Shipbuilders Council of America Spring Membership Meeting Takeaways

Earlier this month, I had the opportunity to attend the Shipbuilders Council of America (SCA) Spring Membership Meeting in Washington, D.C. The room was filled with national security leaders, lawmakers, and key players from across the U.S. shipbuilding ecosystem.

What united everyone? A shared urgency around revitalizing America’s maritime industrial base—and ensuring it’s built on a secure digital foundation.

Cyber Resilience Is Now a Requirement—Not a Recommendation

One thing that really stood out: building ships isn’t enough anymore. The entire sector—from shipyards to subcontractors—needs to strengthen its cybersecurity posture to stay competitive and compliant.

“If you're in the shipyard supply chain—even indirectly—CMMC 2.0 applies to you. That includes subcontractors who’ve never thought of themselves as ‘defense.’”

Even companies that don’t identify as traditional DoD contractors are now handling Controlled Unclassified Information (CUI) or operating under federal flow-down requirements. That means cyber maturity under CMMC 2.0 is now part of doing business.

CMMC 2.0 Is Gaining Ground—But Readiness Is Lagging

CMMC came up in nearly every conversation at the event. While awareness is growing, actual readiness is not—especially among small to mid-sized subcontractors.

Delaying compliance until the final rule drops is a gamble. Once it takes effect, you’re either ready to bid—or you’re benched.

Where to Begin: Readiness Assessments Build the Roadmap

A key takeaway I shared with attendees: you don’t need a full internal cybersecurity team to get started—but you do need clarity. That’s why we begin with a CMMC Readiness Assessment.

It helps organizations identify where CUI resides, what level of compliance is required, and how to build a tailored, achievable plan. At Compass, we’ve worked with shipyards and suppliers of all sizes to make compliance clear and manageable—not overwhelming.

Federal Support Is Coming—For Those Who Engage Early

Programs like the Department of the Navy’s Maritime Industrial Base (MIB) initiative could prove to be a game-changer—aiming to strengthen the maritime manufacturing base through supplier development, workforce training, and the adoption of advanced technologies.

While cybersecurity-specific funding hasn’t been fully defined, the broader focus on supplier development and modernization could create new opportunities to enhance cyber maturity across the supply chain.

Final Word: Cybersecurity Is Now a Contract Gatekeeper

The SCA event made it crystal clear: cybersecurity is no longer a side conversation. It’s a strategic necessity for anyone operating in or adjacent to the defense industrial base. If your company plays any role in building, repairing, or supplying America’s fleet, now is the time to act. We’re here to help—whether you’re just beginning your compliance journey or preparing for assessment.

Let’s make sure you’re ready for what’s next. Contact us today to discuss your unique information security challenges.