Back to news

August 14, 2018 | International, Aerospace, Naval, Land, C4ISR

Pentagon is rethinking its multibillion-dollar relationship with U.S. defense contractors to boost supply chain security

By Ellen Nakashima

The Pentagon has a new goal aimed at protecting its $100 billion supply chain from foreign theft and sabotage: to base its weapons contract awards on security assessments — not just cost and performance — a move that would mark a fundamental shift in department culture.

The goal, based on a strategy called Deliver Uncompromised, comes as U.S. defense firms are increasingly vulnerable to data breaches, a risk highlighted earlier this year by China's alleged theft of sensitive information related to undersea warfare, and the Pentagon's decision last year to ban software made by the Russian firm Kaspersky Lab.

On Monday, President Trump signed into a law a provision that would bar the federal government from buying equipment from Chinese telecommunications firms Huawei and ZTE Corp., a measure spurred by lawmakers' concerns about Chinese espionage.

“The department is examining ways to designate security as a metric within the acquisition process,” Maj. Audricia Harris, a Pentagon spokeswoman, said in a statement. “Determinations [currently] are based on cost, schedule and performance. The department's goal is to elevate security to be on par with cost, schedule and performance.”

The strategy was written by Mitre Corp., a nonprofit company that runs federally funded research centers, and the firm released a copy of its reportMonday.

“The major goal is to move our suppliers, the defense industrial base and the rest of the private sector who contribute to the supply chain, beyond a posture of compliance — to owning the problem with us,” said Chris Nissen, director of asymmetric-threat response at Mitre.

Harris said the Pentagon will review Mitre's recommendations before proceeding. She added that the Department of Defense, working with Congress and industry, “is already advancing to elevate security within the supply chain.”

Testifying to Congress in June, Kari Bingen, the Pentagon's deputy undersecretary for intelligence, said: “We must have confidence that industry is delivering capabilities, technologies and weapon systems that are uncompromised by our adversaries, secure from cradle to grave.”

Security should be seen not as a “cost burden,” she told the House Armed Services Committee, “but as a major factor in their competitiveness for U.S. government business.”

The new strategy is necessary, officials say, because U.S. adversaries can degrade the military's battlefield and technological advantage by using “blended operations” — hacking and stealing valuable data, manipulating software to sabotage command and control systems or cause weapons to fail, and potentially inducing a defense firm employee to insert a faulty component or chip into a system.

“A modern aircraft may have more than 10 million lines of code,” Mitre's report said. “Combat systems of all types increasingly employ sensors, actuators and software-activated control devices.”

The term “Deliver Uncompromised” grew out of a 2010 meeting of senior counterintelligence policy officials, some of whom lamented that the Defense Department was tolerating contractors repeatedly delivering compromised capabilities to the Pentagon and the intelligence community.

Addressing the security issue requires greater participation by counterintelligence agencies, which can detect threats against defense firms, the report said, and ideally, the government should establish a National Supply Chain Intelligence Center to monitor threats and issue warnings to all government agencies.

Ultimately, the military's senior leaders bear responsibility for securing the supply chain and must be held accountable for it, the report said.

The Defense Department, although one of the world's largest equipment purchasers, cannot control all parts of the supplier base. Nonetheless, it has influence over the companies it contracts with as it is the principal source of business for thousands of companies. It can shape behavior through its contracts to enhance supply-chain security, the report said.

Legislation will be needed to provide incentives to defense and other private-sector companies to boost security, Mitre said. Congress should pass laws that shield firms from being sued if they share information about their vulnerabilities that could help protect other firms against cyberattacks; or if they are hacked by a foreign adversary despite using advanced cybersecurity technologies, the report said.

Contractors should be given incentives such as tax breaks to embrace supply chain security, the report suggested.

The Department of Homeland Security is addressing the security of the information technology supply chain through its newly established National Risk Management Center. “What we're saying is you should be looking at what vendors are doing to shore up their cybersecurity practices to protect the supply chain,” said Christopher Krebs, DHS undersecretary for the National Protection and Programs Directorate.

The National Counterintelligence and Security Center, an agency of the Office of the Director of National Intelligence that coordinates the government's counterintelligence strategy, said in a report last month that software-supply-chain infiltration has already threatened critical infrastructure and is poised to endanger other sectors. According to the NCSC, last year “represented a watershed in the reporting of software supply chain” attacks. There were “numerous events involving hackers targeting software supply chains with back doors for cyber espionage, organizational disruption or demonstrable financial impact,” the agency found.

https://www.washingtonpost.com/world/national-security/the-pentagon-is-rethinking-its-multibillion-dollar-relationship-with-us-defense-contractors-to-stress-supply-chain-security/2018/08/12/31d63a06-9a79-11e8-b60b-1c897f17e185_story.html?noredirect=on&utm_term=.265ce85b6eb1

On the same subject

  • Space Force may hire companies to service orbiting satellites

    February 22, 2023 | International, Aerospace, C4ISR

    Space Force may hire companies to service orbiting satellites

    The head of the Space Force's mobility enterprise said this week the service wants to buy commercial on-orbit logistics capabilities.

  • US Army chooses winner to build its new Stryker gun system

    June 4, 2021 | International, Land

    US Army chooses winner to build its new Stryker gun system

    The Army has chosen who will build its Medium Caliber Weapon System for the Stryker combat vehicle.

  • Missile Defense Agency selects Raytheon for Ballistic Missile Defense System testing, modeling and simulation work

    January 15, 2018 | International, Aerospace, Land, Security

    Missile Defense Agency selects Raytheon for Ballistic Missile Defense System testing, modeling and simulation work

    TEWKSBURY, Mass., Jan. 15, 2018 /PRNewswire/ -- On Friday, January 12, Raytheon (NYSE:RTN) was awarded an indefinite-delivery/indefinite-quantity contract with a stated maximum value of $641,758,000. Under this contract, the contractor will perform ballistic missile defense system (BMDS) test related activities for multiple radar platforms that includes planning, executing, and analyzing sensor performance in BMDS flight tests and ground tests for each test event defined in the BMDS integrated master test plan. The radar test contract effort also includes sensors modeling and simulation activities to include Open Systems Architecture Sensor Model (OSM) and Open Systems Architecture Signal Injector (OSI) development and maintenance, integration of OSI with hardware-in-the-loop radar representation, integration of OSI and OSM with the simulation framework, verification and validation support, and stakeholder/event support. This award is the result of a competitively awarded acquisition in which two offers were received. Fiscal 2017 and 2018 research, development, test and evaluation funds in the amount of $3,451,000 are being obligated at time of award. The Missile Defense Agency, Huntsville, Alabama, is the contracting activity (HQ0147-18-D-0003). About Raytheon Raytheon Company, with 2016 sales of $24 billion and 63,000 employees, is a technology and innovation leader specializing in defense, civil government and cybersecurity solutions. With a history of innovation spanning 95 years, Raytheon provides state-of-the-art electronics, mission systems integration, C5ITM products and services, sensing, effects, and mission support for customers in more than 80 countries. Raytheon is headquartered in Waltham, Massachusetts. Follow us on Twitter. Media Contact Jackie Gutmann 1.781.879.2789 idspr@raytheon.com SOURCE Raytheon Company http://raytheon.mediaroom.com/2018-01-15-Missile-Defense-Agency-selects-Raytheon-for-Ballistic-Missile-Defense-System-testing-modeling-and-simulation-work

All news