensuring a company can defend itself against cyberattacks starts by implementing essential cybersecurity practices, he said. "The following 10 cybersecurity practices can go a long way to making your company cyber resilient:"

1
Keep up-to-date architecture diagrams with inventories of all hardware and software to be able to respond to threats quickly.
2
Patch and configure security settings on all devices and software.
3
Employ active defenses for known attack vectors and stay ahead of attackers with the latest intelligence and response actions.
4
Monitor network and device activity logs and look for anomalous behaviors.
5
 Employ multi-factor authentication because username and passwords are easily hacked.
6
Employ email and browser defenses and prevention for two of the most prevalent attack vectors.
7
Employ malware protection on the networks.
8
Encrypt data at rest and in transit.
9
Train staff to avoid and respond to suspicious events. 
10
Have contingency plans and exercise them. Employ backup and recovery, alternative services, emergency response/notification and other similar processes to ensure the organization can successfully respond to a cyber event.

A welder cuts metal.
Metal Work
Jeremi Rebman, a Newport News Shipbuilding contractor, cuts metal aboard the aircraft carrier USS John C. Stennis, in Norfolk, Va., Dec. 15, 2020.
Photo By: Navy Seaman Apprentice Curtis Burdick
VIRIN: 201215-N-ET093-0026

"No two companies are alike or operate in the same way. However, these essential cybersecurity practices are a great start for any company to strengthen its cybersecurity posture," McKeown said.

All DIB companies will be required to complete a Cybersecurity Maturity Model Certification (CMMC) (https://www.acq.osd.mil/cmmc/) which aligns with the cybersecurity requirements defined in NIST 800-171.

DOD has voluntary programs that the defense industrial base can leverage to bolster their cybersecurity posture with more rollouts planned in the future.

For more information about DOD's threat information sharing program, the DIB CS Program, please contact OSD.DIBCSIA@mail.mil or visit https://dibnet.dod.mil.

Related Stories