Skip to content Go to main navigation Go to language selector
Saab Global

Cyber security key for SMEs gaining work in Defence Industry

Saab Australia and BAE Systems Australia have developed a new security framework to assist local businesses to access Defence sector work.


Pictured left to right: Audra McCarthy, CEO of the Defence Teaming Centre with Michael Salas, Chief Information and Digital Officer, and Andy Keough, Saab Australia Managing Director.

Saab Australia, BAE Systems Australia, industry and government have developed the Cyber Framework for the Defence Industry (CFDI) to measure and increase the cyber resilience of SMEs wanting to work on Defence programs.

The CFDI has been adopted by twelve prime contractors providing a standardised approach to cyber maturity assessment plus a guide to improve SME levels of protection.

Saab Australia Managing Director, Andy Keough, said the new framework will reduce barriers to entry for SMEs into defence supply chains by providing a common cyber assessment tool.

“Currently SMEs face a different and complex security assessment process each time they work with a different defence prime,” Mr Keough said.

“In developing this framework we have reduced red tape, making it easier for SMEs to secure opportunities in the defence sector.

“By the very nature of their size, many SMEs do not have the resources or expertise to upskill in information handling or cyber protection to meet defence requirements. This framework gives them a clear roadmap to gaining the required levels of cyber maturity.”

BAE Systems Australia Chief Information & Digital Officer, Michael Salas said the company wanted more Australian SMEs to provide services and new technologies into defence programs because a more diverse supply chain enables greater levels of innovation.

“The Cyber Framework is a great start for SMEs wanting to self-assess their level of cyber risk,” he said.

“They can undertake a quick assessment of their cyber maturity which then leads to the identification of key areas to invest and improve a company’s defences. This leads to improving the cyber maturity of our defence supply chain and better outcomes for our client.”

The CFDI was collaboratively developed by Saab Australia and BAE Systems, the Office of Defence Industry Support, and the Australian Cyber Security Centre.

Notes to editors:

CFDI is based on recognised standards such as the ACSC Information Security Manual, the Essential 8 and the US NIST Cyber Security Framework to build a Cyber maturity assessment questionnaire and evaluation process that allows a quick, simple cost effective way to measure an organisations cyber security maturity.

Completing the CFDI allows the SMEs to gain an understanding of their Cyber maturity, and CFDI’s alignment with the ACSC Essential 8 means focussing on implementation of the most effective cyber security controls.