FDD and CPRI Research Blockchain For Supply Chain Protection

Manufacturing supply chains will play a huge role in advancing globalization into the future. However, just as in any other industry, supply chain management has its faults. Hidden behind the guise of legitimate trade partners, rival states can endanger the national security of their contenders. This includes deploying large-scale, sophisticated, and malicious supply chain attacks that assist bad actors with economic espionage and can threaten the physical security of a nation in the long run.

A 2012 study conducted by the Senate Armed Service Committee found there were over 1,800 cases of suspect counterfeit parts in the defense supply chain in 2009 and 2010. These parts were used for critical US weapons systems, and included the Electromagnetic Interference Filters used in the Navy's SH-60B helicopters. In addition, according to the SANS Institute, 80 percent of cyber breaches involve a supply chain compromise. For example, one of the largest and most pronounced DDoS attacks in recent history was initiated due to compromised video components in devices.

Washington-based, nonprofit, nonpartisan policy institute Foundation for Defense of Democracies (FDD) labels these actions as cyber-enabled economic warfare or “a hostile strategy involving attack(s) against a nation using cyber technology with the intent to weaken its economy and thereby reduce its political and military power.” While there are multiple levels of these attacks, the ones that pose the most threat to the US involve the swapping of counterfeit components for authentic ones during the supply management process, thereby threatening the National Security Industrial Base (NSIB) (a critical component to the Department of Defense). However, according to the FDD, blockchain technology possesses the qualities to mitigate these risks and secure trust in the supply chain industry by transforming “legacy acquisitions systems.”

 “The essence of the blockchain solution to supply chain security is the unification of all the transactional activities that constitute a supply chain into a single dataspace so that the transactional fog in which adversaries presently hide can be minimized. At present, adversaries can easily hide because the volume, heterogeneity, and sparseness of records associated with supply chain events makes timely investigations impracticably difficult.”

The FDD recommends that the US takes the proper steps to integrating policies that tackle the potential threat head-on. This includes the establishment of a new electronic supply chain tracking method, maintained by a prime contractor.

“As a general example, we consider a contract awarded to a prime contractor for the production of a complex electronic system for the NSIB. The prime contractor will have subcontractors, and subcontractors to subcontractors. Upon approval to start work, the prime and subcontractors will be assigned accounts on a common blockchain through which payments will be effected. Every value-adding activity by the prime or by a sub will be required to be annotated as events on the blockchain – such events could be the fabrication, testing, or delivery of a component.”

In parallel, the Cybersecurity Policy and Research Institute (CPRI) at the University of California-Irvine is rolling out a self-described “technology agnostic” supply chain security research project which will explore how blockchain technology can be used to mitigate supply chain risks, such as counterfeiting, malware, and other compromised hardware and software. CPRI participants include a multidisciplinary team of more than 15 UCI faculty members who have all placed supply chain security as a high-priority research issue. Other participants include experts from academia, critical infrastructure enterprises, law enforcement/government agencies, and the privacy and civil liberties community. In November 2017, the CPRI will be participating in a conference to examine blockchain technology applications in the supply chain industry.

Bryan Cunningham, CPRI’s founding executive director, cybersecurity and privacy attorney, and former Deputy Legal Adviser to the White House National Security Council, tells ETHNews that blockchain can assist companies with provenance in a number of industries due to a large number of parts originating from international destinations. Cunningham expresses that the blockchain could create a greater degree of confidence and integrity in supply chains.

“Given that there so many opportunities for bad actors to capitalize upon weak points in the current supply chain system, there is an increasing need to have transactions verified through trust agents,” said Cunningham.

The Foundation states that the blockchain won’t be the fully comprehensive solution to supply chain security, but proposes that it can help create a safer and more trustworthy supply chain market. 

“While the blockchain, as a new technology, entails extraordinary risks, it also bears extraordinary promise as a tool uniquely suited to such problems of singular scale and complexity.”