Hidden Threats: The Overlooked Risks in Defense Mergers and Acquisitions

The DoD also views disruptions or risks within this base—such as those caused by industry consolidation—as potential threats to national security.

To manage and assess these risks, the DoD relieves itself of the framework provided by antitrust laws like the Sherman Act, the Clayton Act and the Federal Trade Commission Act, which regulate competition and prohibit monopolistic practices. The enforcement of these laws involves scrutinizing proposed M&As to prevent reductions in competition. Special attention is given to the defense sector where the consolidation could limit competition or control over essential military supplies and technology.

The Hart-Scott-Rodino Act mandates that companies report certain large M&As before they are finalized, allowing federal antitrust agencies and the DoD to review potential impacts on competition and, by extension, national security. While these reviews are standard for large transactions, many smaller yet significant M&As may not receive the same level of scrutiny, potentially leaving gaps in oversight.

This complex regulatory environment calls for a nuanced understanding of both the commercial and security implications of M&As within the defense industry, the GAO document posits.

For some industry insiders, the first step should be taken by industry protagonists who want to know how companies and counterparties are funded.

“If we are being diligent as entrepreneurs, as companies, in terms of who we are interacting with and the financiers are being diligent in their vetting of potential transactions, I think it’s possible that we can have a—maybe—80 or 90% accuracy, but that’s still pretty good and de-risks considerably the challenges posed by this weaponization of M&A,” said Andrew Glenn, president of Aeromass Flight Systems.

In many cases, it is impossible to fully trace the sources of capital for some companies. For example, when a portion of the stock is traded in the stock market, it is almost impossible to control who holds shares. Still, a company can safeguard its data from foreign or unknown entities, regardless of their intentions.

“You can carve out what colloquially is known as enclaves within the larger network and within that enclave you limit who has the access it may require,” said Thomas Graham, vice president and chief information security officer at Redspin.