Governance 18 Information Security General Dynamics is committed to safeguarding employee, customer, national security and third- party information entrusted to our care. We achieve this by executing a proactive, robust and compliant information security program. Our priority is to protect sensitive information from the full range of potential internal and external threats targeting our systems and data. Data Privacy and Protection Like all businesses, we handle data that may include personal and sensitive information about our employees, our customers and third parties. Safeguarding this information is critical, and we take this responsibility very seriously. Our data privacy programs are designed to address the challenges of expanding national and global privacy regulations, the growth in volume and sensitivity of privacy data and the increased use of third-party vendors. Core tenets of our program include collecting the least amount of information necessary to meet our business needs and seeking to ensure that the information we have is used exclusively for valid business purposes in accordance with written policies and procedures. We regularly monitor and update our policy to maintain compliance with national and global data privacy laws and regulations. We also leverage the maturity of our general cybersecurity program with additional targeted privacy controls to protect privacy information against unauthorized access, use or disclosure. Cybersecurity As a large, well-known aerospace and defense contractor, we face numerous cybersecurity threats, including threats to our IT infrastructure and attempts to gain access to information in our care. We also design and manage IT systems for customers, and many of the products we manufacture contain IT systems that are subject to those same threats. We leverage our experience as a leading cybersecurity provider for national defense customers to continually evolve and enhance our cyber defenses, seeking to monitor, manage and avoid risks to the information on our systems and networks. Moreover, we commit to continuously improving our cybersecurity capabilities and those of our supply chain partners. Collaboration Our information security approach, built on strong central governance and a mature policy framework, is an integral component of our company’s risk governance. To address the dynamic nature of cyberthreats, we established the General Dynamics Cyber Council to guide our program by recommending updates to cybersecurity policies, supporting executive decision-making on cybersecurity matters and addressing strategic cyberthreats to our business. The Council reports directly to the chairman and CEO on its efforts to enhance our defenses to mitigate advanced and persistent threats to our information systems. Each business unit designs and operates its own information security program tailored to its market, customer requirements and threats while maintaining compliance with centrally defined policies and standards. These policies and standards are updated regularly to address changes in federal government compliance standards, emerging commercial best practices and the latest cyberthreats to our business.