Independent Panel Review Suggests How DOD Can Mitigate Risks in Microelectronics Commercial Supply Chain
Results of a Department of the Air Force review of the Office of the Under Secretary of Defense for Research and Engineering’s Microelectronics Quantifiable Assurance efforts were released Aug. 3.
The National Defense Authorization Act of 2023 directed the Department of the Air Force chief scientist to assemble an independent panel of experts and conduct a review of the Office of the Under Secretary of Defense for Research and Engineering’s Microelectronics Quantifiable Assurance efforts.
“To stay ahead of our competitors, the Department of Defense needs access to the commercial supply chain of microelectronics. It is absolutely essential, but it comes with inherent risks. The independent panel review is helping us better understand the risk-based approach we need to take,” said Under Secretary of Defense for Acquisition and Sustainment Dr. William LaPlante.
The independent panel of 27 experts found that the Trusted Foundry and Microelectronics Quantifiable Assurance approaches can mitigate the risks found in the commercial supply chain of microelectronics.
A large majority of the microelectronics embedded in DoD systems are commercial off-the-shelf components. While DoD’s trusted suppliers are a key part of the defense industrial base, the vast majority of DoD microelectronics purchases are not made through the supply chain.
The Research and Engineering’s Microelectronics Quantifiable Assurance effort allows the DoD to bridge the gap between its unique requirements and the commercial supply chain allowing the department to maintain a posture of security and component integrity in its electronic systems at all times.
“Our trusted suppliers in the commercial supply chain help to keep us at the ready,” said Undersecretary of Defense for Research and Engineering Heidi Shyu. “Our focus must be to maintain and strengthen that support. The work of the independent panel – confirming what we need in the Department of Defense and what areas present opportunities, and gaps, for mitigation – has been an essential part in the overall Microelectronics Quantifiable Assurance effort and will inform evolving standards such as the Department of Defense Manual 5200 series.”
The panel has identified three overlays over commercial flows lines of effort to meet the DoD’s requirements: Trusted Foundry for classified components, International Traffic in Arms Regulations/Export Administration Regulations for export-controlled microelectronics and Microelectronics Quantifiable Assurance for parts requiring higher integrity.
Microelectronic components are miniaturized devices that perform computation, control, information storage, decision support and virtually any other task that a modern defense system utilizes, such as microprocessors, field programmable gate arrays and custom integrated circuits.
“The panel’s work has significantly enhanced our understanding of the potential for Microelectronics Quantifiable Assurance techniques to reduce security risks associated with commercial microelectronics production,” said Secretary of the Air Force Frank Kendall.
Trusted Foundry is an overlay on a commercial flow that offers protection against unauthorized disclosure of classified information, including data and intellectual property. It is a mature, regulated process with oversight from the Defense Counterintelligence and Security Agency as well as the department’s Defense Microelectronics Activity.
The International Traffic in Arms Regulations/Export Administration Regulations are two export control laws on a commercial process that offers protection against disclosure of export-controlled information and intellectual property to non-U.S. persons.
Microelectronics Quantifiable Assurance is an emerging data-centric approach to independently assess integrity across the microelectronics development lifecycle including design and manufacturing. It is a way for the DoD to obtain additional assurance on the integrity of a part and its availability to function as desired.
“While there has been much debate about the virtue of Trusted Foundry and Microelectronics Quantifiable Assurance, there has also been a false dichotomy between the two,” said Chief Scientist of the Air Force Dr. Victoria Coleman. “The panel found that a combination of the two is necessary in order to meet the Department of Defense’s microelectronics needs. While Microelectronics Quantifiable Assurance is focused on the entire lifecycle of the microelectronics and offers enhanced integrity protection, Trusted Foundry focuses exclusively on fabrication, a protection that heightens our confidence that our classified information has been protected during the commercial manufacturing of the parts we use in Department of Defense systems.”
The study was informed by expertise, briefings and materials from the Office of the Under Secretary of Defense for Research and Engineering. The study was further supported by the Undersecretary of Defense for Acquisitions and Sustainment, acquisition executives from all three services, the National Security Agency, the Joint Federated Assurance Center as well experts from Department of Defense Labs, the defense industrial base, the semiconductor industry as well as academia.