The Need for Higher Education in Cyber Supply Chain Security and Hardware Assurance

The Need for Higher Education in Cyber Supply Chain Security and Hardware Assurance

Brian Cohen (Institute for Defense Analyses, Alexandria, USA), Michelle G. Albert (Institute for Defense Analyses, Alexandria, USA) and Elizabeth A. McDaniel (Institute for Defense Analyses, Alexandria, USA)
DOI: 10.4018/IJSSSP.2018040102

Abstract

Higher education curricula, specialized degrees, and certificate programs related to cybersecurity are proliferating in response to student demand; faculty interest and expertise; employer demand; government and industry standards and funding; and the expectations of specialized, state, or regional accrediting agencies. These expanding academic programs, however, do not adequately address supply chain threats that affect national security. The authors assert that cyber supply chain risk management (C-SCRM), with a focus on hardware assurance, should be considered a critical aspect of cybersecurity and be included in higher education curricula to prepare the future cyber workforce to face challenges related to supply chain security and hardware assurance.
Article Preview
Top

Efforts to manage the risks associated with the cyber supply chain began in earnest with the Comprehensive National Security Initiative (CNCI), which was launched in 2008 when President George W. Bush signed National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD-23), Cybersecurity Policy (The White House, 2008b). President Barack Obama determined that CNCI and its associated activities should evolve to become key elements of a broader, united national security strategy (The White House, 2008a).

CNCI Initiative #11 (“Develop a multi-pronged approach for global supply chain risk management”) states that risks from both the domestic and global supply chains must be managed over the life cycle of a cyber-enabled component. The purpose of this initiative was to enhance the U.S. government’s skills, policies, and processes to provide departments and agencies with a robust toolset to manage and mitigate supply chain risk levels commensurate with the criticality of, and risks to, the government’s systems and networks (CNCI, 2008). Although CNCI’s sunset provisions caused it to expire in 2013, its key elements continue.

The Committee on National Security Systems (CNSS) is responsible for the protection of national security systems belonging to the Department of Defense (DoD), the Intelligence Community, and other government agencies. CNSS’s goals support CNCI and NSPD-54/HSPD-23. CNSS Directive 505, Supply Chain Risk Management, was published in 2012 in accordance with CNCI Initiative #11. It states that the U.S. Government must address the reality that the global marketplace provides increased opportunities for adversaries to penetrate supply chains by establishing an organizational capability to identify and manage supply chain risk to national security systems. Risks must be assessed early and throughout the acquisition life cycle, and all-source threat information must inform the use of risk mitigations (CNSS, 2017).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 2 Issues (2020): Forthcoming, Available for Pre-Order
Volume 10: 2 Issues (2019): 1 Released, 1 Forthcoming
Volume 9: 4 Issues (2018)
View Complete Journal Contents Listing