Overview
Because there are potential threats and liabilities throughout a system's life cycle, SCRM also needs to be in place throughout the life cycle - cradle to grave. SCRM includes working with appropriate DoD and Office of the Director of National Intelligence (ODNI) organizations on program threats (foreign and counterintelligence), technology vulnerabilities, contractor threat assessments, counterintelligence vulnerabilities, and global distribution risks.
In 2022, DoD initiated the development of additional SCRM policy and guidance, to include a common framework and taxonomy that includes definitions and a list of 12 risk categories and 124 sub-categories. In Nov 2022, the Office of the Deputy Assistant Secretary of Defense for Logistics, DASD(Log), published a record of initial discussions among DoD, industry, and academia, which included the following three definitions. (Note: these definitions are subject to change and not to be considered "authoritative" at the time of this update).
- Supply Chain Resilience - The capability of supply chains to respond quickly to unexpected events, adapt to changes, and ensure continuity of operations after a disruption. Resilience is the outcome of proactive Supply Chain Risk Management and Supply Chain Security.
- Supply Chain Risk Management - A process of proactively identifying supply chain vulnerabilities to potential disruptions and implementing mitigation strategies and actions to ensure the security, integrity, and uninterrupted flow of products as risks are found, or disruptions occur.
- Supply Chain Security - The application of policies, procedures, processes, and technologies to ensure the security, integrity, and uninterrupted flow of products while moving through the supply chain. Examples include the ability to protect supply chains from cyber infiltrations and the introduction of counterfeit material.
Microelectronics
Due to the proliferation of microelectronic assets existing in every almost every DoD weapon system and major information system, an area of significant vulnerability is in potential counterfeiting of microelectronic assets. DoD established DoDI 4140.67, Counterfeit Prevention Policy. It describes counterfeit materiel as any item that is an unauthorized copy or substitute that has been identified, marked, or altered by a source other than the item’s legally authorized source and has been misrepresented to be an authorized item of the legally authorized source.
Anti-counterfeiting as a means to combat microelectronic fraud. Anti-counterfeiting represents an increasing threat of counterfeit (and fraudulent) parts in the global marketplace and affects every component of the program from commercial-off-the-shelf (COTS) assemblies to military-unique systems. Preventing counterfeit parts from entering the supply chain reduces cost and negative impacts to program schedule and system performance. Overarching DoD Counterfeit Prevention Guidance policy memorandum was signed by Under Secretary of Defense for Acquisition, Technology and Logistics (USD(AT&)L) [now the Office of the Secretary of Defense for Sustainment (OSD(S))] on March 16, 2012.
Trusted Foundry Program (TFP)
In addition, the DoD created the TFP in 2003 to respond to the threats of offshoring of microelectronics fabrication and the resulting diminishing influence of the DoD on leading-edge microelectronics research and development. The National Security Agency (NSA) and the Defense Microelectronics Activity (DMEA) equally fund the TFP. Since 2003, IBM provided US Government programs with leading edge application-specific integrated circuits (ASIC). In July 2015, IBM transferred most of its commercial semiconductor business to Global Foundries. This transaction includes the ownership and operation of the two IBM foundries accredited by DMEA to provide microelectronics to US Government programs through the TFP.
In addition to the resources and references included below, please find pertinent SCRM material in the following:
In addition to the training resources identified below, DAU now offers LOG 0440, Supply Chain Resiliency Fundamentals, an online course which includes a discussion of SCRM and its relationship to supply chain resiliency.
