The Defense Industrial Base (DIB) Sector produces, designs, and maintains military systems to meet US military requirements. A majority of organizations in the sector are privately owned and range in size from small family-run businesses to Fortune 100 companies.
The DIB is composed of 13 industries—Shipbuilding, Aircraft, Missile, Space, Combat Vehicle, Ammunition, Weapons, Troop Support, Information Technology, Electronics, Mechanical, Structural, and Research and Development. Ten of these 13 industries operate in New Jersey.
The DIB sector remains a consistent target for cyber espionage and intellectual property theft from state-sponsored threat actors, namely China, Russia, and Iran. According to the Office of the Director of National Intelligence, capable threat actors target US government, military, and commercial networks on a daily basis. In August 2015, the Dell SecureWorks Counter Threat Unit released a report detailing a sophisticated group of Chinese hackers—referred to as Threat Group-3390—that stole confidential data from US defense contractors and manufacturers in the aerospace, technology, and energy industries. In May 2016, the FBI released a bulletin detailing vulnerabilities used by advanced persistent threat groups who conduct cyber espionage against US commercial and government networks.
Insider Threat: High
In January 2015, Mozaffar Khazaee, a Connecticut resident, pleaded guilty to attempting to ship proprietary information on US military jet engines—obtained from his previous employment with three DIB companies—to Iran. In 2013, Sixing Liu, a New Jersey resident, was convicted of sending sensitive information and trade secrets to China, which he acquired from his defense contractor employer.
Terrorist groups have not attacked this sector in the United States, but they have identified DIB facilities as potential targets. In August 2014, al-Qa’ida in the Arabian Peninsula identified the headquarters of a DIB company in California as a potential target. In May 2010, Faisal Shahzad attempted to detonate a car bomb in New York’s Times Square. Shahzad intended to attack four other targets, including a DIB manufacturer in Connecticut, after this attack.
The Department Of Defense (DoD) has established the DIB Cybersecurity Program to safeguard DoD information that resides on unclassified networks or contractor information systems. This public-private cybersecurity partnership is designed to improve DIB network defenses, reduce damage to critical programs, and increase cyber situational awareness. Under the program:
- DoD contractors must report cyber incidents in accordance with the Defense Federal Acquisition Regulation Supplement.
- DoD Cloud Service (CS) providers and participants must report cyber incidents in accordance with the Framework Agreement. CS providers are defined as commercial vendors or federal organizations providing cloud services. Participants are public and government customers utilizing cloud services from the CS provider.
- What tactics are cyber threat actors or terrorist organizations using to probe or compromise DIB companies in New Jersey?
- When and how have DIB companies in New Jersey been compromised by external cyber threat actors?
For more information, please contact NJOHSP's Preparedness Bureau at firstname.lastname@example.org.