Applied DNA Sciences Inc (APDN)

[abew4me]

Wow...it seems like this DoD report was written just for APDN's purpose.

Encourage you to check out the sobering “Final Report of the Defense Science Board (DSB) Task Force on Cyber Supply Chain”.

The bottom line up front: “The nation’s weapons systems are at risk from the malicious insertion of defects or malware into microelectronics and embedded software, and from the exploitation of latent vulnerabilities in these systems”.

Given the ‘dynamic nature of the global market for microelectronics’, the unclassified report broadly recommends:

...“strengthening the supply chain of microelectronics inserted into our weapons systems (the report highlights not just one, but three at-risk supply chains: the global commercial supply chain, the DoD acquisition supply chain, and the the DoD sustainment supply chain)

...operating in a rapidly evolving environment to assure parts in the cyber supply chain.

...expanding cyber supply chain exercises in the Military Services to address warfighter challenges

...improving program protection practices over the lifecycle of weapons systems.

...strengthening lifecycle protection policies, enterprise implementation support, and R&D programs to ensure that DoD weapons systems are designed, fielded, and sustained in a way that reduces the likelihood and consequences of cyber supply chain attacks.

...development of sustainment Program Protection Plans (PPP) for critical fielded weapons systems, with Military Service Chiefs designating fielded weapons systems for development of initial sustainment PPPs to demonstrate their effectiveness.”

At the confluence of cyber vulnerability assessments, acquisition intelligence, program protection planning, counterfeit parts prevention, Diminishing Manufacturing Sources and Materiel Shortages (DMSMS) and obsolescence mitigation, cybersecurity awareness and supply chain risk management, the report also warns that “in typically long DoD acquisition processes, approximately 70 percent of electronics in a weapons system are obsolete or no longer in production prior to system fielding. The Department’s mechanisms for tracking inventory obsolescence and vulnerabilities in microelectronic parts are inadequate. Microelectronics components are likely to become obsolete repeatedly during the weapons system lifecycle. Efforts to track component obsolescence lack oversight at a Department-wide level. Reporting of counterfeit and “suspect-counterfeit” microelectronics is mandatory for some, but not all prime contracts and subcontracts. Such reporting requirements are inconsistent and no DoD system at present collects event information on cyber-physical attacks of electronic components as its primary function. To address these concerns, a shared vulnerability database and a parts application database of installed hardware could promulgate corrective actions across weapons systems.”

Among the 25 specific recommendations contained in the report, several in particular of note include:

“USD(AT&L) work to promulgate new regulations to eliminate the disincentives for industry self-reporting of counterfeits.
USD(AT&L) direct the Defense Standardization program office to modernize the GIDEP reporting system
USD(AT&L) ensure that DoDI 5000.02 makes secure design and realistic risk assessment a core element of PPPs, and anticipates the need for resilience, ongoing evaluation, and upgrade
USD(AT&L) promote PPPs that encompass cradle to grave protection for new and existing systems, including recommending the ASD(L&MR)) revise the Logistics Assessment (LA) Guidebook to include program protection as one of the areas to be reviewed periodically after initial operational capability (IOC), and that each program protection plan be transitioned to the program manager responsible for sustainment and disposal.
USD(AT&L) explore avenues to improve training and standards
USD(AT&L), in coordination with the Military Service Chiefs, require development of a sustainment Program Protection Plan for designated fielded systems, and that ASD(L&MR) and DASD(SE) develop and promulgate guidance for the content of the sustainment Program Protection Plan and the implementation in sustainment processes.
ASD(L&MR) commission a feasibility study to demonstrate visibility to the bottom of the supply chain for critical parts; also to capture this information and include it in a DoD parts application database”
The report goes on to remind us that “logistics plays a crucial role in DoD’s ability to sustain deployed equipment. In the commercial world, “best-in-class” logistics systems are highly integrated and employ advanced automation methods—using advanced methods of data collection and analytics to identify, respond to, and recover from adverse supply chain events. DoD should seek to better understand the strategies and methodologies of commercial companies in data-driven supply chain risk management. Many of these techniques can reduce vulnerability to attacks mounted through weak links in the supply chain and limit harm should an attack nonetheless occur. The Department currently lacks the parts visibility to the bottom of the supply chain and does not have access to “gold standard” parts or the data needed for analysis of discovered vulnerabilities and successful attacks. A systematic method is needed to identify and authenticate a gold standard of key electronic parts. There is no consistent or assured means to authenticate provenance or pedigree of parts currently in production by reference to embedded authentication or traceability information.”

https://www.dau.mil/training/career-development/logistics/blog/Defense-Science-Board-Task-Force-Report-on-Cyber-Supply-Chain