Defense Department Plays Key Role in Industrial Base Oversight

Defense has oversight of the industrial base critical infrastructure sector. The United States could not project power, wage war or provide deterrence without the defense industrial base. There are more than 100,000 companies performing research, development, procurement, maintenance and support work under Defense Department contracts, so the industry’s importance cannot be understated.

Given the Defense Department’s reliance on the commercial sector for its mission-essential tasks, the defense industrial base is a rich hunting ground for bad actors targeting vulnerabilities to outright destroy military capabilities, gather intelligence or steal intellectual capital, any of which would severely impact U.S. national security.

Defense has two organizations leading critical infrastructure protection: one for the department’s national level responsibilities — protection of the defense industrial base — and one for specific defense critical infrastructure sectors.

The Defense Contract Management Agency leads critical infrastructure protection of the defense industrial base. DCMA, in conjunction with combatant commanders, gathers a list of critical tasks and missions that the department must perform. They then identify those companies and technologies that, if harmed or exploited, could result in mission failure. This collaborative process leverages DCMA’s expertise of manufacturing and supply chain factors.

Criteria DCMA uses to identify critical assets include: companies with defense-unique or dual-use technologies which, if lost, could severely impact military operations; companies with products used across the military services; and companies with advanced or emerging technologies.

A protection plan prioritizes the critical assets in the defense industrial base and facilitates information sharing with industry partners about physical and cyber threats, vulnerabilities, incidents, potential protective measures and best practices. DCMA works with federal, state and local governments, and the private sector to conduct or facilitate vulnerability assessments.
Making sure defense critical infrastructure assets are available to support military operations falls under the purview of the Defense Critical Infrastructure Program. This program is led by the assistant secretary of defense for homeland defense and America’s security affairs, who provides policy direction.

Several agencies are assigned as “defense infrastructure sector lead agents.” DISLAs are the action offices responsible for identifying critical infrastructure assets, single points of failure, and corrective solutions. They recommend risk management strategies in the event a defense critical infrastructure sector is somehow degraded.

Due to the critical importance of the defense industrial base, it comes as no surprise that contractors and associated technologies are targeted relentlessly. While terrorism and sabotage are ever-present dangers, the biggest threat is cyber espionage, particularly the theft of intellectual property and military secrets. Over the past two decades, nations have targeted defense contractors and stolen sensitive data including ship, aircraft and missile designs, satellite data and even troop movements.

The biggest perpetrators among nation states are China, North Korea, Iran and Russia, each of which wants to advance its own military posture and weaken the U.S. military advantage. Cyber espionage allows these countries to fill in their own knowledge gaps, know what to target, understand our vulnerabilities and develop better defenses. It’s much cheaper and easier for them to steal data than to research and develop those weapons or technologies from scratch.

Not only have these losses eroded our technological superiority, they have cost us hundreds of billions of dollars. We’ve seen military and technological advances in countries like China parallel cyber intrusions against the Defense Department and industrial networks.

The nature and extent of the threat figures prominently in procurement decisions that government customers make. Identifying critical assets in the defense industrial base helps the department better understand threats to national security and how to mitigate risks. The cyber domain poses the biggest vulnerability.

As we become more connected online and our critical infrastructure increasingly relies on cyberspace, defending this realm extends beyond the defense establishment. The Pentagon is working with its industrial, civilian and even international partners to improve cyber security.

Lloyd McCoy Jr. is a market intelligence consultant with immixGroup (an Arrow company). He can be reached at Lloyd_McCoy@immixgroup.com or connect with him on LinkedIn at www.linkedin.com/in/lloydmccoy.

Topics: Defense Department