美国军工业新安全规则对部分小型供应商构成障碍

Core Viewpoint - The new cybersecurity regulations from the U.S. Department of Defense (DoD) are causing some small suppliers to reconsider their participation in military contracts due to high compliance costs, exacerbating production risks amid pressures to increase output and diversify supply chains [1][3][9] Group 1: Compliance Costs and Challenges - Each small business is expected to incur additional costs of hundreds of thousands of dollars, making it difficult for financially vulnerable suppliers to continue [2][8] - The Cybersecurity Maturity Model Certification (CMMC) was launched in November last year, requiring companies to complete a self-assessment as the first level of certification, with a more stringent second level expected to be implemented by November this year [1][5] - Executives have expressed concerns over lengthy audit wait times and confusion regarding what information needs protection, complicating compliance efforts [1][3] Group 2: Impact on Small Suppliers - Approximately 88% of aerospace companies are small businesses, and many are critical sources for key components needed by large contractors [3][10] - Some companies, particularly those competing in commercial markets, are reconsidering or even withdrawing from the defense market due to complex and costly regulatory requirements [3][9] - A significant number of suppliers have not indicated whether they will comply with the stricter CMMC requirements, raising concerns about supply chain stability [10][12] Group 3: International Compliance Issues - The CMMC, introduced in 2019, faced multiple delays due to industry concerns and confusion, with ongoing communication between the U.S. and the Pentagon [5][13] - International suppliers face additional challenges in complying with both U.S. regulations and European data privacy laws, which may conflict [5][14] - A Canadian executive noted that compliance with both U.S. and European regulations could cost around 500,000 CAD (approximately 365,000 USD) [14]