Establishing a trusted supply chain for embedded computing design

Oct. 24, 2018
ASHBURN, Va. – Best practices for establishing a trusted computing supply chain involves establishing state-of-the-art processes for rugged industry-standard open-architecture embedded computing like VME, VPX, PMC, and XMC. These processes are in place to reduce risk and mitigate malicious threats against hardware or data.

ASHBURN, Va. – Best practices for establishing a trusted computing supply chain involves establishing state-of-the-art processes for rugged industry-standard open-architecture embedded computing like VME, VPX, PMC, and XMC. These processes are in place to reduce risk and mitigate malicious threats against hardware or data.

The best way to lead is by example. The Curtiss-Wright TrustedCOTS services are one example of the processes and procedures essential for protecting the supply chain of embedded computing components.

These services include data protection for data-at-rest and data-in-transit and technology protection for anti-tamper. they also set the bar for trusted supply chain processes, including physical security; manufacturing security; component supply chain integrity; secure handling and chain of custody protection; product reliability and VITA 47 testing; counterfeit parts mitigation; and parts inspection.

Secure supply chain

The most important starting point in a secure supply chain is only to buy components directly from franchise sources, from the component OEM, or through authorized distribution channels. Control over the components chain of custody can be ensured only by purchasing through controlled, authorized channels.

Embedded computing subsystem vendors must follow the same stringent controls applied to semiconductor device suppliers when they purchase third-party mezzanine modules. The vendor of commercial off-the-shelf (COTS) embedded computing must control not only the source of supply for components, but also for the source of supply for mezzanine modules or subsystems that could have the potential to harbor counterfeit parts or tampering.

Related: Decomposing system security to prevent cyber attacks in trusted computing architectures

The COTS vendor must flow-down all of his requirements for using franchise suppliers to the module vendor. If the module vendor must go outside of standard channels, he also must ask the COTS vendor for approval. That way the COTS vendor can control the component’s source and purchase, as well as required authentication, testing, and other requirements necessary before proceeding.

Obsolescence and the supply chain

The embedded computing industry faces a contradiction; companies build builds products made with commercial parts with short life spans, yet that must function in integrated systems with very long lifetimes. In this environment, component obsolescence is a fact of life.

When a part goes through end-of-life (EOL), the first point of mitigation is to identify if the part manufacturer or his authorized distributor has a drop-in replacement available. If not, the vendor should pursue a replacement via a last-time buy (LTB). An LTB can help minimize the risk of obsolescence by extending product life and avoiding the need later to procure obsolete parts of questionable lineage from brokers.

Sometimes COTS vendors can find obsolete components only through parts brokers that are secondary sources unauthorized by the component OEM. The COTS vendor should use components from these suppliers only when authorized sources are no longer available, and then only with the approval of the customer. A brokered part should NEVER be used on a board without explicit customer approval. All parts from these suppliers should be tested at authorized third-party test facilities to ensure that they are authentic components meeting the original design specifications, and have not been subject to prior use or tampering.

Broker sources must be subject to intense audits, and any device provided by a broker must be tested by internal or accredited labs in compliance with customer-, supplier-, and industry-mandated validation methods. All test reports should be reviewed by the COTS vendor’s component engineering and quality teams prior to accepting the material into inventory. When using an authenticated broker part, the COTS supplier must perform disciplined configuration control to ensure that the brokered part receives a unique part number. Any brokered material must be controlled and segregated from franchised components so that its source of origin is always clear.

Related: The trusted computing implications of interfaces, and how they can influence system performance

COTS vendors should be active participants on relevant standards committees, such as the Society of Automotive Engineers (SAE) International AS6081, which defines best practices and requirements for working with trusted broker partners. For example, under AS6081, manufacturers must establish a quality management system and retain appropriate records for supply chain traceability. Any broker that Curtiss-Wright works with must be authenticated to stringent industry requirements, which we review internally.

Also, all material must be authenticated before it comes into the manufacturing site. Even then, the customer must approve any part acquired through a broker before it can go on a board. The customer has the option of whether or not to approve the authentication reports, ensuring that they are comfortable with the material.

Counterfeit parts mitigation

Counterfeit parts are a major concern for the U.S. Department of Defense (DOD). COTS vendors and electronics suppliers routinely discuss with their customers and suppliers how to prevent use of counterfeit parts.

Curtiss-Wright has implemented controlled processes designed to prevent counterfeit parts in the supply chain at any point in the product life cycle. This includes stipulating an SAE AS5553 (Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition) compliant process that uses approved vendors who have been audited and monitored by the COTS vendor to provide an audit trail for all components used, and to ensure their authenticity.

Many of the best practices for counterfeit mitigation -- including methods, systems, and trend monitoring -- result from participation in industry committees. Leading the way in efforts to prevent counterfeiting are the SAE G19 committee and various other industry consortia, such as the Electronic Resellers Association International (ERAI) and the Independent Distributors of Electronics Association (IDEA).

Related: Developing a secure COTS-based trusted computing system: an introduction

The continued development and evolution of standards results from partnerships with suppliers and customers, and through counterfeit-mitigation systems. New relevant regulatory standards are continually released.

For example, Curtiss-Wright also complies with the SAE AS6174 standard (“Counterfeit Materiel; Assuring Acquisition of Authentic and Conforming Materiel”), which includes nonelectrical component counterfeit mitigation. Defense and aerospace suppliers -- all of whom are routinely audited by customers to verify their compliance for electrical, electronic, and electromechanical (EEE) parts -- are required to evolve their methods in recognition of the non-EEE component counterfeit threat.

To ensure that their supplier is up to date with the latest trends in underworld counterfeiting and the most up-to-date techniques for mitigating them, systems integrators should ask their suppliers about the industry organizations they belong to, and which organizations they monitor. Maintaining membership in and monitoring the latest proposals from committees such as SAE G19 AS5553 is critical for staying ahead of the counterfeit game.

Leading COTS suppliers should monitor organizations that track trends in counterfeit materials, and share their experiences with groups like the Government Industry Data Exchange Program (GIDEP), the United Kingdom’s ESCO Council, and counterfeit-mitigation suppliers such as ERAI. Active involvement and communication with these bodies is critical for reducing the risk posed by counterfeits.

A company's certifications, like as AS5553, AS6081, or ISO/IEC 17025, is one way to verify how well a COTS supplier can mitigate counterfeits. SAE has released a technical certification in their National Aerospace and Defense Contractors Accreditation program (NADCAP) suite that provides technical acknowledgement, via auditing, that a supplier adheres to AS5553 requirements.

Related: Trusted computing: application development, testing, and analysis for optimal security

It is imperative that COTS suppliers protect their own manufacturing facilities and mitigate any insider threats. Curtiss-Wright manufactures its computer module products in the United States, Canada, and Europe. Employees working on the manufacturing floor are subject to background checks, and ITAR cleared before they are allowed to work on the manufacturing line. All employees are trained to ensure their competency. All sites are accredited to handle ITAR information. In addition, the company's U.S. manufacturing site is a secure facility and can handle classified data and components.

COTS vendors should use only trusted contract manufacturers. It is ideal to work with a contract manufacturer that is IPC Validation Certified as a Class 3 Trusted Source, and has a long legacy of high-performance in the military C4ISR sector.

When working with a U.S. Eyes-Only contract manufacturer it’s critical to ensure that all materials are U.S. Eyes Only-based, including circuit boards and metal work. It’s also critical to ensure the contract manufacturer adheres to all of the processes and standards that are used in the COTS vendor’s own facilities.

Design Integrity

To ensure design integrity, the COTS vendor should comply with the DOD’s Risk Management Framework (RMF). This framework provides controls for the information technology infrastructure to mitigate against unauthorized access, modification, loss, or theft of critical design information.

Communications is key in the relationship between COTS vendors and system integrators. One approach for improving communications is to establish a 24/7 web-based information portal that provides the system integrator with updates and visibility into what parts are approaching EOL, informing about LTB opportunities, or assuring them that a drop-in replacement part is available.

Related: Computer hardware's role in securing operating systems and hypervisors in trusted computing applications

Curtiss-Wright has established its Total LifeCycle Management (TLCM) services portal, an optional communications channel that enables customers to manage the trusted supply chain. It provides insight into what’s coming down the pipeline from industry and disseminates information such as reports, and material inventory status.

In today’s world, threats are unending and constantly evolving. That’s why COTS vendors should remain constantly vigilant, to protect and verify the integrity of the supply chain. Trust in your supplier’s certification but verify their performance to ensure that they, and any brokers and distributors they use, have demonstrated their abilities in counterfeit mitigation.

For more information about system security from the COTS perspective contact Curtiss-Wright Defense Solutions online at www.curtisswrightds.com, or by email at [email protected].

Kira Reid is senior director of supply chain & customer services at the Curtiss-Wright Corp. Defense Solutions Division in Ottawa. Contact her by email at [email protected].

Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos

Voice your opinion!

To join the conversation, and become an exclusive member of Military Aerospace, create an account today!