By Topic

Supply chain risk mitigation for IT electronics

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
McFadden, F.E. ; CVI Analytics, Inc., Annandale, VA, USA ; Arnold, R.D.

Supply Chain Risk Management (SCRM) is one of the 12 Comprehensive National Cybersecurity Inititiatives (CNCI), but the range of supply chain problems has not been defined rigorously, and effective defenses have not yet been developed. Risks range from the increased unreliability of counterfeits to data exfiltration and adversary control enabled by hardware Trojan horses embedded in chips. Risks are different for military vs. non-military Government vs. civilian organizations. We cite cases that underscore the reality of supply chain risk, and analyze the structure of supply chains that affect different part of the market for IT electronics, in order to provide a better understanding of attack methods. We discuss techniques for defending against the range of threats, and propose a practical solution based on a suite of simple, inexpensive test procedures that could be used to build an "80% solution" for detection of counterfeits and embedded malicious implants before they are deployed. Tests we have prototyped include power signatures and of IR thermographic signatures of boot events. Deployment of such a test suite would change the SCRM game by making it significantly more difficult for supply chain exploits to succeed.

Published in:

Technologies for Homeland Security (HST), 2010 IEEE International Conference on

Date of Conference:

8-10 Nov. 2010