Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
We recognize the critical importance of assessing, identifying, and managing material risks associated with cybersecurity threats. Our cybersecurity strategy prioritizes detection, analysis and response to known, anticipated or unexpected threats, effective management of security risks, and resiliency against incidents. This strategy is supported by both management and our Board of Directors.
We continuously strive to surpass industry best practices by implementing risk-based controls aimed at safeguarding both our partners’ and the Company’s information systems. In order to protect both commercial and defense-related businesses and support our production operations, the Company has adopted security principles in accordance with the National Institute of Standards and Technology Cybersecurity Framework, contractual requirements and other global standards. We conduct annual security assessments, including external and internal penetration tests, social engineering attacks, and vulnerability assessments. These assessments provide critical insights into our security posture and help us identify and seek to address potential weaknesses proactively. We leverage multiple vendors and their diverse perspectives as means to enhance the effectiveness of our security measures. Furthermore, as we implement solutions, we engage with industry-leading partners to receive guidance on best practices for solution use and overall security. This collaboration seeks to align our cybersecurity strategies with the latest industry standards and best practices. We also maintain regular communication with external partners to stay abreast of current cybersecurity trends and emerging threats. This proactive approach enables us to seek to enhance our security posture and adapt our defenses to evolving cyber risks.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
We recognize the critical importance of assessing, identifying, and managing material risks associated with cybersecurity threats. Our cybersecurity strategy prioritizes detection, analysis and response to known, anticipated or unexpected threats, effective management of security risks, and resiliency against incidents. This strategy is supported by both management and our Board of Directors.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Board of Directors oversees an enterprise-wide approach to risk management, designed to support the achievement of organizational objectives, including strategic objectives, to improve long-term organizational performance and enhance shareholder value. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board of Directors oversees an enterprise-wide approach to risk management, designed to support the achievement of organizational objectives, including strategic objectives, to improve long-term organizational performance and enhance shareholder value. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Director of IT provides a report to the Board of Directors on an annual basis, or more frequently as needed, with respect to information security activity, security assessments, controls and investments. |
| Cybersecurity Risk Role of Management [Text Block] |
The Company’s Director of Information Technology (“IT”), who reports to our CFO, has over 20 years of experience leading cyber security oversight and is responsible for management of cybersecurity risk and the protection and defense of our networks and systems. Our IT security team, led by the Director of IT, consists of professionals with broad cybersecurity experiences, including a number of cybersecurity certifications and degrees. As a result, our IT security teams utilize their understanding of industry best practices and hands-on experience to seek to implement effective cybersecurity solutions. Cybersecurity remains a top priority across the organization, with resources allocated in an efficient manner to seek to mitigate risks and enhance our overall security posture.
The Board of Directors oversees an enterprise-wide approach to risk management, designed to support the achievement of organizational objectives, including strategic objectives, to improve long-term organizational performance and enhance shareholder value. The Director of IT provides a report to the Board of Directors on an annual basis, or more frequently as needed, with respect to information security activity, security assessments, controls and investments.
We have a set of Company-wide policies and procedures concerning cybersecurity matters. The Company’s Incident Management Policy provides a framework for reporting and managing security incidents affecting the Company’s information and business computing devices and systems, losses of information, and information security concerns. All users, including employees, contractors, consultants, suppliers, customers, government, and all personnel affiliated with third parties that perform work for the Company, are obligated to report information security incidents in order to mitigate the consequences and reduce the risk of future breaches of security. Our incident response process consists of several principal steps, including 1) preparation for a cybersecurity incident, 2) detection of a security incident and assignment to the appropriate IT personnel, 3) identification and preservation of evidence, and 4) risk assessment. Depending on the nature and severity of an incident, notifications are escalated to our CEO and the Board of Directors and, if determined to be material, externally. The incident management process is overseen by the Director of IT. The Company maintains additional policies that directly or indirectly relate to cybersecurity, such as policies related to encryption standards, mobile devices and data destruction. These policies go through an internal review process and are approved by appropriate members of management.
Our IT security team reviews enterprise risk management-level cybersecurity risks annually. The following key risk elements are evaluated:
•Insiders – Whether intentional or unintentional, individuals within our Company may cause damage to our systems. We have processes in place to seek to mitigate these threats, including through controls over access to our systems and access to network resources.
•External threats – We recognize the risk that hackers, vandals, and saboteurs may seek to gain access to information contained in our systems. We employ multi-layered defense and monitoring to seek to mitigate the risk associated with these threats. The Company also conducts regular periodic training of its employees as to the protection of sensitive information which includes security awareness training intended to prevent the success of “phishing” attacks.
•Third-party risks – We also consider and evaluate cybersecurity risks associated with use of third-party service providers. User access to third-party systems is reviewed annually, and we obtain and review a System and Organization Controls (“SOC”) 1 or SOC 2 report from key third-party service providers.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Company’s Director of Information Technology (“IT”), who reports to our CFO, has over 20 years of experience leading cyber security oversight and is responsible for management of cybersecurity risk and the protection and defense of our networks and systems. Our IT security team, led by the Director of IT, consists of professionals with broad cybersecurity experiences, including a number of cybersecurity certifications and degrees. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The Company’s Director of Information Technology (“IT”), who reports to our CFO, has over 20 years of experience leading cyber security oversight and is responsible for management of cybersecurity risk and the protection and defense of our networks and systems. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Director of IT provides a report to the Board of Directors on an annual basis, or more frequently as needed, with respect to information security activity, security assessments, controls and investments. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |