No room for compromise in supply chain security: New DoD initiative establishes benchmark for strategic ICT sourcing
In response to the growing nexus between physical risk (counterfeits) and cyber risk (infiltration of systems and exfiltration of data) the U.S. Department of Defense (DoD) has introduced a new policy adding security as a fundamental pillar of federal acquisition and supply chain risk management. Component manufacturers in the military and aerospace arenas - as well as those in all high-tech verticals - can adopt current and emerging best-practice approaches to mitigate both cybersecurity threats and counterfeit component exposures.
In June 2018, the U.S. Department of Defense (DoD) introduced a new security initiative called “Deliver Uncompromised.” The program aims to improve the DoD’s ability to deliver mission-critical weapons, equipment, and communications systems, free from either unintended or malicious defect, to the men and women protecting the United States and its interests around the world.
Although, for the most part, federal acquisition policies tend to lag commercial best-practice standards, the DoD is out front with this effort. Recognizing that legacy sourcing methods and ideology are no match for the ever-expanding array of vulnerabilities inherent in today’s globally dispersed, digitally connected information and communications technology (ICT) supply chain, the “Deliver Uncompromised” initiative calls for a reimagining of the core principles of sourcing. Most notably, this proposed transformation recommends the addition of security as a fourth foundational pillar to the traditional golden triangle of sourcing: price, delivery, and performance.
The problem lies in the connections
The DoD program reflects the harsh reality that smart or Internet of Things (IoT)-connected devices – like computer networks, weapons systems, and aeronautical flight controls – are prime targets for intellectual property theft, data poaching, and/or tampering. Traditionally ascribed to a breakdown in IT security, these breaches are more frequently arising from exposures throughout the electronic component supply chain, which have grown exponentially as the IoT increases the attack surface and boosts the potential payoff for cyberattackers. Today, hackers need only breach one vulnerable third party to gain access to hundreds or thousands of connected organizations. As one cybersecurity expert stated, “Supply chains have become the gift that keeps on giving for cybercriminals.” (Figure 1.)
This situation is something that, quite frankly, many members of the commercial and industrial supply chain tend to underestimate, particularly when it comes to the nexus between counterfeit components and cybersecurity. Beyond the obvious concerns associated with quality and reliability, counterfeit components – whether they are factory overruns, quality control rejects, refurbished, or reverse-engineered – are not likely to include vital security features, leaving them at greater risk for a cyberbreach once deployed.
These substandard components are also more vulnerable during design and production to the insertion of malware, such as kill switches, viruses, or back doors that may be exploited to leak sensitive information, expose proprietary intellectual property, and/or enable an attacker to seize system control. Detecting this chip-level tampering is often described as searching for a needle in a stack of needles.
Life (cycle) insurance
Given the enormity of the economic, health, and safety implications, an effective supply chain security strategy must proactively minimize exposures throughout the entire product/system life cycle – from cradle (secure IC design, fabrication, and manufacturing) to grave (ethical e-waste disposal) and everything in between.
It must also take into account that economic gain – either for personal enrichment or to fund some other nefarious activities – may no longer be the prevailing motivator for counterfeiters or cybercriminals. There is, unfortunately, a growing cadre of adversaries seeking to exploit gaps in the security of the supply chain in order to carry out industrial or political espionage, cyberterrorism, or outright acts of cyberwarfare.
No gray area
The DoD’s commitment to “Deliver Uncompromised” comes at a particularly critical time for the military parts sector. After years of sequestration that put vital equipment upgrades and new systems development on hold, defense spending is finally on the upswing. But with an ever-dwindling number of mil-spec suppliers around and ongoing parts shortages throughout the component supply chain, the progress of many of these programs could be in jeopardy. This is precisely the kind of scenario that has, in the past, driven buyers to the gray market – a well-documented source of counterfeit parts.
Of course, not all gray-market components are fake or substandard, but without a verifiable paper trail, there is no way to confirm that the parts have not been tampered with, purposely altered, refurbished, or otherwise fraudulently represented.
Defense systems engineers can help mitigate both counterfeit risk and the follow-on cybersecurity vulnerability by adopting a “security-by-design” mentality. Through more proactive technology planning and management, security is considered at the earliest stages of product development, rather than bolted on at the end. Designers can assure they are specifying products offering the greatest life cycle support and avoid suspect parts by using resources like the Government-Industry Data Exchange Program (GIDEP). (Editor’s note: GIDEP is a cooperative government/industry program that seeks to improve the total quality, reliability, and cost of systems and components during the acquisition and logistics phases of the product life cycle by sharing technical information essential during research, design, development, production, and operational phases.)
Other opportunities to mitigate component-level obsolescence risk include designing with open architecture that enables easier part replacement, proactively planning new technology insertion through the production and support life of the program, and sourcing commercial off-the-shelf (COTS)-Plus parts with enhanced performance and extended product life cycle support.
Makers and distributors of mission-critical electronics recognize that every time a part changes hands, whether through the returns process, testing in an outside lab, warranty/repair work, or other physical value-add, it is vulnerable to tampering. The policy must be trust, but verify: Companies should maintain a robust materials-control process that includes traceability mechanisms such as bar codes and date coding, which provides assurance that the chain of custody remains secure. Companies can also audit the materials handling and return policies of their supplier partners.
To assure that customers can satisfy their bill-of-material requirements without exposing the supply chain to undue risk, suppliers can offer state-of-the-art inventory and product life cycle management support, execute end-of-life bridge buys to assure ongoing supply, and work with suppliers to develop product continuity programs assuring longer-term manufacture and supply of components.
Trust through technology
There is also a growing bounty of new technologies and processes under development by federal and civilian organizations that hold great promise for hardening the ICT supply chain.
For example, in a Forbes magazine article published during summer 2018, HP chief technology officer Shane Wall shared some details about HP’s research into using blockchain to verify authenticity of components, particularly those produced via 3D printing: Wall noted that blockchain could not only assure that the allotted output of a particular design spec is adhered to, but also serve as an “address book” of intellectual property for every single part produced.
In addition, while the concept of tracking provenance of raw materials, components, and subassemblies as they move throughout the supply chain via tagging is far from new, until recently most commercially available technology was not capable of producing a solution that was small enough without being cost-prohibitive. It appears that Defense Advanced Research Projects Agency (DARPA) scientists may have broken through this barrier: Researchers participating in the DARPA Supply Chain Hardware Integrity for Electronics Defense (SHIELD) program have reportedly developed a process for creating microscopic identification tags called “dielets” that can be implanted by chipmakers in their circuits as they are assembled. Fabricated in 14 nm CMOS, the process is said to yield approximately four million 100 by 100 by 20 micrometer “chiplets” per wafer. (Figure 2.)
By codifying security as a core requirement and “key differentiator,” industry players can hope that this new DoD initiative will establish a set of clear-cut, sector-agnostic security protocols that will promote a more unified defense against those that wish to do us harm, just as the NIST [National Institute of Standards and Technology] Cybersecurity Framework created a baseline for more effective cyber risk management.
As massive and globally extended as the electronic components market is, there can also be a surprising amount of overlap in the various goods and services suppliers everyone deals with. No one can afford to be so naïve these days as to believe that something that dramatically impacts one vertical will not in some way affect all of them.
Coordinated actions across all the stakeholders within the global technology supply chain are essential to keeping ahead of the escalating security threats and assuring that, regardless of what verticals one may represent, all companies do their part to keep the supply chain secure and deliver uncompromised solutions to the end user.