Samuel J. Pastoriza

Cyber Risk Management and Prioritization

Cyber Risk Management and Prioritization

Introduction
Visualizing Subcontracts
Exploring Subcontract Funding
Exploring Subcontract Descriptions
Conclusions
Home > Contracts > Overall Findings and Further Exploration

Overall Findings and Further Exploration


Two methods were utilized to attempt to prioritize a list of 79 subcontractors in order of importance in the supply chain. The first method, finalized in Figure 6, explored the subcontract funding and theorized that higher funded subcontracts were more important to the main contractor versus other contractors. Subcontractors like Alliant Techsystems are more important when Raytheon awarded them multiple subcontracts worth 5-10 times more than any other subcontract awarded to the rest of the subcontractors. It was not clear what each of the subcontracts for Alliant Techsystems was for, but investing that much capital into that many subcontracts is a clear outlier. Regardless of what each subcontract is for, Alliant Techsystems should be targeted for more protection against cybersecurity attacks.

The second method utilized the description of each subcontract to narrow the focus to subcontractors that produced unique products critical to the supply chain. The final iteration, shown in Figure 11, shows a set of 13 subcontractors that are critical to the supply chain. Two of these subcontractors, AllComp Inc and Pacific Scientific Energetic Material Company have multiple different contracts for different types of unique product. These two subcontractors should be targeted for more protection against cybersecurity attacks.

In this analysis, three subcontractors were chosen out of 79 total. Using this analysis, the US government should specifically focus its efforts on these three companies. However, they should not lose sight of the rest of these subcontractors. For further consideration, there are many subcontractors in this contract that should be considered high priority and are single points of failure. In Figure 11, 13 subcontractors were considered single points of failure for this contract. A simple table that prioritizes each subcontract based on multiple criteria like funding and the product they supply would give an excellent view of the cybersecurity priority level. A viewer would find it helpful to have one table ordering all subcontractors by priority level with an explanation behind the order being automatically generated through the code powering these visualizations.