Skip to main content

Cyber Security

In the past decade, intelligence collection and information theft by adversaries all over the globe has emerged as a growing threat. At the same time, our robust investment in R&D has led to the generation of substantial intellectual property.  As we continue to innovate, acquire new companies and develop new capabilities, we expect to continue to benefit from an increase in outsourced subsystem development work by our prime defense contractor customers.

As our customers have entrusted us with more of their data, and with our rapid growth in the aerospace and defense (A&D) space, our visibility has increased. Our growing presence reinforces the importance of our commitment to ensuring the highest standard of security practices. Specifically, with our increased prominence, nation-state adversaries have taken note of our role in the defense supply chain.  Concurrently, as the defense primes have strengthened their security posture, the next tier of the defense supply chain has been identified as a potential weaker link that nation-states look to compromise. Further, as we have seen on numerous occasions in the media, successful cyber-attacks can have severe negative impacts on a business’ reputation with key stakeholders including customers and investors.

To mitigate risk of compromise and reputation risk, we have heightened our focus on implementing processes that reliably safeguard information, identify malicious activity and educate our workforce. With the cyber landscape continually changing, and new threats appearing daily, a strong team and scalable architecture with layers of defenses is critical to defending valuable data.

Given our rapid organic and inorganic growth, we have paid particular attention to developing processes to mitigate risks of acquiring and integrating new companies along with their employees and systems into our systems and protocols.

We are also aware that we have a downstream responsibility, as demonstrated in our efforts to evaluate the next tier of our supply chain and help suppliers to secure their systems and processes.

Our good work has been recognized and we remain committed to modeling industry best practices. We have deployed and have been relying upon a best in class industrial security program as evidenced by superior ratings from the U.S. Defense Counterintelligence and Security Agency (DCSA).  Two of our sites were recognized with the James Cogswell award; less than 1% of the 12,000+ cleared contractors receive this award annually.

 

Acquisitions and Growth

We are continuously searching for ways to improve the security protocols of our insider threat program, especially given our strategic growth objectives, which include a continued and rapid pace of acquiring companies and capabilities.  As a result, we remain focused on mitigating risks associated with the acquisition of new companies and employees.

We perform a full third-party security assessment of the acquired company prior to connecting it to our network.  The acquired company will be incorporated on standard Mercury network hardware, end user devices, business applications and engineering tools.  Our One Mercury approach ensures that we are not jeopardizing our security posture for the sake of business growth.

 

Downstream Responsibility

Insiders represent a challenging threat to defend.  We are continually evaluating new technologies to help detect abnormal behavior of those who access our network on a daily basis.  We leverage third party resources so that between Mercury IT personnel and third parties we monitor our network 24/7.

We also continue to look at the next tier of the supply chain, evaluate their maturity and help those suppliers take affordable steps to make them more secure. 

The U.S. Defense Counterintelligence and Security Agency (DCSA) has recognized cyber as another pillar in defense base security.  Signs point toward defense suppliers being rated, similar to a credit rating, on their ability to protect customer assets and deliver products uncompromised.

 

Training

As the cyber threat landscape evolves so has our user training.  We leverage the latest threat intelligence and vendor content to ensure our user training and anti-phishing campaigns represent the current threats our employees are likely to encounter. We routinely test our workforce through simulated phishing campaigns, including corrective action instructions for employees who click on links in the simulated attacks.  

 

Key Tenets of our Cyber Security Program

Leadership Commitment

C-Level and Board of Directors support of cyber security as a strategic investment

Strong Security Posture

IT environment managed in a highly restrictive, highly secure manner

Protect Customers' Data

Customer data maintained in a secure cloud infastructure

Strong Access Control

Two-factor authentication for remote access, privileged accounts and secure cloud

Invest in Leading Technology

Best in-class firewalls, 0-day protection, SIEM, email monitoring, MDM

Security Aware Workforce

Ongoing security training curriculum and phishing simulations

Continuous Monitoring

Mercury & third parties monitor network for security incidents 24/7

Cyber Community Participation

Active participant in DIB and industry cyber communities