An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

News | May 15, 2024

Small Defense Contractors Share How NSA Gives Them a Boost

FORT MEADE, Md. - A buzz is reverberating throughout the Defense Industrial Base (DIB) about the National Security Agency (NSA).

Word has spread that the Agency’s new Cybersecurity Collaboration Center (CCC) offers no-cost cybersecurity services, and businesses are signing up in growing numbers, according to CCC Chief Morgan Adamski: “Companies see the value not just for their bottom line, but also for national security.”

Established in 2020, the CCC embraces one of NSA’s primary strategies for cybersecurity: scaling public-private partnerships empowered by insights derived from foreign signals intelligence.

To date, more than 1,000 industry partners have signed up for CCC services. These companies have broad and deep reach, ranging from major service providers that can harden billions of endpoints to small businesses that provide critical components to the nation’s most sensitive systems.

Working together with the CCC as the bridge, NSA and its partners are sharing insights and building a comprehensive threat picture that is mutually beneficial.

Small businesses make up the majority of the DIB supply chain (70%). These small businesses have access to sensitive Department of Defense (DoD) information, but often don’t have the technical expertise or other resources to defend their networks against a sophisticated nation state threat, said Bailey Bickley, NSA’s DIB Defense Chief.

“These companies are an attractive target for our adversaries who are seeking to steal U.S. intellectual property in order to build their own military capabilities and economies,” said Bickley. “We don’t expect small businesses to defend against nation-state threats alone. It’s in NSA’s and DoD’s best interests to help.” 

‘Seamless’ Integration in 15 Minutes

Mike T. is the founder and owner of a small defense contractor that manufactures critical components for national security systems. When he recently learned that his company’s network contained slight misconfigurations, he jumped on the issue and reached out to NSA for help.

“We don’t want people finding a backdoor and stealing drawings and next thing you know, we are on the hook,” he said.

Analysts at the CCC were able to enroll Mike’s company in NSA’s DIB Cybersecurity as a Service (CSaaS) offerings. As a result, the company received technical assistance to help improve his company’s network security. This included enrollment in a Protective Domain Name System (PDNS) service, which blocks users from connecting to known malicious or suspicious domains by running them through a filter —composed of commercial threat feeds and a unique threat feed provided by NSA — prior to resolving them. The integration was “seamless” and took 15 minutes, he said.

Further, the networks for Mike’s company are now hardened against malicious nation-state actors who could steal its intellectual property, putting the nation’s insights and investments at risk.

“As a small business, we don’t have the unlimited resources that the big players have, so we appreciate anything that gives us an edge,” said Mike, whose workforce numbers between 8 and 32 people depending on production cycles. “It is one less thing to think about, one less expense, and one less worry.”

NSA also benefits by receiving DNS data that the CCC is able to run custom analytics over to better understand ways nation-state actors are targeting the DIB, and then, defend against them.

The service is processing 70 million DNS queries a day and has blocked billions of malicious queries to date, including ransomware activity and known nation-state spear phishing, malware, and botnets, according to statistics compiled by the Cybersecurity Directorate’s DNS provider.

PDNS is just one part of the CCC’s suite of services offered to the DIB that the DoD funds. Other core services provided by the DIB Defense Team are Attack Surface Management — gaining an adversarial view of a company’s network and then finding and fixing issues — and Threat Intelligence Collaboration — staying ahead of the adversary by receiving non-public, DIB-specific NSA threat intelligence.
Attack Surface Management helps customers prioritize patching by providing an inventory of internet-facing assets, running vulnerability scans across those assets to determine where they may be vulnerable, then prioritizing results based off which vulnerabilities are under active exploitation.
Two newer authorities, delegated by the Secretary of Defense and the DoD Chief Information Officer, underpin the CCC’s ability to engage in bilateral information sharing with companies: the 2019 National Defense Authorization Act Section 1642b, and the 2020 DIB Delegation of Authorities.

Companies with active DoD contracts are encouraged to learn more about the CCC and enroll in NSA’s DIB Cybersecurity services. Get started by filling out a Cybersecurity Services Contact Form.

NSA Media Relations