Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War

Abstract

Today, various parts of the Department of Defense (DoD) and the Intelligence Community (IC) are generally aware of cyber and supply chain threats, but intra- and inter-government actions and knowledge are not fully coordinated or shared. Few if any holistically consider the entire blended operations space from a counter-intelligence perspective and act on it. Risk quantification and mitigation, as a mission, receive insufficient resources and prioritization. Too little attention is directed toward protection of operational security or software assurance. There is no consensus on roles, responsibilities, authorities, and accountability. Responsibilities concerning threat information are "siloed" in ways that frustrate and delay fully informed and decisive action, isolating decision makers and mission owners from timely warning and opportunity to act. Improved cyber and supply chain security requires a combination of actions on the part of the Department and the companies with which it does business. Through the acquisition process, DoD can influence and shape the conduct of its suppliers. It can define requirements to incorporate new security measures, reward superior security measures in the source selection process, include contract terms that impose security obligations, and use contractual oversight to monitor contractor accomplishments. This report examines options that span legislation and regulation, policy and administration, acquisition and oversight, programs and technology. Actions are presented for the near, medium, and long terms - recognizing the need for immediate action coupled with a long-term commitment and strategy. Cyber and supply chain vulnerability extends well beyond DoD, across government and into the private sector. Nonetheless, DoD has potentially decisive influence in this space. Beyond DoD, actions in the legislative domain are critical, as our adversaries are actively exploiting seams and shortcomings in areas such as information sharing

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 01, 2018
Accession Number
AD1108046

Entities

People

  • Christopher Nissen
  • Harvey Rishikof
  • John E. Gronager
  • Robert S. Metzger

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Advanced Electronics
  • Counter WMD
  • Cyber
  • Engineered Resilient Systems
  • Human Systems
  • Space

DTIC Thesaurus Topics

  • Asymmetric Warfare
  • Business Administration
  • Commerce
  • Computer Programming
  • Computer Programs
  • Congress
  • Cybersecurity
  • Department Of Homeland Security
  • Detection
  • Information Systems
  • Intelligence Community (United States)
  • Internet Of Things
  • Law
  • Logistics
  • Military Science
  • National Security
  • Personnel Management
  • Supply Chain Integrity
  • Test And Evaluation
  • United States Central Command
  • United States Government
  • War Colleges
  • Warfare

Readers

  • Defense Acquisition Program Management
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.
  • Irregular Warfare and Special Operations Cyberspace Operations against Adversarial Threats.

Technology Areas

  • Cyber
  • Space