Trusted defense applications – a holistic perspective

Trust. For interpersonal relationships, trust is having confidence that another person always will try to do the right thing. In the defense community, “trusted computing” and “trusted devices” have become so popular that they have become almost buzzwords. Yet not all manufacturers grasp the magnitude of the implications behind the word “trust.” How do we truly trust some devices over others for life-or-death applications?

By Philip Fulmer
By Philip Fulmer

Trust. For interpersonal relationships, trust is having confidence that another person always will try to do the right thing. In the defense community, “trusted computing” and “trusted devices” have become so popular that they have become almost buzzwords. Yet not all manufacturers grasp the magnitude of the implications behind the word “trust.” How do we truly trust some devices over others for life-or-death applications?

Device certification to independent third-party standards immediately comes to mind. For a device manufacturer, achieving these industry-defined certifications is critical just for consideration of your product for defense applications.

Every time I turn to check the world news, there are reports of new, unexpected rhetoric and conflict between nations. In the context of trust, can we have confidence in an uninterrupted supply of defense microelectronics from high-volume, low-cost regions overseas? The answer is clearly “no,” given the unpredictable nature of world events today.

On-shore manufacturing is the only way to provide assurance of long-term supply continuity. One can argue, with valid logic, that on-shore assembly of defense microelectronics still requires many active and passive components produced overseas.

Related: Trusted computing: it's not just cyber security anymore

Continuing the thread of on-shore manufacturing, we cannot pretend that threats within our borders do not exist. Trust is earned through strict adherence to security policies covering personnel, carefully controlled access to need-to-know-information, and maintenance of a vigilant cyber security program.

Trust is earned by consistently demonstrating 100 percent compliance to all security protocols. Yet this is just the start. Staying one-step ahead of potential adversaries requires a LEAN/six-sigma approach of continuous improvement -- constantly challenging our assumptions and aggressively seeking to eliminate potential vulnerabilities.

Let’s discuss cyber security in more detail. It is a sad state of affairs when I am no longer surprised to receive a letter in the mail or an email indicating that a malevolent third party now has access to my personal information through exploitation of a security loophole.

While I appreciate the short duration of free credit monitoring, it raises other questions in my mind. What are the consequences of a cyber attack on a supplier manufacturing defense microelectronics? A vigilant cyber security program with multiple, redundant layers of security is an absolute requirement.

Related: Navy asks industry for new trusted computing techniques for mission-critical information systems

While a cyber security program is mandatory, we should not overlook more simple scenarios. Laptops and mobile devices can fall into the hands of an adversary. Simple passwords to our operating systems are not enough to protect valuable data. Additional encryption solutions offer one line of defense, yet how many of us take the time to investigate if our encryption software has special “back-doors” that our vendors use in emergency situations?

For maximum protection, several layers of encryption can be used. The National Security Agency (NSA) Commercial Solutions for Classified (CSfC) program, for example, presents guidelines to integrate several layers of approved, agile commercial encryption solutions for data-at-rest protection of sensitive information.

On-shore manufacturing, cyber security, and data-at-rest protection are just three examples of how manufacturers of defense microelectronics can earn the trust of their customers.

To be clear, I don’t discount the value of third-party certifications. But if we are going to talk about trust, I argue that we need a more holistic perspective of all the factors influencing trust.

Philip Fulmer is Director of Advanced Microelectronic Solutions Product Marketing at Mercury Systems in Andover, Mass.

Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos

More in Computers