The Fourth Pillar of Defense Acquisition: Cybersecurity

If you are a provider of PCBs and/or electronics manufacturing services to the Department of Defense (DoD) and their prime contractors, you have no doubt noticed a significant increase in the number of Defense Federal Acquisition Regulation Supplement (DFARS) flow-downs, scrutiny of your data management, audits of your cybersecurity processes, and inquiries into the status of your compliance with a variety of cybersecurity initiatives.

There has been a constant flow of reports and initiatives over the past two years that point directly to increased emphasis on cybersecurity by the DoD within the Defense Industrial Base Supply Chain. These reports all coalesce around further strengthening critical cybersecurity programs and initiatives within the DoD and provide the roadmap to compliance and elevating your organization to position for continued participation in the defense sectors of our industry.

We have clearly entered a paradigm shift, with cybersecurity now joining cost, schedule, and performance as the Fourth Pillar of Defense Acquisition.

Referencing the DoD “Deliver Uncompromised” pilot program mandated by the National Defense Appropriations Act (NDAA) and the associated MITRE Corporation study from August 2018 [1], the first course of action (COA) detailed is to elevate security as a primary metric in the DoD acquisition and sustainment process. The report states:

• It is vital to “Deliver Uncompromised” that security have equal status to cost, schedule, and performance

• The revision of DoD 5000.02 (Operation of the Defense Acquisition System) to make security the “Fourth Pillar” of acquisition planning—equal in emphasis to cost, schedule, and performance

• Utilize acquisition tools and contract leverage and reinforce the objective of “Deliver Uncompromised” through the use of positive and negative incentives

Encouragingly, there is also language in the report that recognizes there are hard costs associated with the DoD supply chain implementing the requisite cybersecurity measures, and several tax incentive measures are detailed for consideration, further analysis, and discussion to offset the costs.

The key takeaway is that all PCB fabricators and electronics manufacturing service providers providing electronics products to the defense sector need to immediately heighten awareness and proactively address cybersecurity if they desire to continue supporting the DoD and their prime contractors.

In terms of the actual gates in the evaluation process that all proffers to the DoD will soon be subjected to a “go, no-go” initial bid analysis that evaluates cybersecurity hardening as the first gate to pass through for offers to be considered before the long-standing DoD contracts analysis process evaluating quality, cost, schedule appears most logical to me.

In September 2018, the “Report to President Donald J. Trump by the Interagency Task Force in Fulfillment of Executive Order 13806” was released. Titled “Assessing and Strengthening the Manufacturing and Defense Industrial Base and Supply Chain Resiliency of the United States,” it is an in-depth and fascinating look at the defense industrial base including PCBs and circuit card assemblies for DoD systems [2].

In Section VI of the report, “Ten Risk Archetypes Threatening America’s Manufacturing and Industrial Base,” we find more compelling direction and comment that underscores the threat that cyber-related crime poses to our national security.

Quoting the report, “The defense manufacturing supply chain flows goods and critical supporting information through multiple organizations of varying size and sophistication to transform raw materials into components, subassemblies, and ultimately, finished products and systems that meet DoD performance specifications and requirements. These supply chains rely upon an infinite number of touch points where digital and physical information flows through multiple networks both within and across manufacturers systems. In today’s digitized world, every one of these supply chain touch points represents a potential product security risk.”

In addition to data breaches, it is also noteworthy to point out that The Department of Homeland Security (DHS) reported that the critical manufacturing sector reported the highest number of cyber attacks on industrial control systems of any critical infrastructure sector with numerous threats emerging that had the potential to cause major disruption in manufacturing operations.

With the publication of the 2018 National Defense Strategy [3], U.S. Secretary of Defense General Jim Mattis stated, “Challenges to the U.S. military advantage represent another shift in the global security environment. For decades, the United States has enjoyed uncontested or dominant superiority in every operating domain. We could generally deploy our forces when we wanted, assemble them where we wanted, and operate how we wanted. Today, every domain is contested—air, land, sea, space, and cyberspace.”

In June 2016 (and as amended August 2018), the U.S. Secretary of Defense established the Printed Circuit Board and Interconnect Technology Executive Agent (PrCB EA) via DoD Instruction 5101.18E [4] with an original National Academy charter to develop a competitive network of trusted suppliers. To this end—and in a collaborative effort between IPC, the PrCB Executive Agent (NSWC-Crane), DoD, and other government and industry partners—IPC-1791 was developed to complement and expand the integrity assurance offered by the Trusted Access Program Office (TAPO) for microelectronics to address integrity assurance vulnerabilities related to the design, fabrication, and assembly of printed boards with initial emphasis on defense requirements.

The IPC-1791 (August 2018) standard, “Trusted Electronic Designer, Fabricator and Assembler Requirements” provides minimum requirements, policies, and procedures for printed board design, fabrication, and assembly organizations and/or companies to become trusted sources for markets requiring high levels of confidence in the integrity of delivered products. These trusted sources shall ensure quality, supply chain risk management (SCRM), security, and chain of custody (ChoC).

Expect to hear a lot about the IPC-1791 standard at IPC APEX EXPO in San Diego (January 26–31). If your company is involved in support of military electronics manufacturing, I would highly encourage you to attend to learn more.

In closing, I have had the pleasure and honor to serve on both the National Defense Industrial Association (NDIA) Executive Order 13806 Electronics Working Group and the IPC Trusted Supplier Task Group over the past two years as many of these initiatives and standards have evolved. Serving with many others from the electronics industry, DoD, Commerce, and beyond, I have developed an incredible respect for all principals involved, and have witnessed first-hand their hard work, leadership, deep thinking, and unwavering dedication to providing a framework to protect our nation’s most sensitive defense information.

Electronics, and the associated electronic manufacturing supply chain, are key components of all military systems. As such, our industry has a responsibility to both embrace and solve for the challenges associated with secure management of the vast amount of sensitive technical data that flows through our organizations’ networks and within our supply chains.

Our nation’s security depends on the electronics industry performing at a high-level regarding cybersecurity, and there is compelling evidence to suggest that the ability of your company to continue to support DoD electronics manufacturing also depends upon it.

References

1. Nissen, C., Gronager, J., Metzer, R., & Rishikof, H. “Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War.” MITRE Corporation, August 2018.

2. Office of the Under Secretary of Defense for Acquisition and Sustainment, and the Office of the Deputy Assistant Secretary of Defense for Industrial Policy. “Assessing and Strengthening the Manufacturing and Defense Industrial Base and Supply Chain Resiliency of the United States: Report to President Donald J. Trump by the Interagency Task Force in Fulfillment of Executive Order 13806.” September 2018.

3. United States Department of Defense. “Summary of the 2018 National Defense Strategy of the United States of America: Sharpening the American Military’s Competitive Edge.” 2018.

4. Office of the Under Secretary of Defense for Acquisition and Sustainment. “DoD Directive 5101.18E: DoD Executive Agent for Printed Circuit Board and Interconnect Technology.” June 12, 2016.

Back

2019

The Fourth Pillar of Defense Acquisition: Cybersecurity

01-10-2019

All PCB fabricators and electronics manufacturing service (EMS) providers providing electronics products to the defense sector need to immediately heighten awareness and proactively address cybersecurity if they desire to continue supporting the Department of Defense (DoD) and their prime contractors.

View Story
Back

2017

Mil/Aero Markets: Defense Budget Analysis—Patience is a Virtue

08-07-2017

Patience may be the most necessary watchword for proponents of significant growth in the budget for the U.S. military. The historic increases in defense spending promised by President Trump on the campaign trail won’t come immediately, but it is likely that Congress will find ways to provide solid increases to the Pentagon’s budget, particularly in 2019 and beyond.

View Story
Back

2016

Mil/Aero Markets: F-35 Declared Combat-Ready

09-20-2016

Electronic subsystems are an integral part of all modern military fighter jets, with a substantial portion of the electronics supporting intelligence, surveillance and reconnaissance (ISR) systems, electro-optical/infrared (EO/IR), avionics, munitions and radar related subassemblies. This equates to a very high content of PCBs and SMT assembly requirements...

View Story
Back

2014

Up, Up, and Away - Reasons for Renewed Optimism in the Mil/Aero PCB Market

11-25-2014

As anyone in the military circuit board business in the last few decades will attest, it has been both extremely challenging (due to the many obstacles) and wonderfully rewarding (because our collective work supports our country and our war fighters). But Columnist John Vaughan says the tide has now turned as PCBs designed specifically for defense systems must now be manufactured in the U.S. and are under full ITAR and USML controls.

View Story

IMPACT 2014 - IPC on Capitol Hill

09-09-2014

"As an industry, we face many challenges and obstacles in our pathway to success and IPC's IMPACT 2014 offered the opportunity to meet key members of Congress, policymakers and influencers, educate them about needed actions to strengthen the electronics sector and the overall economy and national security, and network with industry colleagues," writes Columnist John Vaughan.

View Story

IMPACT 2014 - IPC on Capitol Hill

09-09-2014

"As an industry, we face many challenges and obstacles in our pathway to success and IPC's IMPACT 2014 offered the opportunity to meet key members of Congress, policymakers and influencers, educate them about needed actions to strengthen the electronics sector and the overall economy and national security, and network with industry colleagues," writes Columnist John Vaughan.

View Story

Pentagon Budget Aftershocks

07-15-2014

A striking similarity exists between earthquakes and military budgets. An earthquake is the result of a sudden release of energy in the earth's crust that creates seismic waves. The Pentagon budget is the result of fiscal realities, protracted negotiations, and balancing priorities that culminates in a sudden release of program funding data that creates seismic waves in the military electronics business community. Welcome to the aftershock.

View Story

Foreign Military Sales - Back to the Future for Sales Opportunities

04-01-2014

New Columnist John Vaughan asks: "As business executives, how do we operate, navigate, and manage a military/aerospace-oriented circuit board shop or CEM operation in such an unstable and unpredictable environment?"

View Story
Copyright © 2019 I-Connect007. All rights reserved.