Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We face a multitude of security threats, including cybersecurity threats ranging from attacks common to most industries, such as ransomware and denial-of-service, to attacks from more advanced and persistent, highly organized adversaries, including nation state actors, some of which target the defense industrial base and other critical infrastructure sectors. In response, we have implemented cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage cybersecurity risks.

Our management has implemented a process for identifying relevant risks that could affect the organization’s ability to provide secure and reliable service to its users. The risk assessment occurs annually, or as business needs change, and covers identification of risks that could act against the company's objectives as well as specific risks related to a compromise to the security of data.

Our risk management team collaborates with our Information Security function, led by the Company’s Chief Information Officer (CIO) who holds over 25 years of experience in information technology and Company’s Chief Information Security Officer (CISO) that holds over 8 years of experience, and the Company’s Infrastructure Director, assisted by an external Incident Response company, to gather insights for identifying, assessing and managing cybersecurity threat risks, their severity, and potential mitigations.

We must also comply with extensive regulations, including requirements imposed by the Defense Federal Acquisition Regulation Supplement (DFARS) related to adequately safeguarding controlled unclassified information (CUI) and reporting cybersecurity incidents to the DoD.

To help assess and identify our cybersecurity risks, we maintain internal and external resources to perform penetration testing designed to simulate evolving tactics and techniques of real-world threat actors, engage with industry partners and law enforcement and intelligence communities, and conduct tabletop exercises and periodic risk interviews across our business. We also engage an independent third party to perform internal and external penetration testing and engage other third parties to periodically assess our cybersecurity capabilities. In addition, we continue to expand training and awareness practices to mitigate human risk, internal communications, and regular phishing awareness campaigns designed to emulate real-world contemporary threats and provide employees immediate feedback (and, if necessary, additional training or remedial action).

Our processes also address cybersecurity risks associated with using third-party service providers, including suppliers, software, and cloud-based service providers. We proactively evaluate the cybersecurity risk of a third party by cybersecurity risk assessment questioner, utilizing a repository of risk assessments, external monitoring sources, threat intelligence, and predictive analytics to inform our teams during contracting and vendor selection processes. Additionally, when third-party risks are identified, we require those third parties to agree by contract to implement appropriate security controls. Security issues are documented and tracked, and periodic monitoring is conducted for third parties in order to mitigate risk.

In addition to the processes, technologies, and controls that we have in place to reduce the likelihood of a successful material cyberattack, our company has established well-defined response procedures to address cyber events that do occur. The program provides for the coordination of various corporate functions and governance groups and serves as a framework for the execution of responsibilities across businesses and operational roles. Our incident response plan coordinates the activities we take to prepare for, detect, respond to, and recover from cybersecurity incidents, which include processes to triage, assess severity for, escalate, contain, investigate, and remediate the incident, as well as to assess for potential disclosure, comply with potentially applicable legal obligations and mitigate brand and reputational damage. We also maintain insurance coverage that, subject to its terms and conditions, is intended to address costs associated with certain aspects of cyber incidents and information systems failures.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

In response, we have implemented cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage cybersecurity risks.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

Based on the information we have as of the date of this Annual Report, we do not believe any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition.

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

Our management has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management is responsible for assessing and managing our material risks from cybersecurity threats.

Our management oversees efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT Systems environment.

Our Board of Directors, two members of which have considerable experience in cybersecurity, is responsible for cybersecurity oversight and monitoring risk. Management informs the Board of such risk by Board meetings.

Based on the information we have as of the date of this Annual Report, we do not believe any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition.  Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a future cybersecurity incident that could have a material adverse effect on us. While we maintain cybersecurity insurance, as mentioned above, the costs related to cybersecurity threats or disruptions may not be fully insured.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our Board of Directors, two members of which have considerable experience in cybersecurity, is responsible for cybersecurity oversight and monitoring risk. Management informs the Board of such risk by Board meetings.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our management oversees efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT Systems environment.

Cybersecurity Risk Role of Management [Text Block]

Our management has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management is responsible for assessing and managing our material risks from cybersecurity threats.

Our management oversees efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT Systems environment.

Our Board of Directors, two members of which have considerable experience in cybersecurity, is responsible for cybersecurity oversight and monitoring risk. Management informs the Board of such risk by Board meetings.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Our management has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management is responsible for assessing and managing our material risks from cybersecurity threats.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our risk management team collaborates with our Information Security function, led by the Company’s Chief Information Officer (CIO) who holds over 25 years of experience in information technology and Company’s Chief Information Security Officer (CISO) that holds over 8 years of experience, and the Company’s Infrastructure Director, assisted by an external Incident Response company, to gather insights for identifying, assessing and managing cybersecurity threat risks, their severity, and potential mitigations.