14 août 2018 | International, Aérospatial, Naval, Terrestre, C4ISR

Pentagon is rethinking its multibillion-dollar relationship with U.S. defense contractors to boost supply chain security

By Ellen Nakashima

The Pentagon has a new goal aimed at protecting its $100 billion supply chain from foreign theft and sabotage: to base its weapons contract awards on security assessments — not just cost and performance — a move that would mark a fundamental shift in department culture.

The goal, based on a strategy called Deliver Uncompromised, comes as U.S. defense firms are increasingly vulnerable to data breaches, a risk highlighted earlier this year by China's alleged theft of sensitive information related to undersea warfare, and the Pentagon's decision last year to ban software made by the Russian firm Kaspersky Lab.

On Monday, President Trump signed into a law a provision that would bar the federal government from buying equipment from Chinese telecommunications firms Huawei and ZTE Corp., a measure spurred by lawmakers' concerns about Chinese espionage.

“The department is examining ways to designate security as a metric within the acquisition process,” Maj. Audricia Harris, a Pentagon spokeswoman, said in a statement. “Determinations [currently] are based on cost, schedule and performance. The department's goal is to elevate security to be on par with cost, schedule and performance.”

The strategy was written by Mitre Corp., a nonprofit company that runs federally funded research centers, and the firm released a copy of its reportMonday.

“The major goal is to move our suppliers, the defense industrial base and the rest of the private sector who contribute to the supply chain, beyond a posture of compliance — to owning the problem with us,” said Chris Nissen, director of asymmetric-threat response at Mitre.

Harris said the Pentagon will review Mitre's recommendations before proceeding. She added that the Department of Defense, working with Congress and industry, “is already advancing to elevate security within the supply chain.”

Testifying to Congress in June, Kari Bingen, the Pentagon's deputy undersecretary for intelligence, said: “We must have confidence that industry is delivering capabilities, technologies and weapon systems that are uncompromised by our adversaries, secure from cradle to grave.”

Security should be seen not as a “cost burden,” she told the House Armed Services Committee, “but as a major factor in their competitiveness for U.S. government business.”

The new strategy is necessary, officials say, because U.S. adversaries can degrade the military's battlefield and technological advantage by using “blended operations” — hacking and stealing valuable data, manipulating software to sabotage command and control systems or cause weapons to fail, and potentially inducing a defense firm employee to insert a faulty component or chip into a system.

“A modern aircraft may have more than 10 million lines of code,” Mitre's report said. “Combat systems of all types increasingly employ sensors, actuators and software-activated control devices.”

The term “Deliver Uncompromised” grew out of a 2010 meeting of senior counterintelligence policy officials, some of whom lamented that the Defense Department was tolerating contractors repeatedly delivering compromised capabilities to the Pentagon and the intelligence community.

Addressing the security issue requires greater participation by counterintelligence agencies, which can detect threats against defense firms, the report said, and ideally, the government should establish a National Supply Chain Intelligence Center to monitor threats and issue warnings to all government agencies.

Ultimately, the military's senior leaders bear responsibility for securing the supply chain and must be held accountable for it, the report said.

The Defense Department, although one of the world's largest equipment purchasers, cannot control all parts of the supplier base. Nonetheless, it has influence over the companies it contracts with as it is the principal source of business for thousands of companies. It can shape behavior through its contracts to enhance supply-chain security, the report said.

Legislation will be needed to provide incentives to defense and other private-sector companies to boost security, Mitre said. Congress should pass laws that shield firms from being sued if they share information about their vulnerabilities that could help protect other firms against cyberattacks; or if they are hacked by a foreign adversary despite using advanced cybersecurity technologies, the report said.

Contractors should be given incentives such as tax breaks to embrace supply chain security, the report suggested.

The Department of Homeland Security is addressing the security of the information technology supply chain through its newly established National Risk Management Center. “What we're saying is you should be looking at what vendors are doing to shore up their cybersecurity practices to protect the supply chain,” said Christopher Krebs, DHS undersecretary for the National Protection and Programs Directorate.

The National Counterintelligence and Security Center, an agency of the Office of the Director of National Intelligence that coordinates the government's counterintelligence strategy, said in a report last month that software-supply-chain infiltration has already threatened critical infrastructure and is poised to endanger other sectors. According to the NCSC, last year “represented a watershed in the reporting of software supply chain” attacks. There were “numerous events involving hackers targeting software supply chains with back doors for cyber espionage, organizational disruption or demonstrable financial impact,” the agency found.

https://www.washingtonpost.com/world/national-security/the-pentagon-is-rethinking-its-multibillion-dollar-relationship-with-us-defense-contractors-to-stress-supply-chain-security/2018/08/12/31d63a06-9a79-11e8-b60b-1c897f17e185_story.html?noredirect=on&utm_term=.265ce85b6eb1

Sur le même sujet

  • The Army wants new tools to sense, disrupt and protect signals

    24 décembre 2018 | International, C4ISR

    The Army wants new tools to sense, disrupt and protect signals

    By: Mark Pomerleau The Army will be hosting members of industry in 2019 to discuss opportunities on signals intelligence and electronic warfare, according to a December 2018 notice. The Signals Intelligence/Electronic Warfare (SIGINT/EW) Future Opportunities and Terrestrial Layer System (TLS) Industry Day will be hosted Jan. 23 at Aberdeen Proving Ground, Maryland. The Army has charted a path forward that includes integrating signals intelligence and electronic warfare systems into a single tool for greater synergy between the two disciplines. One of the first systems the Army is building on this front is the Terrestrial Layer System, an integrated EW and signals intelligence system that will provide a much-needed jamming capability to formations. The Army is taking a multitiered approach to TLS, leveraging assessments, exercises and even deployments of quick-reaction capabilities to inform how the service will move forward on prototyping and providing much-needed capabilities, such as this one, to units. Officials have noted that this approach differs from acquisition processes of the past. “We hope to go faster, but with the authorities granted by Congress ... we think this rapid prototyping using the buy, try, decide method is going to be great for this rapid acquisition process,” said Col. Jennifer McAfee, director of the Training and Doctrine Command's capabilities manager for terrestrial and identity at the Intelligence Center of Excellence. “Are we going to field this next week? Not necessarily, but we're talking fielding to the force in the next two to three years, not seven to 10 years.” Industry's role will be to help provide prototypes that will reduce the risk of flaws in the final solution. https://www.c4isrnet.com/electronic-warfare/2018/12/21/the-army-wants-new-tools-to-sense-disrupt-and-protect-signals

  • Air Force establishes office at Tyndall AFB to guide five-year rebuilding process

    27 décembre 2018 | International, Aérospatial

    Air Force establishes office at Tyndall AFB to guide five-year rebuilding process

    By Ed Adamczyk Dec. 26 (UPI) -- A Program Management Office has been established by the Air Force at Tyndall Air Force Base to lead redevelopment and reconstruction efforts there, which are expected to take more than five years and cost about $3 billion. The PMO will be responsible for leading the redevelopment and reconstruction efforts at the base after it sustained devastating damage in October from Hurricane Michael, the U.S. Air Force said in an update Wednesday. Full article: https://www.upi.com/Defense-News/2018/12/26/Air-Force-establishes-office-at-Tyndall-AFB-to-guide-five-year-rebuilding-process/7501545848204/

  • DoD SBIR/STTR Component BAA Pre-Release: Army SBIR BAA 21.4

    1 avril 2021 | International, Terrestre

    DoD SBIR/STTR Component BAA Pre-Release: Army SBIR BAA 21.4

    The DoD Small Business and Technology Partnerships Office announces the pre-release of the following Broad Agency Announcement (BAA) topics: Army SBIR 21.4 29 topics are included in this release. Please visit https://rt.cto.mil/wp-content/uploads/Army_21.4_ASO_Announcement_5.pdf for a comprehensive breakdown of each. IMPORTANT DATES: April 1, 2021: Topic Q&A opens to questions April 14, 2021: BAA opens, begin submitting proposals in DSIP May 4, 2021: Topic Q&A closes to new questions at 12:00 p.m. ET May 18, 2021: BAA closes, full proposals must be submitted in DSIP no later than 12:00 p.m. ET Full topics and instructions are available at the link provided above. Topic Q&A During pre-release, proposers can contact TPOCs directly at at usarmy.pentagon.hqda-asa-alt.mbx.army-applied-sbir-program@mail.mil. Once DoD begins accepting proposals on April 14, 2021, no further direct contact between proposers and topic authors is allowed. Topic Q&A will be available for proposers to submit technical questions at https://www.dodsbirsttr.mil/submissions/login beginning April 1, 2021. All questions and answers are posted electronically for general viewing. Topic Q&A will close to new questions on May 4, 2021 at 12:00 p.m. ET but will remain active to view questions and answers related to the topics until the BAA close.

Toutes les nouvelles