The COVID-19 pandemic and the strains it put on the global supply chain is making businesses rethink how they supply their government customers, said Zach Conover, general manager for Akima LLC’s subsidiaries Truestone, Lynxnet and Aperture Federal. Akima is an Alaska native-owned government contractor providing services such as facilities maintenance and repair, information technology support, logistics and supply chain operations, and systems engineering.
The revolutionary advantages offered by defense use of 5G technology could be undone if the United States doesn’t begin now to meet and overcome a set of challenges, said an expert from the National Security Agency (NSA). These challenges range from developing effective security measures to ensuring the supply chain is not contaminated by parts made by foreign adversaries.
Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment. At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.
Adversaries are stepping up their efforts to exfiltrate information and weaken the U.S. supply chain through cyberspace. These efforts aim to both wreck the country from within and strengthen the hand of the adversary wielding the digital sword, according to a U.S. government official.
New government security measures are designed with these challenges in mind, and they can help secure targeted small businesses. The Cybersecurity Maturity Model Certification (CMMC), which is rolling out, is designed to help mitigate the effects of adversarial activities in cyberspace.
Anyone moving through the ecosystem of software development and cyber over the last few decades has heard cool words to describe it: Waterfall, Cobalt, Agile, DevOps and now DevSecOps.
DevSecOps may be the latest term but the idea behind it remains constant: Security should be a priority from the start.
Raytheon BBN Technologies Corp., Cambridge, Massachusetts, is awarded a $9,321,564 performance based, cost-plus-fixed-fee, completion contract (N65236-20-C-8009). This contract is for research logistics and supply chain automated reasoning and information fusion, real-time demand forecasting and system resilience assessment. Work will be performed in Cambridge, Massachusetts (67%); Menlo Park, California (13%); Minneapolis, Minnesota (12%); Potsdam, New York (4%); and Tucson, Arizona (4%). Work is expected to be complete by September 2021.
Having a detailed description of the software components in any software-based product is necessary to identify cyber vulnerabilities and ultimately help reduce cybersecurity risks, officials say. The National Telecommunications and Information Administration, working with industry stakeholders, is pursuing the advent of a so-called software bill of materials to apply to digital products that identifies and lists the pieces of software, information about those components and supply chain relationships between them, the agency specifies.
The electronics supply chain to the West faces a greater threat from total cutoff than from having its components tinkered with by malefactors, according to some experts. Many measures currently in place to help ensure quality also serve to thwart saboteurs and counterfeiters. However, a far greater menace looms in the potential for a complete damming of the flow of chips and circuit boards, as the United States and most Western countries lack the infrastructure to pick up fabrication and manufacturing on short notice.
Supply chain management is vitally important to running and maintaining an organization’s IT systems, but like logistics systems, it is not inherently sexy and has historically drawn little attention from the C suite. When it is carried out, in many federal agencies it’s traditionally a manual process managed on spreadsheets. In recent years new directives have mandated that the Department of Defense (DOD) and civilian agencies must all begin monitoring this, especially for cybersecurity considerations within the Department’s Risk Management Framework (RMF).
Supply chain security has been of concern to government leaders for decades, but with attacks now originating in industrial control systems (ICS) from supply chain vulnerabilities and with an increasing reliance on the Internet of Things (IoT), Congress is stepping up its involvement. For example, legislators have promised that more stringent standards will soon be enforced.
On Friday, the U.S. House of Representatives passed their version of the National Defense Authorization Act for Fiscal Year 2020, H.R. 2500, by a vote of 220-197. Known as the NDAA, the annual legislation authorizes policy measures for the Defense Department. It varies from the Senate’s bill, S. 1790—passed on June 28—which the two legislative bodies will have to reconcile before sending a final NDAA to the president.
General Dynamics Information Technology (GDIT) will be supporting the U.S. State Department's global technical security supply chain effort, under a $2 billion single-award contract with the Bureau of Diplomatic Security (DS), Countermeasures Directorate. The contract includes a base period of five years and a five-year award term, the company reported.
Under the contract, GDIT will provide the State Department, U.S. Embassies and other posts worldwide with integrated technical security systems, engineering and solution development, hybrid supply chain and distribution management, as well as a global logistics and transportation network.
The fight to secure microelectronic chips is becoming as basic as the chip itself. With chips facing a myriad of threats throughout their life cycle, experts are incorporating security measures into the development of the chip from the foundry to assembly. Other approaches safeguard against threats that could appear as the chip moves through the supply chain. The bottom line for microelectronics security is that necessary measures cannot wait until the device is in the hands of the user.
Adversaries are exploiting the inherent vulnerabilities of U.S. military supply chains that involve tens of thousands of private sector providers from all over the globe. Attack operations include stealing valuable technical data; striking critical infrastructure, manufacturing and weapon systems control systems; corrupting the quality and assurance across a broad range of product types and categories; and manipulating software to access connected systems and to degrade systems operation integrity.
The colossal reliance on semiconductor chips by the military and commercial industry reaches across weapons, machines and systems that perform key defense and national security functions. And while the Defense Department and the industry use secure chips, they are expensive and hard to design. To remedy that, the Defense Advanced Research Projects Agency, known as DARPA, is looking to automatically include defense mechanisms into the design of microchips. The agency is creating tools to manage the supply chain custody throughout the life cycle of a microchip and increase the availability and economics of secure microelectronics.