In 2018, the Department of Defense faced a threat to its military advantage by determined adversaries and their intent to steal plans, documentation, designs, and intellectual property for key weapon systems. In response to this threat, the Department established the Protecting Critical Technology Task Force (PCTTF) in 2018, which, across four lines of effort, aimed to improve the cybersecurity of the Defense Industrial Base, secure the Department of Defense research and development enterprise, stop technology leakage through export and foreign ownership, and impose costs on adversary intelligence campaigns.
The Department relies on its prime contractors to ensure the sanctity and operational security of critical information integrated in its programs—close coordination, cyber-conscious program management, and the establishment of appropriate incentives are critical. Hence, it becomes extremely important to identify SMBs (small-to-medium business) that might pose a threat to the federal department and it's research and acitivities.
Problem Statement: Identify important subcontractors based on critical criteria defined by the NSA and explore other aspects of the awards dataset.
View code here.
From the figure alongside, it can be seen that over 70% of the contracts are funded by The DARPA and over 25% of the contracts funded by the Department of Air Force. It becomes extremely important to accurately evaluate the threats posed by the subcontractors since all the contracts heavily involve state secrets, plans, politicies, systems in place and access to them.
Most of the organizations who have been awarded contracts are Goods Manufacturers and For-profit firms/ companies. A research published by Deloitte- Manufacturers Alliance for Productivity and Innovation (MAPI) found that most of the cyber threats experienced by manufacturers were coming from internal employees through phishing, direct abuse of IT systems, errors and omissions and use of mobile devices. Source
According to the NSA, there are two criteria to decide if a subcontractor is important or not.
Subcontractors appearing in majority of the supply chain or contracts.
Subcontractors that provide with a unique product.
Ducommun Incorporated and NORTHROP GRUMMAN CORPORATION are the top two companies with highest number of contracts, both of which are publicly listed Aerospace and Defence companies.
It can be seen that the different projects undertaken by the NSA and the contractors are related to Hypersonic Air Breat which is one of the most recent developments in Hypersonic missiles and still in development stages in many countries. A cyberattack on such a crucial and sensitive weapon, in the wrong hands, can lead to a nuclear war.
One very interesting observation is that the only parent company- ORBITAL ATK, INC. (ALLIANT TECHSYSTEMS OPERATIONS LLC) is working on the AMS:AAWS project which makes this a unique project out of the all along with AMS:HYPERSONICS. Interestingly, the same subawardee ALLIANT TECHSYSTEMS OPERATIONS LLC is the company/ subsidary/ branch of the ORBITAL ATK, INC. with the maximum number of awards granted which makes this company and parent company one the most important subcontractors.
The above network graph the associations between the Subawardee companies and their parent companies based on the primary performance state in the United States. The nodes can be dragged around and will be repositioned dynamically. This chart is great to see heirarchy structure of the subcontractors and their parent companies. One can also see the number of parent companies present by each state.
It can be see that California has the maximum number of companies (9) with their primary sites in this state followed by Arizona, Pennsylvania and New York.
Critical technologies such as Sensors, Batteries, Detonators and Initiators, Missiles, Launchers and Cannisters, Transmitters, Receivers, Encoders were searched for in the subawardee descriptions. Identifying states with heavy involvement in manufacturing/supply of critical technologies is extremely important because in the U.S. cybersecurity laws exist at both the federal and state levels and vary by commercial sectors.
All the awards fall into the R&D category. This insight is very important since the scope of losing this type of data to a cyberattack is zero. From the above analysis, we are able to identify some of the most important subcontractors in the database. Based on the 2 important criteria to evaluate the cybersecurity threat for a company the following was concluded:
Important companies based on pervasiveness or appearing in many critical supply chains: Ducommun Incorporated and NORTHROP GRUMMAN CORPORATION are the top two companies with highest number of contracts, both of which are publicly listed Aerospace and Defence companies. Orbital ATK, Inc. can also be considered as on of the important contractors.
Important companies based on supply/ input of critical technologies:
Subawardee name | Address (City, State) | Number of awards/contracts | Critical Technology |
---|---|---|---|
Eaglepicher Technologies, LLC | Joplin, Missouri | 6 | Batteries & Sensors |
Measurement Specialities, Inc. | Hampton, Virginia | 2 | Batteries & Sensors |
Space Vector Corporation | Chatsworth, California | 2 | Batteries & Sensors |
Advanced Thermal Batteries, Inc. | Westminster, Maryland | 2 | Batteries & Sensors |
Diversified Technical Systems, Inc. | Seal Beach, California | 2 | Batteries & Sensors |
Pacific Scientific Energetic Materials Company | Chandler, Arizona | 4 | Explosives |
Port Electronics Corporation | Lawrence, Massachusetts | 2 | Explosives |
Morgan Advanced Ceramics, Inc. | Hayward, California | 2 | Explosives |
Marvin Engineering Co., Inc. | Inglewood, California | 2 | Explosives |
Hi-Tech Machining & Engineering, LLC | Tuscon, Arizona | 2 | Explosives |
ATK Space Systems, Inc. | San Diego, California | 2 | Explosives |
Allcomp Inc. | City of Industry, California | 2 | Explosives |
L3 Technologies, Inc. | San Diego, California | 6 | Radio Frequency Devices |
Herley Industries, Inc. | Lancaster, Pennsylvania | 2 | Radio Frequency Devices |
Quasonix, LLC | West Chester, Ohio | 2 | Radio Frequency Devices |
BAE Systems information & Electronic Systems | Cedar Rapids, Iowa | 2 | Radio Frequency Devices |
L3 Technologies, Inc. | Bristol, Pennsylvania | 2 | Radio Frequency Devices |