How Supply Chain Vulnerabilities Endanger Every Part of National Security

Out of all the supply chains in the U.S. economy, the supply chain of the defense industrial base (DIB) is the most vital to secure.

In 2018, a Presidential Task Force report observed that Department of Defense (DoD) operations “rely on an infinite number of touch points where information flows through a network – both within and across the many manufacturers’ systems that constitute the supply chain.” Every one of these touch points is a vulnerability.

There is now broad recognition of the problem. However, the legacy trends that shape current challenges stretch back decades. Such trends include: the offshoring of the U.S. microelectronics industry; the growing complexity of electronic systems on which U.S. defense systems depend; and the lack of incentives for anyone in the U.S. government (USG) or the DIB to take a holistic view of supply chain security.

The Presidential Task Force noted a significant supply chain risk associated with foreign provision, including: counterfeits, lack of traceability, and insufficient quality controls throughout supply tiers. Specifically, the Task Force observed, “Imports of electronics lack the level of scrutiny placed on U.S. manufacturers … raising the risk of ‘Trojan’ chips and viruses infiltrating U.S. defense systems.”

Today, 90 percent of global circuit board production takes place in Asia, and half of that in China. In a recent survey of firms that have discovered counterfeit components from foreign sources, 42 percent of respondents indicated China as the source of such components.

Recognizing that it is nearly impossible to on-shore all aspects of the DIB, it is crucial to ascertain whether the enormous amount of data contained in the DoD supply chain – roughly equivalent to the 20^th-largest economy in the world – can employ more effective applications of technology.

It would be beneficial if a substantial part of the transactional activity in the DIB could be “datafied” – that is, recorded in a timely, precise, immutable, and comprehensive way in a persistent ledger. Assuming that such datafication could be achieved for a large portion of economic activities within the DIB, machine learning and artificial intelligence methods could prove crucial. They could augment the costly and scarce human investigative resources in the USG with automated analytical methods, ferreting out malicious actors and counterfeit products.

Over the past 12 years, blockchain has demonstrated its resiliency as a data structure that can accommodate decentralized operation, asynchronous updates, and a high degree of security without a centralized permission-issuing authority. It could have an important role to play in DIB supply chain resilience.

In 2018, FDD’s Transformative Cyber Innovation Lab, in partnership with DoD’s Countering Terrorism Technical Support Office and Microsoft, initiated the first known trial of blockchain technology aimed at addressing the DIB supply chain security problem. The aim of the trial was to demonstrate that the sequence of economic activities of a small-scale acquisitions process can be mapped efficiently via blockchain. In a follow-on trial, TCIL partnered with IBM Research and Army Special Forces at Ft. Bragg to test systems that measured off-chain events. This included the tracing of goods physically moving through a supply chain and artificial intelligence-based verification that such goods were not counterfeited.

The trials demonstrated that there are economically and technologically feasible ways to tame the huge volume of transactional information in the DIB. At a fundamental level, the technologies were efficient, robust, and user-friendly.

CCTI shared the detailed insights from the supply chain technological pilots with the congressionally mandated Cyberspace Solarium Commission (CSC). CCTI then assisted in the formulation of a CSC recommendation calling for Congress to direct the USG to develop and implement an industrial base strategy to ensure more trusted supply chains and “utilize supply chain risk management techniques to reduce their risk and minimize vulnerability.” (See the CSC report here).

As malice on hardware and software becomes increasingly difficult to detect, U.S. national investment in supply chain security must pivot from trying to detect compromised objects toward datafication of the transaction space for the DIB. This is imperative for the defense community. The notion that the United States can audit or test its way to supply chain security simply is not sustainable for physical and economic reasons.

The COVID-19 pandemic has forced a reset in much of U.S. thinking about the economy and how it is structured. The datafication strategy for the DIB would be a major strategic pivot. But such drastic transformations are necessary. The current crisis presents an opportunity to secure the defense supply chains upon which U.S. national security depends.

Michael Hsieh is lab executive director at the Transformative Cyber Innovation Lab (TCIL), a project of the Foundation for Defense of Democracies (FDD). He has held multiple leadership roles in technology research and development in support of the defense and intelligence communities for two decades. Douglas Wood is a TCIL advisory board member and was formerly a technical leader in multiple senior executive service roles in the Department of Defense. FDD’s Center on Cyber and Technology Innovation (CCTI) seeks to advance U.S. prosperity and security through technology innovation while countering cyber threats that seek to diminish them. CCTI promotes a greater understanding within the U.S. government, private sector, and allied countries of the threats and opportunities to national security posed by the rapidly expanding technological environment. For more analysis from Michael, Doug, and CCTI, please subscribe HERE. Follow CCTI and FDD on Twitter @FDD_CCTI and @FDD. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.