Integrity of the information and communications technology supply chain is essential to protecting critical federal missions and important agency data. Given the global nature of supply chains and the increasing complexity of product design, development, manufacturing and delivery, as well as the high levels of data sharing that occur within an expansive third-party supplier ecosystem, supply chains have become a significant threat vector that can increase risk to our government. The confidentiality, integrity and availability of our nation’s sensitive data can be at stake due to this increased risk.
Raytheon BBN Technologies Corp., Cambridge, Massachusetts, is awarded a $9,321,564 performance based, cost-plus-fixed-fee, completion contract (N65236-20-C-8009). This contract is for research logistics and supply chain automated reasoning and information fusion, real-time demand forecasting and system resilience assessment. Work will be performed in Cambridge, Massachusetts (67%); Menlo Park, California (13%); Minneapolis, Minnesota (12%); Potsdam, New York (4%); and Tucson, Arizona (4%). Work is expected to be complete by September 2021.
Having a detailed description of the software components in any software-based product is necessary to identify cyber vulnerabilities and ultimately help reduce cybersecurity risks, officials say. The National Telecommunications and Information Administration, working with industry stakeholders, is pursuing the advent of a so-called software bill of materials to apply to digital products that identifies and lists the pieces of software, information about those components and supply chain relationships between them, the agency specifies.
The electronics supply chain to the West faces a greater threat from total cutoff than from having its components tinkered with by malefactors, according to some experts. Many measures currently in place to help ensure quality also serve to thwart saboteurs and counterfeiters. However, a far greater menace looms in the potential for a complete damming of the flow of chips and circuit boards, as the United States and most Western countries lack the infrastructure to pick up fabrication and manufacturing on short notice.
Supply chain management is vitally important to running and maintaining an organization’s IT systems, but like logistics systems, it is not inherently sexy and has historically drawn little attention from the C suite. When it is carried out, in many federal agencies it’s traditionally a manual process managed on spreadsheets. In recent years new directives have mandated that the Department of Defense (DOD) and civilian agencies must all begin monitoring this, especially for cybersecurity considerations within the Department’s Risk Management Framework (RMF).
Supply chain security has been of concern to government leaders for decades, but with attacks now originating in industrial control systems (ICS) from supply chain vulnerabilities and with an increasing reliance on the Internet of Things (IoT), Congress is stepping up its involvement. For example, legislators have promised that more stringent standards will soon be enforced.
On Friday, the U.S. House of Representatives passed their version of the National Defense Authorization Act for Fiscal Year 2020, H.R. 2500, by a vote of 220-197. Known as the NDAA, the annual legislation authorizes policy measures for the Defense Department. It varies from the Senate’s bill, S. 1790—passed on June 28—which the two legislative bodies will have to reconcile before sending a final NDAA to the president.
General Dynamics Information Technology (GDIT) will be supporting the U.S. State Department's global technical security supply chain effort, under a $2 billion single-award contract with the Bureau of Diplomatic Security (DS), Countermeasures Directorate. The contract includes a base period of five years and a five-year award term, the company reported.
Under the contract, GDIT will provide the State Department, U.S. Embassies and other posts worldwide with integrated technical security systems, engineering and solution development, hybrid supply chain and distribution management, as well as a global logistics and transportation network.
The fight to secure microelectronic chips is becoming as basic as the chip itself. With chips facing a myriad of threats throughout their life cycle, experts are incorporating security measures into the development of the chip from the foundry to assembly. Other approaches safeguard against threats that could appear as the chip moves through the supply chain. The bottom line for microelectronics security is that necessary measures cannot wait until the device is in the hands of the user.
Adversaries are exploiting the inherent vulnerabilities of U.S. military supply chains that involve tens of thousands of private sector providers from all over the globe. Attack operations include stealing valuable technical data; striking critical infrastructure, manufacturing and weapon systems control systems; corrupting the quality and assurance across a broad range of product types and categories; and manipulating software to access connected systems and to degrade systems operation integrity.
The colossal reliance on semiconductor chips by the military and commercial industry reaches across weapons, machines and systems that perform key defense and national security functions. And while the Defense Department and the industry use secure chips, they are expensive and hard to design. To remedy that, the Defense Advanced Research Projects Agency, known as DARPA, is looking to automatically include defense mechanisms into the design of microchips. The agency is creating tools to manage the supply chain custody throughout the life cycle of a microchip and increase the availability and economics of secure microelectronics.