The Department of Defense has announced a $2 billion cybersecurity initiative focused on securing the defense industrial base supply chain. The program provides funding, tools, and expertise to the 300,000 small and medium companies that supply components to defense contractors.
The Cybersecurity Maturity Model Certification program has been fully implemented, requiring all defense contractors to demonstrate specific security capabilities before receiving contracts. However, the new initiative goes further by providing direct support to companies that struggle to meet requirements.
Free security assessments, subsidized security tools, and shared security operations center services are available to qualifying small businesses. The DOD recognizes that mandating security without providing support could exclude innovative small companies from the defense supply chain.
The initiative was prompted by several high-profile incidents where adversaries accessed sensitive defense information through attacks on small subcontractors. A 2025 assessment found that 60% of defense supply chain companies had significant cybersecurity vulnerabilities.
Industry groups have welcomed the support while expressing concern about the compliance burden. The DOD is working to simplify certification requirements and provide clear, achievable security standards that small businesses can implement without dedicated cybersecurity staff.
