The National Academies Press

Currently Skimming:

Executive Summary
Pages 1-7

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 1... ... Air Force leaders subsequently requested a follow-on consensus study to provide recommendations to the USAF acquisition community. The National Academies of Sciences, Engineering, and Medicine assembled an ad hoc committee of leading experts to investigate the issues, and this report is a result of the deliberations of the Committee on a Strategy for Acquiring Secure and Reliable Electronic Components for Air Force Weapon Systems. Read the entire page →
From page 2... ... Investigative organizations such as the Air Force Of fice of Special Investigations (AFOSI) lack sufficient numbers of technically quali fied staff dedicated to monitoring supply chain risk. Read the entire page →
From page 3... ... Efforts are needed to increase the capacity and capability of the workforce across the acquisition life cycle in specialized areas such as secure integrated circuit design, cyberphysical security, and reverse engineering and anti-tamper for firmware and hardware but also in contracting and operational security to ensure that program information is protected at all stages. Additional focus directed at addressing the security risks in obsolete components through modernization efforts ideally can be aligned with the goal of creating new capability as well as enhancing security and reliability of the platform. Read the entire page →
From page 4... ... to be effective. Recommendation: The USAF should establish a central office -- the Program Pro tection Office -- that has the responsibility and authority to implement a holistic approach to protecting program information across the acquisition enterprise that includes an integrated supply chain threat assessment and risk management pro gram -- from research and development (Air Force Research Laboratory, AFRL) Read the entire page →
From page 5... ... Recommendation: Because many of the legacy platforms employ similar electronic components and share an already fragile supply chain, the USAF should develop an enterprise-wide vulnerability assessment and risk management capability to better share information across the program offices in a timely fashion. Recommendation: The USAF should implement a platform-by-platform review of critical electronic components and work with the Joint Federated Assurance Center (JFAC) Read the entire page →
From page 6... ... Recommendation: The USAF should increase funding and staffing of the Air Force Office of Special Investigations (AFOSI) , and related investigative efforts, to move from a reactive to a proactive threat assessment and risk management posture. Read the entire page →
From page 7... ... , the quality assurance program established in the wake of the 1963 USS Thresher disaster, was designed to maintain the safety of its submarine fleet -- specifically, to provide maximum reasonable assurance that submarine hulls will stay watertight and that they can recover from unanticipated flooding. 2 In 2015, the Navy established CYBERSAFE, which aims to ensure survivability and resiliency of critical warfighting information technology and system components and processes. Read the entire page →

From page 1...

... Air Force leaders subsequently requested a follow-on consensus study to provide recommendations to the USAF acquisition community. The National Academies of Sciences, Engineering, and Medicine assembled an ad hoc committee of leading experts to investigate the issues, and this report is a result of the deliberations of the Committee on a Strategy for Acquiring Secure and Reliable Electronic Components for Air Force Weapon Systems.

Read the entire page →

From page 2...

... Investigative organizations such as the Air Force Of fice of Special Investigations (AFOSI) lack sufficient numbers of technically quali fied staff dedicated to monitoring supply chain risk.

Read the entire page →

From page 3...

... Efforts are needed to increase the capacity and capability of the workforce across the acquisition life cycle in specialized areas such as secure integrated circuit design, cyberphysical security, and reverse engineering and anti-tamper for firmware and hardware but also in contracting and operational security to ensure that program information is protected at all stages. Additional focus directed at addressing the security risks in obsolete components through modernization efforts ideally can be aligned with the goal of creating new capability as well as enhancing security and reliability of the platform.

Read the entire page →

From page 4...

... to be effective. Recommendation: The USAF should establish a central office -- the Program Pro tection Office -- that has the responsibility and authority to implement a holistic approach to protecting program information across the acquisition enterprise that includes an integrated supply chain threat assessment and risk management pro gram -- from research and development (Air Force Research Laboratory, AFRL)

Read the entire page →

From page 5...

... Recommendation: Because many of the legacy platforms employ similar electronic components and share an already fragile supply chain, the USAF should develop an enterprise-wide vulnerability assessment and risk management capability to better share information across the program offices in a timely fashion. Recommendation: The USAF should implement a platform-by-platform review of critical electronic components and work with the Joint Federated Assurance Center (JFAC)

Read the entire page →

From page 6...

... Recommendation: The USAF should increase funding and staffing of the Air Force Office of Special Investigations (AFOSI) , and related investigative efforts, to move from a reactive to a proactive threat assessment and risk management posture.

Read the entire page →

From page 7...

... , the quality assurance program established in the wake of the 1963 USS Thresher disaster, was designed to maintain the safety of its submarine fleet -- specifically, to provide maximum reasonable assurance that submarine hulls will stay watertight and that they can recover from unanticipated flooding. 2 In 2015, the Navy established CYBERSAFE, which aims to ensure survivability and resiliency of critical warfighting information technology and system components and processes.

Read the entire page →

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

Executive Summary Pages 1-7

Executive Summary
Pages 1-7