Hacking the Supply Chain

As far back as January 2013, a Defense Science Board task force report, “Resilient Military Systems and the Advanced Cyber Threat,” warned that adversaries could exploit cyber vulnerabilities to:

• Degrade and sever communications;
• Manipulate and corrupt data;
• Cause weapons to fail, and potentially; and
• Destroy weapons or systems.

China, Russia, Iran, and North Korea all see cyber as presenting an opportunity to counter American advantages in military technology by exploiting it as the soft underbelly of U.S. defense. A large-scale attack across infrastructure and the military, the report said, could “impose gradual wide scale loss of life and control of the country and produce existential consequences.” For such an attack to occur, it added, “there must be an adversary with both the capability and intent to conduct the attack.”
...

Cyber vulnerabilities begin in the development stage. “Obviously potential vulnerability goes up if you can steal the entire plans for weapon systems,” said Laura Brent, a senior fellow in the Technology and National Security Program at the Center for a New American Security.

Securing contractors networks is really the very first line of defense. The Cybersecurity Maturity Model Certification establishes cybersecurity standards and training for contractors and is a good first step. Securing the digital supply chain, including computer chips and sub-assemblies made offshore, however, is another thing entirely.

Read the full story and more from Air Force Magazine.