What we’re talking about
Counterfeit part prevention remains a high priority for the aerospace, defense, and electronics sectors in 2025. Unauthorized parts when used in critical applications can lead to catastrophic failures. Counterfeit components can include remarked parts or cloned components that are illegally manufactured. There is an escalating trend for counterfeit parts in most manufacturing sectors. Components at
The growth of utilization of technology in QMS provides many advantages but also raises critical concerns. This growth is occurring as a result of technological advancements and changes in the global manufacturing marketplace. While these developments have the potential for increasing customer satisfaction and continuous improvement of business processes they also present added complexity to
Cybersecurity trends for 2025 show multiple areas of concern in a time of growing risks. A Cybersecurity Assessment Report from Bitdefender reveals findings from 1,200 cyber professionals that define key areas for improvement. These areas include reduction of attack surfaces, complexity of disparate tools, c suite perceptions, and cyber professional burnout. Reporting Incidents In the
The U.S. Secret Service dismantled a network of devices in New York city that posed a significant telecom threat. This equipment could have potentially disabled cellphone towers facilitating anonymous communications for criminal activities. This operation was particularly urgent due to the ongoing United Nations General Assembly meeting with world leaders. Equipment at Various Sites Across
Cybersecurity Maturity Model Certification (CMMC) and export compliance programs should be coordinated efforts driven by upper management to avoid export regulation violations. A Federal News Network article discussed the fact that CMMC assessments are uncovering unknown export regulation violations. The article points out the dangers of maintaining compliance programs in separate silos. Technology Control Plan
The Defense Federal Acquisition Regulation Supplement (DFARS) implementing the Cybersecurity Maturity Model Certification (CMMC) program has been finalized. This rule, available on the Federal Register, will become effective November 10, 2025. This action by the Department of Defense (DoD) (now the Department of War) will make CMMC compliance a contractual requirement on all solicitations and
Export regulations effectiveness in the protection of U.S. national security and promotion of foreign policy objectives has become a growing concern given the pace of regulatory changes. Recently, the Foundation for Defense of Democracies and the Center for Strategic and International Studies have published reviews of their findings on the issue. U.S. Semiconductor Controls Center
A Department of Defense (DoD) class deviation has postponed the CMMC compliance requirement originally set for October 1, 2025. This requirement, effective as of September 3, 2025, notifies contracting officers that they are not to use the DFARS 252.204-7021 contract clause in new solicitations and contracts. This class deviation will remain in effect until the
The AUKUS nuclear submarine program is under a Pentagon review to access if the agreement will leave the U.S. Navy with sufficient submarine fleet assets to address its national security requirements. There have been concerns that the current agreement would leave the United States with a shortage of Virginia class boats due to challenges in
In an attempt to level the playing field, the Bureau of Industry and Security (BIS) revokes Validated End-User (VEU) waivers that allowed foreign-owned semiconductor facilities in China to import U.S. technology without licenses. Companies such as Samsung and SK Hynix will now be required to obtain licenses for their operations. This move aims to level
Microsoft has been using Chinese engineers to assist with the maintenance of the Department of Defense’s (DoD) cloud systems, supervised by U.S. personnel known as “digital escorts.” This arrangement, which dates back decades, involved using U.S. citizen Microsoft employees with security clearances to oversee work being done on highly sensitive databases. In many cases these
Revisions to the International Traffic in Arms Regulations (ITAR) and the United States Munitions List (USML) have been released to streamline compliance and enhance national security while facilitating trade with United States allies. The Department of State Directorate of Defense Trade Controls (DDTC) has released these changes to clarify the ITAR and remove defense articles
The National Institute of Standards and Technology (NIST) is developing control overlays for securing Artificial Intelligence (AI) systems to help organizations manage cybersecurity risks associated with various AI use cases, including generative AI and predictive AI. These overlays are designed to help organizations manage cybersecurity risks associated with various AI applications. The NIST AI control
The Bureau of Industry and Security (BIS) has recently paused the processing of new export license applications, leading to significant delays. This pause, which affects applications submitted after February 5, 2025, has raised concerns about the impact on business. The pause is part of an internal review of licensing policies initiated by Undersecretary Jeffrey Kessler
C-suite cybersecurity responsibilities include promoting a security culture, aligning cyber and business strategies, and provision of resources. This requires involvement by all executives not the Chief Information Security Officer (CISO). The prevention of a cybersecurity incident should be a key element in business strategy because of loss of operations, financial loss, and damage to organizational
The US Senate has approved the Export Control Transparency Act in an effort to enhance oversight of the Bureau of Industry and Security (BIS) dual use export controls. This Act will require the BIS to submit quarterly reports to Congress detailing export licensing requests. This reporting would include aggregate statistics on all license applications and
