The Growing Threat to Air Force Mission-Critical Electronics
LETHALITY AT RISK
Unclassified Summary
Steven Darbes and Joan Fuller, Editors
Committee on a Strategy for Acquiring Secure and Reliable Electronic
Components for Air Force Weapon Systems
Air Force Studies Board
Intelligence Community Studies Board
Division on Engineering and Physical Sciences
A Consensus Study Report of
THE NATIONAL ACADEMIES PRESS
Washington, DC
www.nap.edu
THE NATIONAL ACADEMIES PRESS 500 Fifth Street, NW Washington, DC 20001
This activity was supported by Contract 2014-14041100003-016 between the Office of the Director of National Intelligence and the National Academy of Sciences. Any opinions, findings, conclusions, or recommendations expressed in this publication do not necessarily reflect the views of any organization or agency that provided support for the project.
International Standard Book Number-13: 978-0-309-49390-1
International Standard Book Number-10: 0-309-49390-0
Digital Object Identifier: https://doi.org/10.17226/25475
Limited copies of this report may be available through the Air Force Studies Board, 500 Fifth Street, NW, Washington, DC 20001; (202) 334-3111.
Additional copies of this publication are available for sale from the National Academies Press, 500 Fifth Street, NW, Keck 360, Washington, DC 20001; (800) 624-6242 or (202) 334-3313; http://www.nap.edu.
Copyright 2019 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America
Suggested citation: National Academies of Sciences, Engineering, and Medicine. 2019. The Growing Threat to Air Force Mission-Critical Electronics: Lethality at Risk: Unclassified Summary. Washington, DC: The National Academies Press. doi: https://doi.org/10.17226/25475.
The National Academy of Sciences was established in 1863 by an Act of Congress, signed by President Lincoln, as a private, nongovernmental institution to advise the nation on issues related to science and technology. Members are elected by their peers for outstanding contributions to research. Dr. Marcia McNutt is president.
The National Academy of Engineering was established in 1964 under the charter of the National Academy of Sciences to bring the practices of engineering to advising the nation. Members are elected by their peers for extraordinary contributions to engineering. Dr. C. D. Mote, Jr., is president.
The National Academy of Medicine (formerly the Institute of Medicine) was established in 1970 under the charter of the National Academy of Sciences to advise the nation on medical and health issues. Members are elected by their peers for distinguished contributions to medicine and health. Dr. Victor J. Dzau is president.
The three Academies work together as the National Academies of Sciences, Engineering, and Medicine to provide independent, objective analysis and advice to the nation and conduct other activities to solve complex problems and inform public policy decisions. The National Academies also encourage education and research, recognize outstanding contributions to knowledge, and increase public understanding in matters of science, engineering, and medicine.
Learn more about the National Academies of Sciences, Engineering, and Medicine at www.nationalacademies.org.
Consensus Study Reports published by the National Academies of Sciences, Engineering, and Medicine document the evidence-based consensus on the study’s statement of task by an authoring committee of experts. Reports typically include findings, conclusions, and recommendations based on information gathered by the committee and the committee’s deliberations. Each report has been subjected to a rigorous and independent peer-review process and it represents the position of the National Academies on the statement of task.
Proceedings published by the National Academies of Sciences, Engineering, and Medicine chronicle the presentations and discussions at a workshop, symposium, or other event convened by the National Academies. The statements and opinions contained in proceedings are those of the participants and are not endorsed by other participants, the planning committee, or the National Academies.
For information about other products and activities of the National Academies, please visit www.nationalacademies.org/about/whatwedo.
COMMITTEE ON A STRATEGY FOR ACQUIRING SECURE AND RELIABLE ELECTRONIC COMPONENTS FOR AIR FORCE WEAPON SYSTEMS
ROBERT H. LATIFF, Independent Consultant, Chair
KEITH R. HALL, Independent Consultant, Co-Chair
MICHAEL J. BEAR, BAE Systems’ Electronics System Sector
JOHN C. BROCK, Independent Consultant
BRIAN HOLMES, National Intelligence University
CRAIG L. KEAST, MIT Lincoln Laboratory
RANDAL W. LARSON, MITRE Corporation
TERRY P. LEWIS, Raytheon Company
AARON OKI, Northrop Grumman Corporation
THOMAS E. ROMESSER, NAE,1 Independent Consultant
Liaison
CHRIS BOZADA, Air Force Research Laboratory
Staff
JOAN FULLER, Study Director
STEVEN DARBES, Research Associate
___________________
1 Member, National Academy of Engineering.
INTELLIGENCE COMMUNITY STUDIES BOARD
FREDERICK R. CHANG, NAE, Southern Methodist University, Co-Chair
ROBERT C. DYNES, NAS, University of California, San Diego, Co-Chair
JULIE BRILL, Microsoft Corporation
ROBERT A. BRODOWSKI, MITRE Corporation
TOMAS DIAZ DE LA RUBIA, Purdue University
ROBERT A. FEIN, McLean Hospital, Harvard Medical School
MIRIAM E. JOHN, Independent Consultant
ANITA K. JONES, NAE, University of Virginia
ROBERT H. LATIFF, U.S. Air Force (retired), R. Latiff Associates
RICHARD H. LEDGETT, JR., Institute for Defense Analyses
MARK LOWENTHAL, Intelligence & Security Academy, LLC
MICHAEL A. MARLETTA, NAS/NAM,1 University of California, Berkeley
L. ROGER MASON, JR., Peraton
JASON MATHENY, Georgetown University
CARMEN L. MIDDLETON, Central Intelligence Agency (retired)
ELIZABETH RINDSKOPF PARKER, State Bar of California (retired)
WILLIAM H. PRESS, NAS, University of Texas, Austin
DAVID A. RELMAN, NAM, Stanford University
SAMUEL S. VISNER, MITRE Corporation; Georgetown University
Staff
ALAN SHAW, Director
CARYN LESLIE, Senior Program Officer
CHRIS JONES, Financial Manager
MARGUERITE SCHNEIDER, Administrative Coordinator
DIONNA ALI, Research Associate
ADRIANNA HARGROVE, Financial Assistant
NATHANIEL DEBEVOISE, Senior Program Assistant
___________________
1 Member, National Academy of Medicine.
AIR FORCE STUDIES BOARD
DOUGLAS M. FRASER, Douglas Fraser, LLC, Chair
ALLISON ASTORINO-COURTOIS, National Security Innovations, Inc.
KEVIN G. BOWCUTT, NAE,1 The Boeing Company
TED F. BOWLDS, U.S. Air Force (retired)
CRAIG R. COONING, The Boeing Company
BLAISE J. DURANTE, U.S. Air Force (retired)
STEPHEN R. FORREST, NAE/NAS,2 University of Michigan
BRENDAN B. GODFREY, University of Maryland, College Park
MICHAEL A. HAMEL, U.S. Air Force (retired)
JAMES E. HUBBARD, JR., NAE, Texas A&M University
CHARLES H. JACOBY, JR., Capitol Peak Asset Management
RAYMOND E. JOHNS, JR., FlightSafety International
ALEX MILLER, University of Tennessee
OZDEN OCHOA, Texas A&M University
HENDRICK RUCK, Edaptive Computing, Inc.
JULIE J.C.H. RYAN, National Defense University (retired)
ZACHARY TUDOR, Idaho National Laboratory
STARNES WALKER, ANDE Corporation
DEBORAH WESTPHAL, Toffler Associates
DAVID A. WHELAN, NAE, Independent Consultant
MICHAEL YARYMOVYCH, NAE, Sarasota Space Associates
Staff
ELLEN CHOU, Director
JOAN FULLER, Director (until September 2018)
GEORGE COYLE, Senior Program Officer
RYAN MURPHY, Program Officer
ADRIANNA HARGROVE, Financial Assistant
MARGUERITE SCHNEIDER, Administrative Coordinator
STEVEN DARBES, Research Associate
CATHERINE PUMA, Research Assistant
___________________
1 Member, National Academy of Engineering.
2 Member, National Academy of Sciences.
This page intentionally left blank.
Acknowledgment of Reviewers
This Consensus Study Report was reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise. The purpose of this independent review is to provide candid and critical comments that will assist the National Academies of Sciences, Engineering, and Medicine in making each published report as sound as possible and to ensure that it meets the institutional standards for quality, objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process.
We thank the following individuals for their review of this report:
Iain Boyd, University of Michigan,
William Hix, U.S. Army (retired),
Lester L. Lyles, NAE,1 U.S. Air Force (retired),
John Szymanski, Los Alamos National Laboratory, and
Donald C. Winter, NAE, University of Michigan.
Although the reviewers listed above provided many constructive comments and suggestions, they were not asked to endorse the conclusions or recommendations of this report nor did they see the final draft before its release. The review of this report was overseen by Robert F. Sproull, NAE, University of Massachusetts, Amherst. He was responsible for making certain that an independent examination
___________________
1 Member, National Academy of Engineering.
of this report was carried out in accordance with the standards of the National Academies and that all review comments were carefully considered. Responsibility for the final content rests entirely with the authoring committee and the National Academies.
Contents
DISCUSSION OF SELECTED TOPICS FROM THE RESTRICTED REPORT
USAF Capabilities Requiring Secure and Reliable Microelectronics
Threats to the Supply Chain of Microelectronics in USAF Weapon Systems
Supply Chain Risk Management Policy
Supply Chain Vulnerabilities Are a U.S. Achilles Heel
Sustainment—A Soft Target of Opportunity
Maintenance and Sustainment Considerations
Technology Approaches to Secure and Reliable Electronics
The SCRM Challenge in the Acquisition Life Cycle
The Need for an Enterprise Approach Within the USAF
Best Practices Within the Supply Chain Risk Management Community
SUMMARY OF FINDINGS AND RECOMMENDATIONS
Lead Supply Chain Risk Management from the Top
Employ System-Level Operational Security
Expand Supply Chain Monitoring
Implement Program Information Protection Program (SystemSecure)
B Summary from the Workshop Proceedings
C SCRM Policy, Guidance, and Standards
D SCRM-Specific NDAA/Public Laws (2009-2019)
E Defense Federal Acquisition Regulation Supplement Subparts Addressing SCRM
F Industry Test Standards for Component Integrity and Counterfeit Detection
G Summarization of Relevant Past Reports on USAF and DoD Microelectronic Supply Chain