DoW Cybersecurity: Challenges, Solutions and Implications
More than 15 years ago, the DoW formally elevated cyber pursuits to the same strategic level as sea, land, air and space. This acknowledgement shifted cybersecurity from risk management to a national defense need, underscoring the importance of protecting the DoW’s defense infrastructure and networks. Defense cybersecurity challenges have since evolved into a multi-domain conflict, particularly with China and Russia - both aiming to infiltrate digital assets. Newer attack surfaces, enhanced threats, supply chain and legacy systems are all areas of focus for the DoW, with agencies offering both solutions and opportunities for vendors and partners to solve these complex challenges.
Newer attack surfaces: AI-enabled systems
The increased application of AI/ML across agency networks introduces a number of concerns for security across the DoW, including:
- Data poisoning: compromised or malicious data, label manipulation and poor data management
- AI model manipulation: insecure model training pipelines, untrusted data ingestion, weak access control or insufficient monitoring
- Opaque decision-making: untraceable data lineage, poor documentation and lack of auditing or validation mechanisms
Solution Building
The FY26 NDAA requires that military systems using AI/ML employ cybersecurity measures across their entire lifecycle (data, training, deployment, monitoring), along with earlier integration of security into AI acquisition. Defense agencies also released a comprehensive cybersecurity risk management guide that specifically addresses these concerns for adopting AI responsibly and securely, including prohibiting the DoW from using AI systems from covered nations, including China, Russia, N. Korea and Iran.
There are strong opportunities for vendors and partners offering AI security, model monitoring, secure MLOps and AI RMF compliance tooling. Companies must demonstrate how AI systems meet DoW frameworks and Zero Trust principles simultaneously.
Persistent Nation-State Cyber Threats: China, Russia, Iran
DoW networks encounter continuous cyber threat activities from advanced adversaries seeking to infiltrate both military and defense-industrial infrastructure. These threats increasingly leverage commodity tools and internal resources techniques such as active OS tools, admin utilities and commercial software.
DoW networks encounter continuous cyber threat activities from advanced adversaries seeking to infiltrate both military and defense-industrial infrastructure. These threats increasingly leverage commodity tools and internal resources techniques such as active OS tools, admin utilities and commercial software.
Solution Building
Defense agencies have been spearheading zero trust architectures, improving threat intelligence sharing and alignment with federal agencies (IC, CISA), as well as the DIB in using tradecraft mapping by MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) to log adversary attack strategies and behaviors. Known exploited vulnerabilities (KEVs) are prioritized for patching across DoW networks as well.
Offering application modernization with embedded Zero Trust controls is essential. IT companies that map detections explicitly to MITRE ATT&CK and KEVs will align best. Expect demand for advanced EDR/XDR, threat intelligence platforms, continuous vulnerability management and automated patch orchestration to increase.
Supply Chain and Defense Industrial Base (DIB) Cyber Risk
Cyber threat reports from the DoD Cyber Crime Center documents (DoD C3) adversaries including China and Russia often targeting contractors and the software supply chain, exploiting weaker cyber postures to infiltrate DoW networks. Previous cybersecurity requirements for the DIB, particularly CMMC 1.0, proved insufficient for protecting Controlled Unclassified Information (CUI).
Solution Building
In December 2024, the DoW released Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0), which includes multi-phase enforcement being integrated into acquisition to raise the cyber posture of the DIB. This model created enforceable cybersecurity requirements and sought to align the DIB cyber posture with NIST standards and the DoW zero trust principles. Defense agencies are also applying supply-chain risk management (ICT-SCRM) to address cybersecurity for supplier and vendor risk management. This includes the use of Software Bill of Materials (SBOM) to ensure that agencies exercise adequate cyber risk expectations of vendors and software developers and assess open-source and third-party risks.
IT companies must prioritize CMMC certification to avoid loss of DoW contracts. SBOM management and software composition analysis will be essential for IT companies to show transparency, particularly for the software that supports high-impact missions and operations. Vendors and partners that implement security early in DevSecOps pipelines will be favored over patched security solutions.
Legacy Systems and Technical Debt
Substantial portions of the DoW’s infrastructure still rely on aging systems not originally designed for modern cyber defense. This creates challenges for encryption, identity management, monitoring and rapid patching. The GAO continues to report weaknesses in disparate cybersecurity postures, planning and performance tracking across major agency IT programs.
Solution Building
The FY26 NDAA has mandated a formal DoW technical debt classification framework, integrating cybersecurity into budget and acquisition decisions. The cyberactivity budget for FY26 increased by 4.1% from the prior year for the defense agency despite cuts among civilian agencies. At the system level, zero trust implementation drives explicit identification of technical debt and cyber risk. Approximately $612M is allocated to DoW cyber research to deploy and modernize the next generation cybersecurity and cyberspace operations programs. The NDAA emphasizes the use of AI and machine learning systems to reduce the agency’s technical debt, but it stresses the need for the Pentagon to apply cybersecurity best practices. The NDAA also prioritizes enhanced protections for wireless mobile phones that the agency provides to senior military officials and employees who perform sensitive national security functions. To reduce disparate cybersecurity postures across the agency, DISA’s Thunderdome and Flank Speed initiatives serve as the agency’s reference architecture for zero trust and enterprise IT modernization, helping the DoW reduce long-standing fragmentation across its components.
The DoW emphasizes that solutions offered should have zero trust controls built into the applications. Support for legacy systems should also include practical security overlays that cannot be rapidly replaced. IT companies that can help agency leaders quantify cyber risks and technical debt in mission and budget terms will gain a strong footing with the DoW. Offerings that accelerate modernization while reducing fragmentation, ATO friction and operational risk will resonate favorably with the agency buyers.
Operational Technology (OT) and Weapon Systems
DoW operational technology and weapon systems present a unique cybersecurity challenge, as they were designed for isolated, safety-critical operations, not a persistent cyber threat environment. They pre-date modern cyber threats and zero trust principles, and rely on proprietary hardware, custom protocols and long life-cycle components. They cannot tolerate frequent patching, active scanning or configuration changes without risking mission failure or safety impacts.
Solution Building
In November 2025, zero trust guidance was issued for operational technology to address the constraints of OT and weapons systems. It prioritizes embedding cyber into system design and acquisition, strengthening oversight to reduce fragmentation and enforcing consistent risk management. Where modernization is not feasible, the DoW applies security overlays (protective layers), segmentation (access control) and isolation (containing risk without downtime) to reduce exposure without altering core system functionality.
It’s critical that IT companies can translate Defense policy into deployable IT patterns (zones, conduits, gateways) and adapt security to mission and safety constraints. The DoW favors companies that can combine engineering, integration and accreditation expertise to support OT and weapon-system cybersecurity. Market differentiation includes platform experience, OT/weapon-system cyber expertise and the ability to support continuous authorization models.
To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.
About the Author:
Toan Le is a Senior Market Insights Analyst on the DLT Market Insights team covering DOD and IC domain-centric trends across the Public Sector.
Related Blog Posts
