WASHINGTON -- The Department of Defense won't be joining the ranks of semiconductor manufacturers, no matter how rampant the problem of counterfeit components is.
That's the recommendation from a special Defense Science Board Task Force on Cyber Supply Chain. In its final report, issued today,the task force found that the capital cost of maintaining a DoD-owned trusted foundry is not a feasible expense. The task force recommends that the DoD develop a long-term strategy for access to state-of-the-art commercial foundry capabilities that does not rely exclusively on trust; and continue R&D investments of DoD agencies for a technology-enabled strategy that fosters new tools to better defend against cyber supply chain attacks.
The task force assessed the organization, missions, and authorities that encompass the use of microelectronics and components in DoD weapons systems. The task force addressed:
- Practices to mitigate malicious supply chain risk and latent vulnerabilities, and whether opportunities exist to modify or strengthen these practices;
- Current Department program protection processes, as well as other practices to detect and assess potential vulnerabilities in hardware and software;
- The extent to which commercial off the shelf vulnerabilities have been reported and impact the security of DoD systems; and
- Interagency activities that DoD could better leverage to reduce supply chain risks.
The task force concluded that the Under Secretary of Defense for Acquisition, Technology and Logistics (USD(AT&L)) must strengthen lifecycle protection policies, enterprise implementation support, and R&D programs to ensure that DoD weapons systems are designed, fielded, and sustained in a way that reduces the likelihood and consequences of cyber supply chain attacks.