|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 28, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|As
a company selling products for defense applications, we may be the target of cyber-attacks from a variety of threat actors. Cybersecurity
threats include attacks on, or other attempts to infiltrate, our information technology (IT) infrastructure and the IT infrastructure
of our customers, suppliers, subcontractors and other third parties, attempting to gain unauthorized access to our confidential or other
proprietary information, classified information, or information relating to our employees, customers, and other third parties, or to
disrupt our systems or the systems of our customers, suppliers, subcontractors, and other third parties. Cybersecurity threats also include
attempts to infiltrate our products or services, including attacks targeting security, confidentiality, integrity and/or availability
of the hardware, software and information installed, stored or transmitted in our products, including after the purchase of those products
and when they are incorporated into third-party products, facilities, or infrastructure.
Our Cybersecurity Program
Our products and services are normally classified as EAR 99 by the U.S. government, but our defense customers may ask us to make some alterations for the environments the products will be used in. Moreover, our products sold for defense applications are integrated with our customers’ products and these customers may provide us with Controlled Unclassified Information (CUI) that requires, safeguarding and dissemination controls in accordance with laws, regulations, or Government-wide policies. Given the nature of our business and the cybersecurity risks we face, we have instituted a cybersecurity program for identifying, assessing, and managing cybersecurity risks, which include material risks from cybersecurity threats to our internal systems, our products, services and programs for customers, and our supply chain. Our management of cybersecurity risks to the Company is integrated into our Company-wide enterprise risk management program.
Our enterprise cybersecurity program aligns with the National Institute of Standards and Technology (NIST) standards, among others. The program includes processes and controls for the deployment of new IT systems by the Company and controls over new and existing system operations. We, or third parties we contract with, monitor and conduct regular testing of these controls and systems, including vulnerability management through active discovery and testing to regularly assess patching and configuration status. In addition, we require our employees to complete annual cybersecurity training, and we regularly conduct simulated phishing and cyber-related communications.
Incident Response.
Our cybersecurity program includes monitoring for potential security threats that may lead to vulnerabilities. We evaluate and assign severity levels to incidents, escalate and engage an incident response team based on severity, and manage and mitigate the related risks. Incidents are reported internally to members of senior management and/or the Board of Directors as appropriate based on severity and incident type and are also analyzed for external reporting requirements. Our incident response process is also designed to coordinate functions to enable continuity of essential business operation in the event of a cyber crisis.
Third Party Service Providers.
We engage third party service providers to expand the capabilities and capacity of our cybersecurity program, including for design, monitoring and testing of the program’s risk prevention and protection measures, and process execution including incident detection, investigation, analysis and response, eradication, and recovery.
Oversight of Third-Party Risk.
To mitigate risks related to the use of third party service providers, we have developed processes to evaluate and identify any risks from cybersecurity threats associated with the use of their tools or services and monitor third party service providers ongoing compliance with our cybersecurity standards. This approach is designed to oversee and manage risks related to data breaches or other security incidents originating from third parties.
Program Assessment
We continuously evaluate and seek to improve and mature our cybersecurity processes. Our cybersecurity program is regularly assessed through management self-evaluation and ongoing monitoring procedures to evaluate our program effectiveness, including assessments associated with internal controls over financial reporting as well as vulnerability management through active discovery and testing to validate patching and configuration. As cybersecurity threats are continuously evolving, we also periodically engage with third parties to perform maturity assessments of our program to identify potential risk areas and improvement opportunities. This includes assessment of our overall program, policies and processes, compliance with regulatory requirements and an overall assessment of key vulnerabilities. We use these assessments to supplement our own evaluation of the overall health of our program and target improvement areas.
Board Oversight and Management’s Role
Our Board of Directors has primary responsibility for enterprise cybersecurity risks. The Audit Committee also considers enterprise cybersecurity risks in connection with its financial and compliance risk oversight role. The Chief Financial Officer regularly reports to the Board of Directors on the status of the Company’s cybersecurity program and provides the Board with the annual assessment by a third party on the Company’s cybersecurity program. Cybersecurity risks are also included with the Company’s annual business risk assessment which is provided to the Board of Directors.
For more information on risks related to cybersecurity, see Item IA. “Risk Factors” of this Form 10-K.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Moreover, our products sold for defense applications are integrated with our customers’ products and these customers may provide us with Controlled Unclassified Information (CUI) that requires, safeguarding and dissemination controls in accordance with laws, regulations, or Government-wide policies.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|we have instituted a cybersecurity program for identifying, assessing, and managing cybersecurity risks, which include material risks from cybersecurity threats to our internal systems, our products, services and programs for customers, and our supply chain. Our management of cybersecurity risks to the Company is integrated into our Company-wide enterprise risk management program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors has primary responsibility for enterprise cybersecurity risks. The Audit Committee also considers enterprise cybersecurity risks in connection with its financial and compliance risk oversight role. The Chief Financial Officer regularly reports to the Board of Directors on the status of the Company’s cybersecurity program and provides the Board with the annual assessment by a third party on the Company’s cybersecurity program. Cybersecurity risks are also included with the Company’s annual business risk assessment which is provided to the Board of Directors.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Chief Financial Officer regularly reports to the Board of Directors on the status of the Company’s cybersecurity program and provides the Board with the annual assessment by a third party on the Company’s cybersecurity program. Cybersecurity risks are also included with the Company’s annual business risk assessment which is provided to the Board of Directors.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef