A new type of cyber forensics could soon make it impossible for a nation's adversaries to sabotage equipment acquired for the defense sector.
Published by the Foundation for Defense of Democracies, a Washington, DC-based think tank, a new research memo released today details how blockchain technology could be used to prevent maliciously modified hardware components from being built into infrastructure deemed crucial to national security.
While the paper, published by the foundation's Center on Sanctions and Illicit Finance, is geared toward protecting the interests of US national security, the principals seem to apply to any nation with high volumes of supply chain transaction data.
Memo authors, Samantha Ravich, previously the deputy national security advisor to former US Vice President Dick Cheney, and Michael Hsieh, a former DARPA program manager, describe how hardware imported from a "verifiably dangerous provenance" could be a threat to the "physical security" of the US.
The authors of the report, entitled "Leveraging Blockchain Technology to Protect the National Security Industrial Base from Supply Chain Attacks," write:
The memo, which was written for non-technical readers, describes how legacy systems for acquiring international goods could be transformed with blockchain technology to make clear the origins of any number of goods used to build what the foundation calls the national security industrial base, or NSIB.
Perpetrators of such threats engage in what the memo calls cyber-enabled economic warfare (CEEW) as a way to undermine an adversary's economy, and "reduce its political and military power." So-called "strategic" attacks aim to undermine a nation's entire infrastructure by introducing hardware components whose malicious purpose is "often carefully obfuscated," according to the paper.
Shedding light on the 'fog'
On multiple occasions, the paper specifically alleges such practices have been employed by China, based on one report by the US-China Economic Security Review Commission and another by the Senate Armed Services Committee. However, Afghanistan is also mentioned and other nations are alluded to.
To shed light on the "fog" created by high volumes of transactions, lack of standardization and inadequate records, the memo's authors call for the widespread movement of supply chain data to a blockchain that is perpetually scanned by artificial intelligence in search for criminal patterns.
For example, the paper cites an audit report by the Special Investigator General of the Afghanistan Reconstruction (SIGAR) in which it was revealed that a team of bomb-makers was allegedly working with the supply chain contractors for two days, in spite of being "explicitly blacklisted."
"Infected components are also potentially entering our national civil infrastructure en masse as well because civil enterprises share the same supply chain risks," the authors write. "In a conflict scenario, the collapse of the domestic economy would not only degrade national morale but disrupt the primary source of material support for U.S. forces."
They go on to say:
Call to action
After reaffirming the policy recommendations of the April 2017 Defense Science Board report – which was notably did not contain a single mention of blockchain or distributed ledger technology – the authors make a number of recommendations and warnings.
First, they recommend the formation of small-scale experiments conducted by tech-savvy "communities," the development of a set of requirements for “prime contractors” who are “able and willing” to accept a “blockchain-based payment system”, and the updating of privacy requirements within the current Defense Federal Acquisition Regulations (DFAR) pertaining to contractor information.
Specifically, a footnote near the end of the report mentions several supply chain firms in the blockchain space as examples of the types of work for which the authors advocate: BlockVerify (pharmaceuticals), Everledger (diamonds) and Provenance (general), which just yesterday raised $800,000 in venture capital.
Second, the authors recommend that "legislative and regulatory action should be taken in partnership with industry."
Regulatory warning
Buried in a footnote among the recommendation is warning that the laws that require US government entities to protect the privacy of their citizens may also apply to any contractor also employing such a supply chain.
"Further clarification on the possibly conflicting interpretations of the existing regulations for federal acquisitions will be required to ensure compliance for any pilot activity," the footnote reads.
The authors conclude:
A longer article that provides more depth and context to the paper is planned to be released at a later date.
Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Everledger and Provenance.
US military vehicles image via Shutterstock