Cyber security key for SMEs to gain work in Australia’s defence industry
Image courtesy BAE Systems
The CFDI was developed to simplify and help address the growing cyber risk facing SMEs as many don’t have the same level of cyber resources and protections as the larger defence contractors.
The CFDI provides a standardised approach to cyber maturity assessment and can also be used to guide users to next steps to increase their levels of cyber protection. The tool aims to support companies so they can self-manage their cyber security requirements and risks.
BAE Systems Australia Chief Information & Digital Officer, Michael Salas, said: “We want more Australian SMEs to provide services and new technologies into defence programs because a more diverse supply chain enables greater levels of innovation.
“The Cyber Framework is a great start for SMEs wanting to self-assess their level of cyber risk.
“They can undertake a quick assessment of their cyber maturity which then leads to the identification of key areas in which to invest and improve a company’s defences. This leads to improving the cyber maturity of our defence supply chain and better outcomes for our customers.”
Saab Australia Managing Director, Andy Keough, said: “The new framework will reduce barriers to entry for SMEs into defence supply chains by providing a common cyber assessment tool.
“Currently SMEs face a different and complex security assessment process each time they work with a different defence prime.
“In developing this framework we have reduced red tape, making it easier for SMEs to secure opportunities in the defence sector.
“By the very nature of their size, many SMEs do not have the resources or expertise to upskill in information handling or cyber protection to meet defence requirements. This framework gives them a clear roadmap to gaining the required levels of cyber maturity.”
Raising the level of cyber security and cyber resilience of suppliers should have a flow on effect of increasing defence industry opportunities for SMEs developing or producing innovative technologies and services.
According to the Australian Cyber Security Centre’s 2020-21 annual report:
Self-reported losses from cyber crime in Australia is more than $30 billion
70,000 cyber crimes were reported – an increase of 13% on the previous year
In Australia there is a cyber crime reported every eight minutes.
Defence companies require suppliers to have cyber security that reflects the products or services they provide and this can be a barrier to entry for many SMEs.
Twelve prime contractors have adopted the CFDI.
