Cybersecurity vulnerabilities and supply chain
integrity are under the spotlight for global
technology companies and users. Today’s
technology supply chain involves interfacing with
vendors across many international borders. The
current geopolitical climate has created a market
discontinuity that dramatically affects US domestic
critical infrastructure programs.
Securing the Supply Chain
The increasing complexity of global supply chains
and associated interdependencies has raised
questions for American military branches and those
of allied nations worldwide.
The Defense Industrial Base, which includes more
than 100,000 private sector companies and their
subcontractors, have historically made rational
commercial decisions about their supply chains
based on the golden triangle of price, delivery and
performance.
These decisions haven’t always accounted for the
security aspects now under the spotlight.
Given the enormity of the implications, an effective
supply chain security strategy must proactively
minimize exposures throughout the entire product/
system life cycle – from cradle (secure component
design and manufacturing) to grave (ethical and
secure e-waste disposal) and everything in between.
The ‘Deliver Uncompromised’ strategy is one of the
Pentagon’s responses, aiming to base even COTS
contracts on security assessments in addition to
cost and performance.
As the original strategy document states,
“Improved
cyber and supply chain security requires a
combination of actions on the part of the
Department and the companies with which it does
business. Through the acquisition process, DoD can
inuence and shape the conduct of its suppliers. It
can dene requirements to incorporate new security
measures, reward superior security measures in the
source selection process, include contract terms
that impose security obligations, and use
contractual oversight to monitor contractor
accomplishments.”
(Source: Mitre Corporation)
Design Authority
While the DoD typically retains Design Authority
over the architecture of complex systems that it
purchases, COTS embedded computing platform
suppliers such as SMART Embedded Computing
(SMART EC) work collaboratively with military
system architects to establish Design Authority
principles, terms of reference, governance model,
processes, roles and responsibilities and templates.
The contracted organization may be responsible for
the design, but the authority for acceptance of a
design remains with DoD.
SMART EC’s internal design authority, system
architects, are responsible for ensuring that the
consequences of any design decision are
understood. They maintain a consistent, coherent
and complete perspective of the program design.
Chain of Custody
The concept of “chain-of-custody” originated in the
legal context of handling evidence. In this context,
chain-of-custody tracks everyone who has touched
and processed the evidence.
But the concept of chain of custody is much more
widely applicable.
Used with serialization and authentication, a chain-
of-custody means knowing who has what, when