Supply Chain Risk Management (SCRM) Report
According to MITRE, “just as U.S. supply convoys faced sniper fire as they moved through Iraq and Afghanistan, our entire national security supply chain, from conception to retirement, provides opportunities for adversaries to target critical warfighting capabilities and undermine the confidence of mission owners.
MITRE has released "Deliver Uncompromised," a report that makes recommendations on how the U.S. government and private sector can address growing asymmetric threats like counterfeit parts that pass ordinary inspection but fail operationally and malware that exploits latent vulnerabilities in firmware or software and threaten unintended or unexpected physical results.”
MITRE also reminds readers of the important fact that “supply chain risks extend beyond the subject of cybersecurity that often dominates the attention of Department leadership. Risks exist through the entire supply chain cycle and are not limited to networks and information systems. Deliberate insertion of non-conforming parts can sabotage mission capability. The firmware or software in electronic parts can be the subject of corruption or subversion. Adversaries, unfortunately, have many choices among attack surfaces to produce effects adverse to defense planning and mission execution.”
Important Note: this document is marked © 2018 The MITRE Corporation. All rights reserved. Approved for Public Release. 18-2417. Distribution unlimited.
For related information, see also the FY17 National Defense Authorization Act (NDAA) Sec. 231 Strategy for Ensuring Access to Assured Microelectronics and the FY18 NDAA Sec. 807 Process for enhanced supply chain scrutiny.