The Department of Defense (DoD) should increase its investment in developing a quantifiable assurance method for microelectronics – specifically a data-centric approach to mitigating risk within the microelectronics commercial supply chain – according to an independent panel review.
The National Defense Authorization Act of 2023 directed the Chief Scientist of the Air Force to assemble an independent panel of experts to conduct a review of the DoD’s Office of the Under Secretary of Defense for Research and Engineering’s (USD R&E) Microelectronics Quantifiable Assurance efforts.
“To stay ahead of our competitors, the Department of Defense needs access to the commercial supply chain of microelectronics. It is essential, but it comes with inherent risks. The independent panel review is helping us better understand the risk-based approach we need to take,” William LaPlante, under secretary of defense for acquisition and sustainment (USD A&S), said in a press release.
According to the panel’s review, a combination of a quantifiable assurance method and the trusted foundry method – the more mature human-centric approach DoD has been using – is needed to meet the department’s needs to mitigate risks associated with the microelectronics commercial supply chain. The human-centric approach leaves the department vulnerable to integrity and confidentiality violations. However, by requiring quantifiable assurance in the underlying commercial process, the DoD can meet its needs, the panel said.
“While there has been much debate about the virtue of Trusted Foundry and Microelectronics Quantifiable Assurance, there has also been a false dichotomy between the two,” said Chief Scientist of the Air Force Dr. Victoria Coleman. “The panel found that a combination of the two is necessary in order to meet the Department of Defense’s microelectronics needs.”
Microelectronics Quantifiable Assurance is an emerging data-centric approach to independently assess integrity across the microelectronics development lifecycle, including design and manufacturing. It is a way for the DoD to obtain additional assurance on the integrity of a part and its availability to function as desired.
However, the DoD still has more work to do on quantifiable assurance. The DoD lacks a strategy with clearly defined goals that can examine what specific data is needed and how long this approach takes and costs, according to the report.
The panel recommended that the DoD invest more in the quantifiable approach to address the riskiest stages of the microelectronics lifecycle while investing less in the trusted foundry approach, which partly addresses the least risky stages.
In addition, the panel recommended that to accelerate the development of a quantifiable assurance method the DoD should work with the semiconductor community to establish a cost-effective method and coordinate its development with the CHIPS and Science Act, which allocates $2 billion to help onshore microelectronics manufacturing and strengthen the microelectronics supply chain.
The review does acknowledge that the department’s Rapid Assured Microelectronics Prototypes (RAMP) is the “most significant investment” the DoD has made to develop and pilot a quantifiable assurance approach. RAMP, which was part of a nearly $200 million investment by the DoD for microelectronics, aims to “develop a secure design and prototyping capability to demonstrate how the DoD can securely leverage State-Of-The-Art microelectronics technologies without depending on a closed security architecture fabrication process or facility.”
Yet, the RAMP program is under-resourced, and “combined with a lack of a roadmap, this seriously hampers the development of the approach,” the report says.
The report also notes that the department lacks a microelectronics assurance executive agent to connect “DoD programs with the supply of suitable commercially sourced parts.” The department also lacks a dedicated group focused on “creating, piloting, and deploying” microelectronics assurance standards across the national security community.
The panel recommends that the DoD create a microelectronics assurance executive agent and standards board – comprised of officials from the defense industrial base, the semiconductor industry, and academia – to be led by the National Security Agency, USD A&S, USD R&E, and the military services.
