Richard Stiennon

The future of defense is being rewritten - and autonomy is leading the charge. Thrilled to release NightDragon's latest market report analyzing the Defense Autonomy Market from Hannah Huffman and Morgan Kyauk. The report analyzes the Autonomy sector and why it represents a fundamental shift in how we secure our world for tomorrow. For decades, defense strategy has revolved around five domains: land, sea, air, space, and cyber. But today, autonomous systems are emerging as a powerful sixth domain — reshaping how missions are executed and how innovation happens. It’s not just theory anymore: organizations like the U.S. Coast Guard are already standing up dedicated offices for robotics, counter-UAS and autonomous systems, recognizing autonomy as a true force multiplier that makes operations faster, smarter, and more adaptive than ever. And it’s not just about the autonomous platforms themselves. Innovation is accelerating across the entire ecosystem — from edge computing and data interoperability to sensor networks and resilient command-and-control. Each of these building blocks opens new doors for companies ready to lead in this next frontier. NightDragon has been following this market closely, investing in 4+ companies already leveraging autonomy for different cyber or security outcomes: Epirus, HawkEye360, Horizon3.ai, and Saronic Technologies. But we also know the horizon of opportunity stretches much wider. As conflicts become more dispersed, technology-driven, and nonlinear, autonomy will define the next era of defense innovation. Read the full report: https://lnkd.in/gS2QFHVu Andy Lowery John Serafini Snehal Antani Dino Mavrookas

69

1 Comment

Breaking Updates from the August CyberAB Town Hall Colleagues, this month’s CyberAB Town Hall delivered significant updates that will shape the path ahead for CMMC adoption across the Defense Industrial Base. A few highlights stood out: 🔹 Rulemaking Progress: The long-awaited Title 48 rule is under OMB review. While October 1, 2025 has circulated as a possible “go-live” date, DoD clarified that this was a holdover from CMMC 1.0 rulemaking. The official date is still pending, but all indications point to implementation before year’s end. 🔹 Certification Growth: To date, 270 Level 2 certifications have been issued. Nine conditional certifications are in place, and 91 assessments remain in progress. The ecosystem continues to grow: 79 Authorized C3PAOs (with #80 on the horizon) 500+ Certified Assessors (CCA) 351 RPOs supporting organizations with readiness 🔹 False Claims Act Reminder: DOJ announced a $1.75M settlement with AeroTurbine, underscoring the risks of non-compliance with NIST 800-171. The message was clear: self-attestation without implementation is a liability. 🔹 Tier 3 Vetting Changes: All personnel associated with the CMMC ecosystem will now be enrolled in continuous vetting under Trusted Workforce 2.0. Clearance verification letters are no longer accepted—packages must include OF306, Tier 3 nomination, and a resume. 🔹 C3PAO Advisory Council: A new 11-member body was introduced to strengthen assessor consistency, reduce costs for SMBs, and provide authoritative feedback on assessment guidance. 🔹 Events & Engagements: CS5 (October, National Harbor) will feature new contractor roundtables and vertical breakouts for architecture, construction, aerospace, and defense. Notably, Katie Arrington and Stacey Bostjanik are confirmed keynote speakers. Q&A Spotlight The Town Hall wrapped with a robust Q&A session. A few themes worth noting: MSP Certifications: An MSP holding a CMMC Level 2 certification can present this as part of a client’s body of evidence during their own assessment. Beyond DoD: Questions surfaced on whether non-DoD agencies will require CMMC. While no official mandates yet, the proposed FAR CUI rule suggests NIST 800-171 may become the unifying baseline across federal agencies. Guidance Consistency: The new C3PAO Advisory Council will review ambiguous scenarios (e.g., stalled assessments, shared responsibility matrices) and provide recommended guidance to improve consistency in application. Transparency in Vetting: For those in Tier 3 adjudication, timelines remain ~6 months on average, but continuous vetting enrollment will now be mandatory moving forward. ✅ Takeaway: The CMMC program is moving from “anticipated” to “operational.” Ecosystem numbers are climbing, rulemaking is on track, and oversight is tightening. Contractors—large and small—must be ready to demonstrate real compliance, not just paper compliance.

3

The DVMS Institute has partnered with Navvia to deliver next-gen cyber governance, resilience, and training via Navvia’s NIST CSF assessment and process modeling platform. We are thrilled to partner with Navvia to bring a truly operationalized approach to digital value governance and cyber resilience. The combination of DVMS Institute’s cyber resilience overlay system and Navvia’s powerful NIST-CSF assessment and process design and management platform provides organizations with a comprehensive solution for aligning governance, risk, and performance assurance with their digital risk and value management strategy.” David Mainville, CEO of Navvia, shared similar enthusiasm: “Our mission has always been to simplify and accelerate an organizational ability to assess and document its governance, compliance, and service improvement initiatives. With the introduction of our new Cybersecurity Framework assessment tool - combining NIST CSF with ITSM Processes, and our partnership with the DVMS Institute, we offer clients a best-in-class solution to assess, build, measure, and sustain cyber resilience and governance excellence. We are helping organizations turn cybersecurity from a reactive technical problem into a strategic business advantage.” For more information about Navvia’s NIST CSF assessment solution and the DVMS Institute’s digital value management frameworks, visit www.navvia.com and www.dvmsinstitute.com . https://lnkd.in/gKKQMBju

13

2 Comments

DoD ordering crypto inventories and naming PQC migration leads is a clear inflection point. Not because quantum is imminent, but because migration lead times are long and you can’t replace what you can’t find. PQC is officially a program management problem now.

16

Defense at a Crossroads – XPONENTIAL Show Panel Recap At XPONENTIAL, a powerful discussion led by Stephen Rodriguez (One Defense) and Matt Ocko (DCVC), moderated by Colin Demarest (Axios), outlined the urgent need to rethink how the U.S. and its allies innovates for defense. Key takeaways: • Shift from requirements-based to capabilities-based acquisitions • Incentivize innovation — not bureaucracy • Use tax policy to reward U.S.-based, defense-focused tech • Build stronger public-private partnerships to deploy proven tech faster The message was clear: the threats are real, the tech exists — it’s time to act with urgency. Great picture form Michael Robbins from AUVSI — Association for Uncrewed Vehicle Systems International excellent keynote address #Xponential2025 #Defensetech #NationalSecurity #Innovation #PublicPrivatePartnerships

22

2 Comments