Establishing a Trusted Supply Chain for Embedded Computing Design
Published in Military & Aerospace Electronics
ASHBURN, Va. – Best practices for establishing a trusted computing supply chain involves establishing state-of-the-art processes for rugged industry-standard open-architecture embedded computing like VME, VPX, PMC, and XMC. These processes are in place to reduce risk and mitigate malicious threats against hardware or data.
The best way to lead is by example. The Curtiss-Wright TrustedCOTS services are one example of the processes and procedures essential for protecting the supply chain of embedded computing components.
These services include data protection for data-at-rest and data-in-transit. they also set the bar for trusted supply chain processes, including physical security; manufacturing security; component supply chain integrity; secure handling and chain of custody protection; product reliability and VITA 47 testing; counterfeit parts mitigation; and parts inspection.
Secure supply chain
The most important starting point in a secure supply chain is only to buy components directly from franchise sources, from the component OEM, or through authorized distribution channels. Control over the components chain of custody can be ensured only by purchasing through controlled, authorized channels.
Embedded computing subsystem vendors must follow the same stringent controls applied to semiconductor device suppliers when they purchase third-party mezzanine modules. The vendor of commercial off-the-shelf (COTS) embedded computing must control not only the source of supply for components, but also for the source of supply for mezzanine modules or subsystems that could have the potential to harbor counterfeit parts or tampering.
The COTS vendor must flow-down all of his requirements for using franchise suppliers to the module vendor. If the module vendor must go outside of standard channels, he also must ask the COTS vendor for approval. That way the COTS vendor can control the component’s source and purchase, as well as required authentication, testing, and other requirements necessary before proceeding.
Obsolescence and the supply chain
The embedded computing industry faces a contradiction; companies build builds products made with commercial parts with short life spans, yet that must function in integrated systems with very long lifetimes. In this environment, component obsolescence is a fact of life.
When a part goes through end-of-life (EOL), the first point of mitigation is to identify if the part manufacturer or his authorized distributor has a drop-in replacement available. If not, the vendor should pursue a replacement via a last-time buy (LTB). An LTB can help minimize the risk of obsolescence by extending product life and avoiding the need later to procure obsolete parts of questionable lineage from brokers.
Sometimes COTS vendors can find obsolete components only through parts brokers that are secondary sources unauthorized by the component OEM. The COTS vendor should use components from these suppliers only when authorized sources are no longer available, and then only with the approval of the customer. A brokered part should NEVER be used on a board without explicit customer approval. All parts from these suppliers should be tested at authorized third-party test facilities to ensure that they are authentic components meeting the original design specifications, and have not been subject to prior use or tampering.
Broker sources must be subject to intense audits, and any device provided by a broker must be tested by internal or accredited labs in compliance with customer-, supplier-, and industry-mandated validation methods. All test reports should be reviewed by the COTS vendor’s component engineering and quality teams prior to accepting the material into inventory. When using an authenticated broker part, the COTS supplier must perform disciplined configuration control to ensure that the brokered part receives a unique part number. Any brokered material must be controlled and segregated from franchised components so that its source of origin is always clear.
COTS vendors should be active participants on relevant standards committees, such as the Society of Automotive Engineers (SAE) International AS6081, which defines best practices and requirements for working with trusted broker partners. For example, under AS6081, manufacturers must establish a quality management system and retain appropriate records for supply chain traceability. Any broker that Curtiss-Wright works with must be authenticated to stringent industry requirements, which we review internally.
Read the full article here.
Developing a Secure COTS-based Trusted Computing System: An Introduction
Security and trusted computing, at the end of the day, really are all about the system. While the pieces and parts, such as the individual modules, operating system, and boot software, all are important, system security is not an additive process; it can’t simply be bolted-on to make the system secure.
COTS-Based Trusted Computing: Getting Started in Next-Generation Mission-Critical Electronics
Trusted computing involves technologies protect mission-critical embedded electronics from physical and remote attacks and from hardware and software failures.
The Trusted Computing Implications of Interfaces, and How They Can Influence System Performance
Steve Edwards and David Sheets explore the implications of how interfaces influence system design in trusted computing.
How We Implement Security from Design Through Production
We go the extra mile to protect our supply chain and manufacturing processes. This way, our customers can trust that all components on Curtiss-Wright products are authentic and all processes have met the strictest quality controls.