Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 40+ AI models, with 0% extra fees
Analysis-New cybersecurity rules for US defense industry create barrier for some small suppliers
Analysis-New cybersecurity rules for US defense industry create barrier for some small suppliers
1 / 2
Analysis-New cybersecurity rules for US defense industry create barrier for some small suppliers
FILE PHOTO: Small aerospace suppliers struggle to keep workers as Boeing strike hits business
Allison Lampert and Mike Stone
Fri, February 20, 2026 at 8:02 PM GMT+9 3 min read
By Allison Lampert and Mike Stone
Feb 20 (Reuters) - New U.S. cybersecurity rules for the defense sector are leading some small suppliers to rethink military work due to high compliance costs, raising production risks at a time when the Trump administration is pressuring contractors to boost output and diversify the supply base.
The Defense Department’s long-delayed U.S. Cybersecurity Maturity Model Certification started last November to protect sensitive information, known as controlled unclassified information.
Companies working on federal contracts now perform cybersecurity self-assessments as the first of three CMMC levels, with the more stringent second level that includes audits expected to begin by November.
Months-long waits for audits to ensure compliance and confusion over what information needs protection have made meeting the higher standards more difficult, the executives say. They spoke on condition of anonymity due to the sensitivity of the matter.
Without a clear definition, contractors are asking for greater compliance even if the supplier does not handle sensitive information such as technical drawings of a fighter jet fuel pump, an industry source said.
COSTS RAISE CONCERNS
Additional costs of hundreds of thousands of dollars per small company are also deterring some suppliers with fragile finances, industry sources said.
“Some of these firms, particularly those that also compete in commercial markets, report that the accumulation of complex and costly regulatory requirements is forcing them to reconsider—if not exit—the defense marketplace altogether, further challenging the health and resilience of the industrial base,” said Margaret Boatner, vice president of national security policy at the U.S.-based Aerospace Industries Association. Many of its member companies also serve the defense industry.
Some 88% of aerospace firms are small businesses, according to data from a 2022 U.S. House Small Business Subcommittee.
Three aerospace companies, two in the United States and one in Canada, told Reuters they each have a handful of suppliers who will not comply with the more stringent CMMC requirements, such as undergoing the audit.
The president of one of the U.S. companies said half of its suppliers have not indicated whether they will comply. The head of another company, which is the sole source of a part for a U.S. fighter jet program, is also unsure what his suppliers will do.
The Department of Defense declined to comment.
SMALL SUPPLIERS CRITICAL TO SUPPLY CHAIN
The health of small suppliers is closely watched by investors after years of production bottlenecks. Some are the only producers of key parts needed by bigger contractors to assemble weapons and equipment.
Alex Major, a lawyer at McCarter & English who advises defense contractors on CMMC compliance, said the certification requirements could inadvertently reduce competition in the lower rungs of the defense supply chain.
CMMC, introduced in 2019, was delayed by industry concerns and confusion that required years of discussion with the Pentagon.
The challenge is particularly acute for international suppliers who also comply with European data privacy laws and other regional cyber standards, Major said.
“You’re telling these contractors to hold data a particular way or identify it as controlled information pursuant to the United States government, and (other) data privacy laws might differ,” he said.
An executive with the Canadian company said he will need to spend C$500,000 ($365,176.75) to comply with rules in Europe and the U.S.
Dave Trader, CEO of the nonprofit U.S. aerospace supplier Pathfinder Manufacturing, said he is unsure whether compliance is worth the cost since the firm does limited defense work making wire harnesses, and sees strong demand from planemaker Boeing.
($1 = 1.3692 Canadian dollars)
(Allison Lampert in Montreal and Mike Stone in WashingtonEditing by Rod Nickel)
Terms and Privacy Policy
Privacy Dashboard
More Info