Safeguarding Critical System Supply Chains Against Compromise (Networks, Processes, Parts, Materials, Software, and Information)

9:00am - 5:00pm

On Thursday, July 14, START will co-host a workshop on critical system supply chains with the Center for Advanced Life Cycle Engineering (CALCE), the Applied Research Laboratory for Intelligence and Security (ARLIS), and the Center for Governance of Technology and Systems at START Headquarters. Registration for this event is now closed, but if you have any questions please contact Dr. Diganta Das and Prof. Peter Sandborn.

“Critical systems” are systems associated with human safety (transportation, medical), the delivery of critical services (infrastructure, energy generation), important humanitarian and military missions, and global economic stability. The risk of supply chains being compromised is a significant problem for critical systems due to the system’s long manufacturing and support life. Compromise of a system component means that its content, function, quality and/or reliability has been modified in some way (either with, or without malicious intent) to be something other than what the system expected (i.e., was qualified for).

The supply chains for system components can be compromised by natural events or the active introduction of manipulated parts, materials, software, or information, as well as interferences with networks and processes. Compromise impacts the quality, reliability, and/or security of a final system. Compromise can occur, for example, when the customer receives components that are compromised and those compromised items lead to a compromised system. In this case, a component could refer to hardware, material, software, data, algorithms, human, etc.

Sourcing components for critical systems is a challenge because the supply chains for the components diverge from mainstream commercial supply chains over time. As a result, the operators of critical systems impose a myriad of restrictions on how components can be sourced in order to minimize the risk of compromised components finding their way into critical systems. Similarly, the information that these systems depend on to operate can be compromised impacting the system’s support and/or manufacturing. These requirements limit the available sources and can make the process time consuming and expensive and on the other hand open opportunities for impostors to enter the supply chain.

This workshop will focus on the unique issues posed by compromised components (hardware, material, software, data, algorithms, humans), and how they can be predicted and mitigated. This is a convergent workshop whose participants will include academics, industry practitioners, and stakeholders from the critical systems community whose concern is disruption and compromise of the technology and supply chain for critical systems.