Image Cyber Security Tool
BAE Systems Australia, Saab Australia, industry partners and government have developed the Cyber Framework for the Defence Industry (CFDI) to measure and increase the cyber resilience of SMEs wanting to work on Defence programs.

The CFDI was developed to simplify and help address the growing cyber risk facing SMEs as many don’t have the same level of cyber resources and protections as the larger defence contractors. 
The CFDI provides a standardised approach to cyber maturity assessment and can also be used to guide users to next steps to increase their levels of cyber protection. The tool aims to support companies so they can self-manage their cyber security requirements and risks.      
BAE Systems Australia Chief Information & Digital Officer, Michael Salas, said: 
 “We want more Australian SMEs to provide services and new technologies into defence programs because a more diverse supply chain enables greater levels of innovation.
“The Cyber Framework is a great start for SMEs wanting to self-assess their level of cyber risk.
“They can undertake a quick assessment of their cyber maturity which then leads to the identification of key areas in which to invest and improve a company’s defences. This leads to improving the cyber maturity of our defence supply chain and better outcomes for our customers.”
Saab Australia Managing Director, Andy Keough, said:
“The new framework will reduce barriers to entry for SMEs into defence supply chains by providing a common cyber assessment tool.
“Currently SMEs face a different and complex security assessment process each time they work with a different defence prime.
“In developing this framework we have reduced red tape, making it easier for SMEs to secure opportunities in the defence sector.
“By the very nature of their size, many SMEs do not have the resources or expertise to upskill in information handling or cyber protection to meet defence requirements. This framework gives them a clear roadmap to gaining the required levels of cyber maturity.”
Raising the level of cyber security and cyber resilience of suppliers should have a flow on effect of increasing defence industry opportunities for SMEs developing or producing innovative technologies and services.
Defence companies require suppliers to have cyber security that reflects the products or services they provide and this can be a barrier to entry as many SMEs.
Twelve prime contractors have adopted the CFDI.
Notes to editors:
CFDI is based on recognised standards such as the ACSC Information Security Manual, the Essential 8 and the US NIST Cyber Security Framework to build a Cyber maturity assessment questionnaire and evaluation process that allows a quick, simple cost effective way to measure and organisations cyber security maturity.
Completing the CFDI allows the SMEs to gain an understanding of their Cyber maturity and CFDI’s alignment with the ACSC Essential 8 means focus implementation of the most effective cyber security controls.
 According to the Australian Cyber Security Centre’s 2020-21 annual report:
•    Self-reported losses from cyber crime in Australia is more than $30 billion 
•    70,000 cyber crimes were reported – an increase of 13 percent on the previous year
•    In Australia there is a cyber crime reported every 8 minutes.
12 Default Profile Image
Kaye Noske
Senior Communications Manager Media
BAE Systems Australia

Mobile +61 (0) 401 121 444