Big data, AI key to DOD supply-chain security

The Department of Defense is consuming more and more chips and lines of code, which translates to more supply-chain vulnerability. Officials and industry leaders argue big data and artificial intelligence will be critical tools to manage that risk going forward.

Speaking at an Intelligence and National Security Alliance and Defense One event, panelists described a rapidly expanding network of suppliers for weapons and components. For example, Northrup Grumman alone has some 5,000 suppliers in just one sector of its business.

"You've got those 5,000, they in turn have additional suppliers, so you think about all of the potential points of entry ... in terms of hardware, software, design, delivery," said John Jordan,  director of compliance for global supply chain for Northrop's Mission Systems Sector.

Benjamin Richardson, DOD's deputy director for information and industrial base protection, said that the traditional approach has been for an intelligence center to gather supply-chain threat data, package it into a report and push it out to program offices at suppliers.

"That's not an efficient way of kind of dealing with these things," he said, adding that approach can take weeks or months. Instead, he said defense security services must engage directly with industry to share threat information.

"I've been a big data advocate in the department to kind of push that. How do we get that information out to those companies to allow them to address those risks in almost a real-time fashion?" he asked. "That is something we need keep exploring, kind of keep pushing."

"Because of classification issues, we're loathe to talk about it, but we're working on it, no question we're working on it," Harvey Rishikof, chair of the Advisory Committee for the American Bar Association Standing Committee on Law and National Security, told FCW.

"We're hoping that in the next number of years we'll have some serious breakthroughs, and that's the [artificial intelligence], everyone is betting on AI," he said. He added that another source of possible supply-chain solutions will be technology that Silicon Valley develops to ensure the security of self-driving cars.

"You have some very serious people in the valley thinking about how they should lock down that security," Rishikof said.

He acknowledged that one of the challenges for DOD today is that it does not have the level of control and visibility over its suppliers as it once did. In addition, there are factors that affect the supply chain today such as industrial controls for transportation and power companies and the internet service providers that are degrees removed from the actual supply chain but that create substantial vulnerabilities.

Ultimately, he said, financial stressors and emerging global standards are going to push the next wave of supply-chain modernization.

"The tax code, cyber insurance, litigation, regulation and international treaties," Rishikof said, "are the five hammers that are going to move this space over time."