Cybersecurity Reference and Resource Guide

2019 Cybersecurity Resource and Reference Guide_DoD-CIO_Final_2020FEB07

The purpose of this document is to provide a useful reference of both U.S. and International resources, in order to develop cybersecurity programs and to build and maintain strong network protection. Extensive reference materials exist that support efforts to build and operate trusted networks and ensure information systems maintain an appropriate level of confidentiality, integrity, authentication, non-repudiation, and availability. The resources compiled here support security cooperation and shared best practices to help achieve collective cybersecurity goals. This guide provides readily available and unclassified information pertaining to cybersecurity norms, best practices, security cooperation, policies and standards authored and adopted by the United States (U.S.) government, the U.S. Department of Defense (DoD), and recognized international institutes and workforce development training resources provided by government, industry, and academia.

Aspects related to Cyber Supply Chain Risk Management in the document:

Cyber Supply Chain Risk Management (SCRM) is the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of information and operational technology product and service supply chains. It covers the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction) as supply chain threats and vulnerabilities may intentionally or unintentionally compromise an information and operational technology product or service at any stage.

Website: https://csrc.nist.gov/Projects/Supply-Chain-Risk-Management

NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, April 2015

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain. These risks are associated with the federal agencies decreased visibility into, understanding of, and control over how the technology that they acquire is developed, integrated, and deployed, as well as the
processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services. This publication provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations. This publication integrates SCRM into federal agency risk management activities by applying a multi- tiered, SCRM-specific approach, including guidance on supply chain risk assessment and mitigation activities.

Website: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161.pd

Cybersecurity and Information Systems Digest

Cybersecurity & Information Systems Information Analysis Center (CSIAC)
14 DECEMBER 2021

The Digest is a newsletter intended to provide readers with a greater awareness of the latest research and development trends in the four technical focus areas supported by CSIAC while also highlighting recent CSIAC activities, services, and products.

Find the latest issue at this link:

14 DECEMBER 2021 – CSIAC

Learning from supply disruptions caused by SARS-CoV-2: use of additive manufacturing as a resilient response for public procurement

The SARS-CoV-2 pandemic has had severe effects on economies worldwide and, in particular, on public institutions that must keep their operations running while supply chains are interrupted. The purpose of this study is to examine how public institutions act during a pandemic to ensure the security of supply.

Read Entire Paper (Subscription Required)

How the Covid-19 pandemic has affected, and will affect, operations and supply chain management research and practice

The Covid-19 pandemic has caused significant impacts at all levels – societal, organizational and personal. At the time of writing, there has been a significant death toll worldwide with many nations still gripped by restrictions put in place to mitigate the impact of the virus. Some countries are beginning to recover, although the impacts will be felt for many years. Rather than writing a reflection piece on the EurOMA conference that was held virtually in 2020, we thought it best to consider how the pandemic has impacted research and practice in operations and supply chain management (OSCM).

Read entire editorial

Performance Assessment of Oil Supply Chain Infrastructure Subjected to Hurricanes

The petroleum industry in the United States relies heavily on facilities in hurricane-prone regions, such as the Gulf Coast. Past hurricanes have demonstrated the vulnerability of petroleum supply chains to these extreme events; however, models are lacking for hurricane performance assessment of petroleum supply chain infrastructure. In this study, a probabilistic framework is presented for the performance assessment of oil supply chain infrastructure (OSCI) subjected to hurricane events, spanning from a methodological definition to implementation to opportunities and needs. The framework leverages Bayesian networks for probabilistic analysis of connectivity and flow within the oil supply chain, alongside fragility functions for physical damage and functionality assessment of supply chain components. A literature survey is conducted to identify the tools enabling the proposed framework. Application of the method for probabilistic assessment of tightly interrelated oil supply chains subjected to hurricane events is demonstrated with a representative OSCI comprised of platforms, ports, pipelines, refineries, storage facilities, power, and transportation infrastructure. In addition to investigating the impact of alternative levels of hazard exposure and the effectiveness of different mitigation actions, the framework affords the potential for Bayesian updating as new data come online regarding the component performance or product availability/flow. The proposed framework can provide a foundation to support risk mitigation and resilience enhancement efforts in the petroleum industry.

Read entire article (fee required)

DOE: Securing the United States Bulk-Power System

Pursuant to Executive Order 13920 (/executive-order/13920) (E.O. 13920 (/executive-order/13920)) issued May 1, 2020, titled “Securing the United States Bulk-Power System,” the Department of Energy (DOE or the Department) is seeking information to understand the energy industry’s current practices to identify and mitigate vulnerabilities in the supply chain for components of the bulk-power system (BPS).

Counterfeit Parts Prevention Strategies Guide

This document is intended to be a valuable guide for all contractors and suppliers, regardless of tier, to facilitate implementation of an effective counterfeit electronic parts avoidance and detection system, thereby reducing risk within government products. By increasing awareness and fostering collaboration throughout the supply chain, the risk of inadvertently procuring and using counterfeit parts at any level within the supply chain can be prevented.

Parts, Materials, and Processes Control Program for Space Vehicles

The requirements of this document were developed for long life and/or high reliability space vehicles and equipment, and are based on MIL-STD-1546B. To ensure successful operation of space equipment, attention to every detail is required at every level of assembly throughout development, manufacture, qualification, testing, and operation starting with the parts, materials, and processes used.

This document supersedes Aerospace Technical Operating Report TOR-2006(8583)-5235 Revision A, titled Parts, Materials, and Processes Control Program for Space and Launch Vehicles, and shall be used for all space program PMP procurements.

The objective of this parts, materials, and processes control program document is to ensure integrated and coordinated management of the selection, application, procurement, control and cost effective standardization of EEEE (electrical, electronic, electromechanical and electro-optical) and mechanical parts, materials, and processes for space vehicles. The requirements presented herein should reduce program costs and improve the reliability of all space vehicles and is intended for all future space program acquisitions.