Naval Air Systems Command (NAVAIR) has taken a significant step towards enhancing the security of its supply chain by awarding a $95-million contract to Fortress Government Solutions. This initiative aims to identify and mitigate cyber risks associated with its airborne systems programs.
The contract spans five years and involves the deployment of a robust cyber supply chain risk management platform. This system will provide continuous monitoring of vendors, components, and software utilized across NAVAIR’s diverse portfolio, which includes high-profile projects such as the F-35 Lightning II and the MQ-25 Stingray drone.
In a conversation with DefenseScoop, Fortress President Don Archer outlined the platform’s capabilities, noting its ability to deliver actionable insights regarding vendor operations, financial health, and cybersecurity. This functionality enables program offices to detect vulnerabilities in real-time, allowing for swift responses to potential threats before they impact operational integrity.
Previously, risk management largely relied on contractors, but this new strategy represents a shift towards a more proactive approach by the Navy. By taking charge of monitoring its industrial base, NAVAIR aims to enhance security and operational readiness.
The complexity of NAVAIR’s supply chain cannot be understated. It encompasses thousands of vendors and subcontractors, both domestically and internationally, who provide critical parts, software, and systems. Ensuring the security of this supply chain is vital, as even minor vulnerabilities can create significant ripple effects, potentially jeopardizing operational readiness and the safety of aircraft.
As an example, the F-35 program involves numerous global suppliers and financial commitments amounting to billions. Each component presents a potential entry point for cyber threats or operational risks.
The platform developed by Fortress aggregates data across all tiers of the supply chain, continuously evaluating risks not only from malicious cyber activities but also from financial uncertainties, geographic operational risks, and technological dependencies. This centralized visibility allows NAVAIR to identify high-risk suppliers and proactively address vulnerabilities before they escalate, ensuring resilient operations in even the most challenging environments.
This initiative aligns with broader objectives set forth by the Department of Defense to diminish reliance on foreign-sourced hardware and software, advocating for secure manufacturing practices within the United States.
