Supply Chain Must Deliver Uncompromised Systems.

AuthorEftekhari, Parham
PositionViewpoint

Warfare is no longer limited to either the physical or digital theater. Instead, adversaries ranging from script kiddies to nation-state sponsored advanced persistent threats have evolved to simultaneously launch asymmetric attack campaigns along digital, kinetic and hybrid vectors to undermine democracy, challenge moral values, alter public perceptions, compromise critical infrastructure, steal valuable intellectual property and exfiltrate sensitive information.

These malicious campaigns are achieved predominately through the exploitation of existing vulnerabilities in vendor supplied hardware systems and software applications that were not developed with security at each stage of the developmental lifecycle, or that were not adequately penetration tested before release.

This failure to secure the supply chain is perhaps one of the greatest national security threats facing the nation today. The public and private sectors can no longer afford to support negligent vendors that fail to develop their offerings with layered inherent security before release. The "deploy now, patch later" culture of the vendor market shifts risk and liability onto buyers and results in significant resource waste and harm to organizations and average consumers alike.

Past attempts to adopt security-by-design have been hobbled by the opportunity loss resulting from the rush-to-market created by this ubiquitous culture. Leadership is needed to impose an incentive or penalty enough to incite a shift in vendor behavior. The "deliver uncompromised" proposal under consideration by the Pentagon offers short-term, mid-range and long-term courses of action designed to improve national security by enhancing supply chain security in the defense industrial base.

"Deliver uncompromised" places emphasis on the security of systems, data, communications, supply chain and information in general, regardless of medium or vehicle. In effect, contract deliverables must be provided in a state that is uncompromised by hacking, the inappropriate sharing of data, or contamination of the data throughout the entirety of the product lifecycle.

"Deliver uncompromised" establishes security as a fourth pillar in defense acquisition and incentivizes the defense industrial base to embrace security as a major factor in their competitiveness for U.S. government business rather than as a cost burden. Market leaders, whose every decision is emulated by lower-tier firms, depend on public sector...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT