Naval Air Systems Command (NAVAIR) is moving to secure its supply chain with a $95-million contract awarded to Fortress Government Solutions, aiming to identify and remediate cyber risks across its airborne systems programs.
Under the five-year contract, Fortress will deploy a comprehensive cyber supply chain risk management platform that continuously monitors vendors, components, and software across NAVAIR’s portfolio. This includes major programs like the F-35 Lightning II and the MQ-25 Stingray drone.
Fortress President Don Archer told DefenseScoop that the system provides actionable insights into vendor operations, financial stability, and technology security, enabling program offices to detect vulnerabilities in real time and respond before they can affect operations.
He also emphasized that, unlike previous practices that relied on contractors to manage risk, the navy will now take a more proactive role in monitoring and securing its industrial base.
NAVAIR’s Supply Chain
NAVAIR’s supply chain spans thousands of vendors and subcontractors across the US and abroad, providing parts, software, and systems essential to both routine operations and high-priority missions.
Securing this chain is critical because even minor vulnerabilities can ripple through programs, affecting operational readiness and the safety of aircraft in service.
For example, the F-35 program alone involves multiple international suppliers and billions of dollars in components, any of which could become an entry point for cyber or operational exploitation.
Fortress’ platform aggregates data from all tiers of the supply chain, continuously analyzing risks not just from malicious cyber activity, but also from financial instability, operational locations, and technology dependencies.
By centralizing this visibility, NAVAIR can prioritize high-risk suppliers, address vulnerabilities before they escalate, and maintain resilient operations even in contested environments. This approach aligns with broader Defense Department goals to reduce reliance on foreign-made hardware and software while promoting secure, US-based manufacturing.
