Biblio

Definition: Supply Chain Risk Management (SCRM) is a discipline that addresses the threats and vulnerabilities of commercially acquired information and communications technologies within and used by government information and weapon systems. Through SCRM, systems engineers can minimize the risk to systems and their components obtained from sources that are not trusted or identifiable as well as those that provide inferior material or parts.

MITRE SE Roles & Expectations: The expansion of the global economy, increased use of outsourcing, and development of open standards are some of the modern day factors that present new challenges to the security of government systems. These factors have resulted in emerging threats and have made protection of the supply chain increasingly difficult [1]. All MITRE systems engineers must understand these emerging threats and why SCRM is necessary to ensure the protection and viability of all government systems.

CISA, in coordination with the National Security Agency, and the Office of the Director of National Intelligence, as part of the Enduring Security Framework (ESF)—a cross-sector, public-private working group—released a Potential Threat Vectors to 5G Infrastructure paper. This paper identifies and assesses risks and vulnerabilities introduced by 5G.

The ESF 5G Threat Model Working Panel, a subgroup within the ESF, examined three major threat vectors in 5G­—standards, the supply chain, and threats to systems architecture—to develop a summary and technical review of types of threats posed by 5G adoption in the United States and sample scenarios of 5G risks.

Please note, this paper represents the beginning of the ESF’s research and not the culmination of it. It is not an exhaustive risk summary or technical review of attack methodologies and includes public and private research and analysis.

In a recently published document addressing supply chain risk, the Office of the Director of National Intelligence warns against “foreign attempts to compromise the integrity, trustworthiness, and authenticity of products and services purchased and integrated into the operations of the U.S. Government, the Defense Industrial Base, and the private sector.”

Attacks on the supply chain represent “a complex and growing threat to strategically important U.S. economic sectors and critical infrastructure,” the agency notes. Foreign adversaries are attacking key supply chains at multiple points: From concept to design, manufacture, integration, deployment and maintenance.

GovCon leaders say the government does well to take the risks seriously, and they point to ways in which the contracting community can work hand-in-glove with federal officials to mitigate the threat.

Exploitation of supply chains by foreign adversaries is a growing threat to America.

The National Counterintelligence and Security Center (NCSC) today released a new tri-fold document, Supply Chain Risk Management: Reducing Threats to Key U.S. Supply Chains, to help private sector and U.S. Government stakeholders mitigate risks to America’s critical supply chains.  As part of Cybersecurity Awareness Month, NCSC is working to raise awareness of supply chain attacks, including those that are cyber-enabled.

The tri-fold highlights supply chain risks, introduces a process for supply chain risk management, and establishes three focus areas to reduce threats to key U.S. supply chains.  The document also outlines key tools and technologies to protect each stage of the supply chain lifecycle, from design to retirement.

Video presentation from Carnegie Melon University "Implementing Cyber Security in DoD Supply Chains," 2020.

Video presentation "Cyber Security in Supply Chains, CAPS Research", 2018.

The purpose of this workshop is to review with participants, sponsors, and key interested parties the findings and lessons learned from a two-year long NIST and GSA-sponsored Cyber Risk Analytics project. A team composed of professionals from the University of Maryland (UMD), Zurich Insurance, and Beecher Carlson completed the following activities:

• Developed and field tested, with collaboration of NIST, a secure, online self-assessment tool, based on the Cybersecurity Framework; 
• Created a breach database for survey participants by integrating the breach datasets from Advisen, RBS , the Identity Theft Resource Center, and the Center for Business and Ethics at the University of Maryland; 
• Conducted a rigorous statistical analysis to search for significant relationships between performance results in different areas of the self-assessment tool and frequency of breaches (disaggregated by breach type). The objective was to determine specific actions initiated by the survey participants were directly associated with a reduced frequency of breach occurrence during the study period.

This is GAO’s 18th annual assessment of DOD acquisition programs. GAO’s prior assessments covered major defense acquisition programs. This year’s assessment expands to include selected major IT systems and rapid prototyping and rapid fielding programs, in response to a provision in the National Defense Authorization Act for Fiscal Year 2019.

This report (1) summarizes the characteristics of 121 weapon and IT programs, (2) examines cost and schedule measures and other topics for these same programs, and (3) summarizes selected organizational and legislative changes. GAO identified the 121 programs for review based on their cost and acquisition status. GAO selected organizational and legislative changes that it determined related to the execution and oversight of the 121 programs.

GAO reviewed relevant legislation and DOD reports, collected data from program offices through a questionnaire, and interviewed DOD officials.
Additional analyses and assessments of major IT programs are included in a companion report to be issued later this year.

The Department of Defense (DOD) currently plans to invest over $1.8 trillion to acquire new major weapon systems such as aircraft, ships, and satellites. At the same time, the department is investing billions more in information technology (IT) systems and capabilities that it expects to either prototype or field rapidly through a new middle-tier acquisition pathway. (See table.)

The President’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028)” issued on May 12, 2021, charges multiple agencies with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain.

The topic of security risk on the global supply chain is a vast one, as it incorporates various sub topics which are hived under the bigger picture of supply chain. For this study, we focused on hardware-based security risks which are caused by implanting a tiny chip on the original motherboard architecture, during manufacturing or while in transit. This paper examined the various hardware attack detection methods- mainly on destructive and non-destructive methods of hardware-based error detection. The destructive detection methods is extremely difficult to implement as it often requires a physical presence to inspect the device during the manufacturing and/or transition process. Despite this fact, we tried to detect abnormal activities of hardware components through non-destructive method by building a custom code using JSensor - a high performance sensor network simulator developed with a Java programming language. To monitor the hardware, we set a scheduler to gather the required information (example: every one or two hours during off-peak hours) so as to identify similarities and differences of the resources used in the computer systems. Besides CPU loads, CPU speed/clock rate has also been retrieved by using JSensors and Oracle Java Standard. By default, the size of configuration file does not automatically change. We deliberately altered the size and run the JSensors code which was scheduled to run for every three seconds and we were able to detect it as JSensor flagged the alteration which we deliberately made. Therefore, we concluded that besides monitoring hardware sensors for suspicious activities, checking an important file whose size should remain unchanged is an effective method of monitoring critical systems within a given organization. The paper also identifies the major hardware-based attack vectors on the supply chain, targeting various organizations. We concluded by making suggestions on how hardware-based supply chain risks could be mitigated and/or eliminated through future efforts.

We study the incentives that independent self-interested agents have in forming a resilient supply chain network in the face of disruptions and competition. Competing suppliers are subject to yield uncertainty and congestion. Competing retailers make sourcing decisions based on price and reliability. Under yield uncertainty only, retailers–-benefiting from supply variance–-concentrate their links on a single supplier, counter to the idea that they should mitigate yield uncertainty by multi-sourcing. When congestion is added, the resulting networks resemble bipartite expanders known to be resilient, thus, providing the first example of endogenously formed resilient supply chains.

Blockchain may have a potential to prove its value for the new US FDA regulatory requirements defined in the Drug Supply Chain Security Act (DSCSA) as innovative solutions are needed to support the highly complex pharmaceutical industry supply chain as it seeks to comply. In this paper, we examine how blockchain can be applied to meet with the security compliance requirement for the pharmaceutical supply chain. We explore the online playground of Hyperledger Composer, a set of tools for building blockchain business networks, to model the data and access control rules for the drug supply chain. Our experiment shows that this solution can provide a prototyping opportunity for compliance checking with certain limitations.

Electronic systems are ubiquitous today, playing an irreplaceable role in our personal lives, as well as in critical infrastructures such as power grids, satellite communications, and public transportation. In the past few decades, the security of software running on these systems has received significant attention. However, hardware has been assumed to be trustworthy and reliable “by default” without really analyzing the vulnerabilities in the electronics supply chain. With the rapid globalization of the semiconductor industry, it has become challenging to ensure the integrity and security of hardware. In this article, we discuss the integrity concerns associated with a globalized electronics supply chain. More specifically, we divide the supply chain into six distinct entities: IP owner/foundry (OCM), distributor, assembler, integrator, end user, and electronics recycler, and analyze the vulnerabilities and threats associated with each stage. To address the concerns of the supply chain integrity, we propose a blockchain-based certificate authority framework that can be used to manage critical chip information such as electronic chip identification, chip grade, and transaction time. The decentralized nature of the proposed framework can mitigate most threats of the electronics supply chain, such as recycling, remarking, cloning, and overproduction.

Modern automotive systems and IoT devices are designed through a highly complex, globalized, and potentially untrustworthy supply chain. Each player in this supply chain may (1) introduce sensitive information and data (collectively termed "assets") that must be protected from other players in the supply chain, and (2) have controlled access to assets introduced by other players. Furthermore, some players in the supply chain may be malicious. It is imperative to protect the device and any sensitive assets in it from being compromised or unknowingly disclosed by such entities. A key –- and sometimes overlooked –- component of security architecture of modern electronic systems entails managing security in the face of supply chain challenges. In this paper we discuss some security challenges in automotive and IoT systems arising from supply chain complexity, and the state of the practice in this area.

Over the past few decades, radio frequency identification (RFID) technology has been an important factor in securing products along the agri-food supply chain. However, there still exist security vulnerabilities when registering products to a specific RFID tag, particularly regarding the ease at which tags can be cloned. In this paper, a potential attack, labeled the "Hilt Shao attack", is identified which could occur during the initial phases of product registration, and demonstrate the type of attack using UID and CUID tags. Furthermore, a system is proposed using blockchain technology in order for the attacker to hide the cloned tag information. Results show that this attack, if carried out, can negate the profits of distributors along the supply chain, and negatively affect the consumer.

Software security techniques rely on correct execution by the hardware. Securing hardware components has been challenging due to their complexity and the proportionate attack surface they present during their design, manufacture, deployment, and operation. Recognizing that external communication represents one of the greatest threats to a system's security, this paper introduces the TrustGuard containment architecture. TrustGuard contains malicious and erroneous behavior using a relatively simple and pluggable gatekeeping hardware component called the Sentry. The Sentry bridges a physical gap between the untrusted system and its external interfaces. TrustGuard allows only communication that results from the correct execution of trusted software, thereby preventing the ill effects of actions by malicious hardware or software from leaving the system. The simplicity and pluggability of the Sentry, which is implemented in less than half the lines of code of a simple in-order processor, enables additional measures to secure this root of trust, including formal verification, supervised manufacture, and supply chain diversification with less than a 15% impact on performance.

This paper describes a method which combines Topological Vulnerability Analysis (TVA) with cyber, electromagnetic, and physical/kinetic attack types, attack sources, cross-domain effects, graph analytics, and Bayesian analysis in order to enable systems engineers and cyber defense experts to comprehensively perform vulnerability analysis of Cyber-Physical Systems (CPS) as well as information and communications technology (ICT) supply chains.

The U.S. power grid is a complex system of systems that requires a trustworthy, reliable, and secure global supply chain. A formidable challenge considering the increasing number of networked industrial control systems (ICS) and energy delivery systems (EDS) and growing number of intermediary distributors, vendors and integrators involved. Grid modernization has increased the use of “smart” energy devices that automate, digitize, network, and bring together the cyber-physical energy supply chain. In the current Energy Internet of Things (EIoT) environment, the growth of data speed and size requirements as well as the number of critical cyber assets has generated new North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance requirements and cyber supply chain security challenges for vendors, regulators, and utilities. The issuance of Order No. 829 by the Federal Energy Regulatory Commission (FERC) instructed the North American Electric Reliability Corporation (NERC) to confront cybersecurity supply chain risk management for ICS software and hardware, as well as the networking and computing services associated with Bulk Electric System (BES) operations. To meet these goals, current technology and processes must be improved to better identify, monitor, and audit vulnerable EIoT environments. This paper examines how blockchain technology can enable NERC CIP compliance as well as aid in the security of the BES supply chain through an immutable cryptographically signed distributed ledger that allows for improved data security, provenance and auditability.

In trying to lower the costs of integrated circuit (IC) fabrication, the IC supply chain is becoming global. However, if the foundry or the supply chain, to which the fabrication process is outsourced, is not reliable or trustworthy, it may result in the quality of ICs being compromised. There have been well documented instances of counterfeit chips, and chips secretly implanted with Trojans, creeping into the supply chain. With the above background in mind, we propose to strengthen the supply chain process by attempting to use a very secure technique which has been widely used in many other fields, namely, the blockchain technology. Blockchain, first introduced for the security and mining of bitcoins, is one of the most trusted security techniques in today's world. In this paper, we propose a blockchain technology enabled `smart contract' approach for ensuring the security and trust of these ICs by tracking down the stage of alteration at which the chip may have been compromised in the IC supply chain.

Social media are increasingly reflecting and influencing the behavior of human and financial market. Cognitive hacking leverages the influence of social media to spread deceptive information with an intent to gain abnormal profits illegally or to cause losses. Measuring the information content in financial social media can be useful for identifying these attacks. In this paper, we developed an approach to identifying social media features that correlate with abnormal returns of the stocks of companies vulnerable to be targets of cognitive hacking. To test the approach, we collected price data and 865,289 social media messages on four technology companies from July 2017 to June 2018, and extracted features that contributed to abnormal stock movements. Preliminary results show that terms that are simple, motivate actions, incite emotion, and uses exaggeration are ranked high in the features of messages associated with abnormal price movements. We also provide selected messages to illustrate the use of these features in potential cognitive hacking attacks.

Artificial Intelligence (AI) and Machine Learning (ML) techniques have found use in many fields, including hardware-based security defenses and novel threats to hardware security. In this paper, we briefly examine the growing overlap between AI/ML and hardware for security, where AI/ML techniques provide practitioners with new ways to monitor runtime behavior but also provide new tools for attackers to steal secret information. We also explore how AI/ML is reshaping concerns for improving the security of hardware, particularly as AI/ML appear throughout the design flow. While AI/ML techniques contribute towards better hardware Trojan detection, improved design turnaround time, and design space exploration, such techniques may also introduce new threat vectors into the supply chain. With these in mind, we present some potential challenges and new directions at these intersections, giving new insights into how hardware security, alongside AI/M,L advances.

Supply chain security threats pose new challenges to security risk modeling techniques for complex ICT systems such as the IoT. With established techniques drawn from attack trees and reliability analysis providing needed points of reference, graph-based analysis can provide a framework for considering the role of suppliers in such systems. We present such a framework here while highlighting the need for a component-centered model. Given resource limitations when applying this model to existing systems, we study various classes of uncertainties in model development, including structural uncertainties and uncertainties in the magnitude of estimated event probabilities. Using case studies, we find that structural uncertainties constitute a greater challenge to model utility and as such should receive particular attention. Best practices in the face of these uncertainties are proposed.