Upload
trankhanh
View
214
Download
0
Embed Size (px)
Citation preview
SMC Chief Systems Engineer
SMC Activitiesand
Challenges
Parts Standardization & Management Committee
(PSMC) 1 - 3 Nov 2016
2
SMC Space Mission Portfolio
Space SupportLaunch Systems Spacelift Range Sat Control & Network
Force ApplicationConventional MissilesPrompt Global Strike
Space SuperioritySpace Situation Awareness
- SBSS- Space Fence
Defensive Counter SpaceOffensive Counter Space
Space Force EnhancementMilstar/AEHF/EPS DSCS/GBS/WGS GPS DSP/SBIRS DMSP/DWSS NUDET (Nuclear Detection)
WE DEVELOP, ACQUIRE, FIELDAND SUSTAIN SYSTEMS IN
FOUR MAJOR MISSION AREAS
Developing, Delivering, and Supporting Military Space and Missile Capabilities to Preserve Peace and Win Conflicts
AF SPACE PORTFOLIO FUTURE
ARCHITECTURES
4
SMC Next Generation Programs
• The Changing Space Landscape• Evolving and greater threats (contested, congested, competitive)• Higher dependency on space systems (both military and commercial)• Funding constraints (DoD budgets flat at best)
• Challenges to the Current Architecture• Inflexible constellations (hard to maintain and replenish)• Lack of Resilience• Technology Stagnation and lack of competitive forces• Shrinking Industrial Base• Rising Cost
• Current architecture does not adequately address these new challenges
• AFSPC developing future resilient/affordable architectures and near-term investment strategies
Compelling need for alternative space architecture optionsSMC Architecture Studies On-going – Next “Programs of Record” TBD
5
AFSPC Commander Announces Space Enterprise Vision
4/12/2016 - PETERSON AIR FORCE BASE, Colo. -- Commander of Air Force Space Command, announced the command's Space Enterprise Vision here today. The SEV is the result of an AFSPC-commissioned study that looked at how to make the nation's national security space enterprise more resilient.The August 2015 SEV study addressed the findings of several previous studies that identified the U.S. space enterprise is not resilient enough to be successful in a conflict that extends to space. The SEV also recognizes that acquisition and programmatic decisions can no longer occur in mission area stovepipes, but must instead be driven by an overarching space mission enterprise context.To guide the development of this future enterprise, the SEV proposes using a new optimizing concept called "resilience capacity" to characterize and evaluate space capabilities. Resilience capacity will measure how well space enterprise forces can respond to the full range of known threats, and how quickly they can adapt to counter future threats, while continuing to deliver space effects to joint and coalition warfighters. It will replace the traditional "functional availability" metric used for decades to plan and manage individual constellations, but which does not account for emerging threats.
6
Nano, Cube, Small…….Sats
Specificationsand
Standards Status
SMC Standard SMC-S-01131 July 2015
------------------------Supersedes:
SMC-S-011 (2008)
SPACE AND MISSILE SYSTEMS CENTER STANDARD
PARTS, MATERIALS, ANDPROCESSES CONTROL
PROGRAMFOR LAUNCH VEHICLES
9
SMC 011 Major Revision Completed
• ELV - JC 002• Initially published 08 May 1991
• Combined 1546 & 1547 in one ELV standard• Objective was to recognize unique aspects of ELV mission and “optimize”
PM&P mission assurance requirements• Short mission life• But carrying expensive, high value payloads• Driven by affordability
• Minor updates over the years and republished as SMC Standard SMC-S-011• 2015 initiative completed to update SMC-S-011
• Same objectives/drivers• Recognizing “suitability” of PM&P supply base to meet mission needs
based on overall system design• Allow flexibility for alternative PMP management approaches while
maintaining mission success • Recognize short mission life and redundancy impacts on PMP requirements• Leverage PM&P in supply base which can meet mission requirements
10
SMC 011 Parts Selection
• Mission critical Component • System/circuit performing a function required to meet the mission objectives
or flight safety requirements, regardless of redundancy or implementation scheme
• ELV Space PMP Baseline required for Category I • Category I - Mission Critical & Single String or Mission Critical & Single point
Failure• Program PMP Baseline allowable for Category II
• Category II - Mission Critical and Redundant• Selection based on WCCA, Worst Case Derating, Redundancy, Mission
reliability, Survivability• Prescribed part screening and class selection no longer required • Knowledge of manufacturer part control, technology, & failure modes
• Baseline established by Contractor and approved by Parts, Materials, & Processes Control Authority (PMPCA)
• Non Mission Critical Applications• Do no harm analysis
Supply Chain Risk Management
(SCRM)
12
SCRM Policy
Trusted Systems and Networks (TSN)• DoDI 5200.44, November 5, 2012
Protection of Mission Critical Functions to Achieve TrustedSystems and Networks
“Establishes policy and assigns responsibilities to minimize the risk that DoD’s warfighting mission capability will be impaired due to vulnerabilities in system design or sabotage or subversion of a system’s mission critical functions or critical components by foreign intelligence, terrorists, or other hostile elements.”
Counterfeit Prevention• DoDI 4140.67, April 26, 2013
DoD Counterfeit Prevention Policy“Establishes policy and assigns responsibilities necessary to prevent the introduction of counterfeit materiel at any level of the DoD supply chain”
13
• a. Mission critical functions and critical components within applicable systems shall be provided with assurance consistent with the criticality of the system and with their role within the system.
• c. Risk to the trust in applicable systems shall be managed throughout the entire system lifecycle. The application of risk management practices shall begin during the design of applicable systems and prior to the acquisition of critical components or their integration within applicable systems, whether acquired through a commodity purchase, system acquisition, or sustainment process. Risk management shall include TSN process, tools, and techniques to:
• (1) Reduce vulnerabilities in the system design through system security engineering. • (2) Control the quality, configuration, and security of software, firmware, hardware, and
systems throughout their lifecycles, including components or subcomponents from secondary sources. Employ protections that manage risk in the supply chain for components or subcomponent products and services (e.g., integrated circuits, field-programmable gate arrays (FPGA), printed circuit boards) when they are identifiable (to the supplier) as having a DoD end-use. DoDI 5200.44, November 5, 2012
• (3) Detect the occurrence of, reduce the likelihood of, and mitigate the consequences of unknowingly using products containing counterfeit components or malicious functions.
• (4) Detect vulnerabilities within custom and commodity hardware and software through rigorous test and evaluation capabilities, including developmental, acceptance, and operational testing.
• (5) Implement tailored acquisition strategies, contract tools, and procurement methods for critical components in applicable systems, to include covered procurement actions in accordance with Reference (f).
Policy Excerpts
14
• d. The identification of mission critical functions and critical components as well as TSN planning and implementation activities, including risk acceptance as appropriate, shall be documented in the Program Protection Plan (PPP)
• e. In applicable systems, integrated circuit-related products and services shall be procured from a trusted supplier accredited by the Defense Microelectronics Activity (DMEA) when they are custom-designed, custom-manufactured, or tailored for a specific DoD military end use (generally referred to as application-specific integrated circuits (ASIC)).
• 2. DIRECTOR, DMEA. The Director, DMEA, under the authority, direction, and control of USD(AT&L), shall, in coordination with DoD CIO and the Heads of the DoD Components, perform the accreditations of trusted suppliers, review those accreditations on an annual basis, issue follow-on guidance for the use of trusted suppliers, and establish criteria for accrediting trusted suppliers of integrated circuit-related products and services.
Policy Excerpts (cont)
15
Spectrum of Supply Chain Risks
QualityEscape
Reliability Failure
FraudulentProduct
Reverse Engineering
Malicious Insertion
InformationLosses
DoD Program Protection focuses on risks posed by malicious actors
Stolen data provides potential
adversaries extraordinary
insight into US defense and
industrial capabilities and allows them to save time and
expense in developing similar
capabilities.
Unauthorized extraction of
sensitive intellectual
property using reverse
engineering, side channel
scanning, runtime security analysis,
embedded system security weakness, etc.
The intentional insertion of
malicious hard/soft coding, or defect
to enable physical attacks or cause mission failure; includes logic
bombs, Trojan ‘kill switches’ and backdoors for unauthorized
control and access to logic and data.
Counterfeit and other than
genuine and new devices from the legally authorized source including
relabeled, recycled, cloned, defective, out-of-
spec, etc.
Mission failure in the field due to environmental
factors unique to military and aerospace
environment factors such as particle strikes, device aging,
hot-spots, electro-magnetic
pulse, etc.
Product defect/inadequacy
introduced either through mistake or negligence during
design, production, and post-production
handling resulting in the introduction
of deficiencies, vulnerabilities, and degraded life-cycle
performance.
COUNTERFEIT PARTS
17
Parts, Materials & Processes Space StandardsSMC-STD 010/011
• Existing comprehensive PM&P management/technical program• Historically, effective at assuring quality parts, but “silent” on subject of
counterfeit parts • SMC sponsored the update/revision of two PMP
Standards (Aerospace TORs) for Space and Launch Vehicles• Requires all PMP to be procured from the original qualified parts/materials
equipment manufacture (OEM), or it’s franchised/authorized distributor• Requires all parts be delivered with a certificate of compliance to military
specification or space-level-equivalent source control drawing• Requires contractor to approve subcontractor PMP• Requires contractor to establish date/batch number control and two-way
tractability for PMP used in flight hardware• Requires contractor to perform Destructive Physical Analysis (DPA)
consistent with program technical requirements and MIL-STD-1580
18
PMPCB / PMP Selection List
• PMPCB• Requires establishment of a Parts, Materials and Processes
Control Board (PMPCB) with the following responsibilities:• Review and approve all PMP• Establish and maintain all PMP lists• Review results of DPAs, Material Review Board (MRB) actions, and failure analysis.• Ensure laboratories and facilities used for screening and/or evaluation of PMP are adequate.• Establish and maintain a prohibited PMP list• Review all GIDEP, NASA, DOD, contractor, subcontractor and other agency PMP alerts,
advisories, and reports for relevance to items used in the system.
• PMP Selection List• parts and materials are technically justified with approved
and qualified sources of supply, approved procurement specifications, and defined application conditions
• Parts Procurement • All parts shall be procured from the part original equipment
manufacturer (OEM) or its franchised, fully authorized distributor, and shall come with an OEM certificate of compliance.
19
Additional Standards - Counterfeit
• SAE AS-5553A• Fraudulent/Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition
• MIL-STD-3018; w/CHANGE 2; 2 June 2015 • DEPARTMENT OF DEFENSE STANDARD PRACTICE - PARTS MANAGEMENT• 3.4 Counterfeit part. A suspect part that is a copy or substitute without legal right or authority
to do so or one whose material, performance, or characteristics are knowingly misrepresented by a supplier in the supply chain. Parts which have been refinished, upscreened, or uprated and have been identified as such, are not considered counterfeit.
• j. Counterfeit parts. The parts management plan shall address the detection, mitigation, and disposition of counterfeit parts. Electronic, electrical, and mechanical parts are to be addressed. AS5553 should be used as guidance for electronic parts.
• SAE AS6500 (Manufacturing Management Program) • SAE AS5553 Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition• 5.4.1 Supply Chain and Material Management
• d. Counterfeit Parts: The organization shall implement a counterfeit parts prevention program to prevent the acquisition and incorporation of counterfeit parts or parts embedded with malicious logic into factory and test equipment and delivered products. The program shall include procedures for prevention, detection, and reporting of counterfeit parts
Space
Industrial
Base
21
SMC Critical Technology Risk Assessment
Space Systems Engineering Database
SMEs
SPO Survey
CoPs and Working Groups
USG Working Groups
PEO/TEO
Government Partners
Program Anomalies
Industry Contacts
SMC Priorities
EMAC
Interviews
Forums and Conferences
Aero
spac
eG
over
nmen
tIn
dust
ry
Audits and Program Reviews
CTL Ranking
Leverages inputs from Government, Aerospace and Industry to identify technologies at risk
Unclassified
5
4
3
2
1
1 2 3 4 5
SEVERITY of CONSEQUENCE
LIK
ELI
HO
OD
22
ID Name
1 A40 Aluminum Packaging/House
2 Aerospace-Grade Rayon3 Ammonium Perchlorate4 Atomic Clocks 5 Bearings6 Carbon Fibers7 CCDs
8a CdZnTe Substrates for IR Detectors (111)
8b CdZnTe Substrates for IR Detectors (211)
9 Cellophane for Batteries10 Ceramic Packages11 Connectors12 Control Moment Gyros13 Cryocoolers14 Diode Glass15 Diodes16 Fast Steering Mirrors17 Fiber Optics Cable18 Fuel Valves19 Fuses20 GaAs FET21 Gas Valves and Regulators
22 Germanium Substrates for Solar Cells
23 Glass for Optics24 HBTs25 Helium26 Hermetic Tantalum Capacitors27 High Current Relays28 High Efficiency Power Supplies29 High Power Laser Diodes
30 High Speed Digital Electronics for Fiber Optics Systems
31 High-Power Solid State Amplifiers
32 IBC Detectors33 Infrared Dispersive Elements34 Integrated Optics Chips35 Lead Free Coatings36 Lightweight Structures
ID Name37 Liquid Rocket Engines38 Loop Heat Pipes39 Low CTE Glass40 Lubricant41 MMICs42 Nickel-Coated Graphite Powders43 NiH2 Batteries
44 non-volatile Memory/Flash Memory
45 OCXO and Resonators46 Optical Coating for Mirrors47 Optical Coatings for Solar Cells48 Optical Filter
49 Optical Mirror Materials -Beryllium
50 Optical Mirror Materials - SiC51 Ordnance52 Power MOSFETs53 Precision Foil Resistors54 Precision Gyroscopes55 Printed Wiring Boards56 Rad - Hard ASIC57 Rad-Hard FPGA58 Rare Earth Metals59 Reaction Wheel Assembly
60 Read-out Integrated Circuits (ROICs)
61 Rocket Fuels (Hydrazine)62 Rocket Fuels (N2O4)63 Sapphire Substrates64 Sensor Chip Assemblies65 Silver-Zinc Batteries 66 Slip Rings67 Solid Rocket Motors68 Star Tracker69 Super Luminescent Diodes70 Tantalum Chip Capacitors71 Transistors
72 Traveling Wave Tube Amplifiers (TWTAs).
73 Viscous Dampers
CTL Risk Matrix
5
4
3
2
1
1 2 3 4 5
SEVERITY of CONSEQUENCE
LIK
ELI
HO
OD
23
Wide Breath of IB Projects
Infrared Detectors
Batteries
Photovoltaics
Traveling Wave Tubes
Reaction Wheel Assemblies
Star Trackers
RL10 Rocket Engine
Radiation Hardened Electronics
Trusted Foundries/Services
24
• Objective: Demonstrate ability to scale up SLM processfor liquid rocket engine parts combined with a businesscase review of cost savings attributed to themanufacturing process change– Multiple liquid rocket engine programs– Multiple parts– Three large SLM machines– Three alloys
• Awarded to Aerojet Rocketdyne and managed by AFRLWrightPatterson AFB
• Different team members focusing on different alloys– University of Tennessee / ORNL – Al-10SiMg– Aerojet Rocketdyne – Inconel 718– Atlantic Precision – CuCr
• Multiple parts being evaluated– Structural housings (e.g., LOx impeller, gearbox) – Al-10SiMg– Ducts, fittings, tees elbows, housings, impellers – Inconel 718– Upgraded Thrust Chamber Assembly – CuCr
Additive Manufacturing
Committee on Foreign Investment in the United States
(CFIUS)
26
• The Committee on Foreign Investment in the United States (CFIUS) reviews foreign acquisitions, mergers and takeovers of U.S. businesses that raise national security issues.
• CFIUS, working by consensus, has the power to approve a transaction or send it to the President for his decision.
• CFIUS operates on statutory deadlines consisting of an initial 30-day review, a possible further 45-day investigation, and a possible Presidential decision lasting 15 days.
• CFIUS is chaired by the Department of Treasury (Treasury), and includes representatives from 15 other United States government departments, agencies and offices.
• While filing with CFIUS is generally voluntary, and the Committee reviews less than 10% of all inbound foreign transactions, it has the authority to compel a review of a transaction that is not filed voluntarily.
Committee on Foreign Investment in the United States (CFIUS)
27
• USD(AT&L). The USD(AT&L) shall:• a. Identify any effect on national security of a proposed CFIUS foreign acquisition of a
U.S. defense, or potential defense supplier, in areas for which the USD(AT&L) has responsibility, including the defense-related industrial base; research and development; defense cooperation relationships with foreign partners; defense procurement and logistics; and small business programs, specifically addressing whether the firm being acquired possesses critical defense technology under development or is otherwise important to the defense industrial and technological bases.
• b. Assess whether the U.S. firm possesses any critical technologies• c. Assess the likelihood and national security impact of any supply disruption based on
availability of alternative sources and the strategic objectives and economic viability of the acquiring firm
• d. Ensure adequate resources, in terms of staff and budget, are available for statutorily required monitoring and ensuring yearly compliance by foreign entities or their U.S. subsidiaries party to mitigation agreements with the Department of Defense for which USD(AT&L) is primarily responsible.
• DIRECTOR, NATIONAL RECONNAISSANCE OFFICE (NRO).• The Director, NRO, under the authority, direction, and control of the USD(I), shall, in
addition to the responsibilities in section 22 of this enclosure, evaluate CFIUS transactions to determine their impact and implications on overhead reconnaissance systems.
DoDI 2000.25
28
• Typical types of mitigation agreements that CFIUS mayrequire the parties to enter into depending on the level offoreign ownership, control, or influence.
• Board Resolution; Security Control Agreement; Special Security Agreement; ProxyAgreement; Voting Trust Agreement.
• Example CFIUS mitigation conditions:• Establishing a Security Committee, security officers and other mechanisms to ensure
compliance with required actions, including annual reports and independent audits;• Ensuring compliance with established guidelines and terms for handling existing or
future U.S. Government (“USG”) contracts and USG customer information;• Ensuring only U.S. persons handle certain products and services, and ensuring
that certain activities and products are located only in the United States;• Notifying relevant USG parties in advance of foreign national visits to the U.S.
business;• Notifying relevant USG parties of any material introduction, modification or
discontinuation of a product or service, as well as any awareness of anyvulnerability or security incidents; and
• Ensuring continued production of certain products for relevant USG parties forspecified periods;
• Requiring a proxy entity to perform certain functions and activities of the U.S.business.
Mitigation
Long-Term Strategy for DoD Trusted Foundry Needs
DASD(SE)
30
Ensuring Confidence inDefense Systems
• Threat:• Adversary who seeks to exploit vulnerabilities
to:• Acquire program and system information• Disrupt or degrade system performance • Obtain or alter US capability
• Vulnerabilities:• All systems, networks and applications• Intentionally implanted logic (HW/SW)• Unintentional vulnerabilities maliciously
exploited (e.g., poor quality or fragile code)• Controlled defense information resident on, or
transiting supply chain networks• Loss or sale of US capability that provides a
technological advantage• Consequences:
• Loss of data; system corruption• Loss of confidence in critical warfighting
capability; mission impact• Loss of US capability that provides a
technological advantage
Access points are throughout the acquisition life cycle…
…and across numerous supply chain entry points - Government- Prime, subcontractors- Vendors, commercial parts
manufacturers- 3rd party test/certification
activities
31
Trusted Integrated Circuit Supplier
Provides an assured “Chain of Custody” for both classified
and unclassified ICs
Protects the ICs from unauthorized attempts atreverse engineering, exposure of functionality or
evaluation of their possible vulnerabilities
Ensures that there willnot be any reasonable
threats related todisruption of supply
Prevents intentional or unintentional
modification or tampering of the ICs
Design Aggregate Mask Foundry Packaging/ Assembly
Test
Trusted Suppler
Trusted Supplier
Trusted Supplier
Trusted Supplier
Trusted Supplier
Trusted Supplier
32
Trusted Foundry Program
Only method to obtain quick-turn, Trusted microelectronics (protectingintegrity, confidentiality and availability)– Mitigates risk of hardware Trojan insertion per DoDI 5200.44– Protects Critical Program Information per DoDI 5200.39
Trusted Suppliers must meet a comprehensive set of security andquality criteria
– Facility Clearance, FOCI adjudication/mitigation– Cleared Chain of Custody– Information System Security– Configuration Management– Quality– Manufacturing Contingency Plan– Scrap Controls
33
Potential Access Points
Substrates
Materials
Masking IP
Physical DesignFoundry
Fab ToolSuppliers
Wafer Test
Bumping
Assembly
Packages
Tester EquipmentSuppliers
Electrical Test
Life Test
Environmental Test
Logic Design
Requirements
SpacecraftIntegration
EM Building
Box Building
Payload PrimeHigh-LevelDesign &
Partitioning
EDA ToolSuppliers
Possible offshore resources/vulnerability areas
Design development pathSupport elements
KEY:
34
Program Protection Planning Policy
• System Security Engineering is accomplished in the DoD through program protection planning (PPP)
• DoDI 5000.02 requires program managers to employ system security engineering practices and prepare a Program Protection Plan to manage the security risks to critical program information, mission-critical functions and information
• Program managers will describe in their PPP:• Critical Program Information, mission-critical functions and
critical components, and information security threats and vulnerabilities
• Plans to apply countermeasures to mitigate associated risks:• Supply Chain Risk Management• Hardware and software assurance
• Plans for exportability and potential foreign involvement• The Cybersecurity Strategy and Anti-Tamper plan are included
35
Long Term Trusted Foundry Strategy
Supports activities to ensure critical and sensitive integrated circuits are available to meet DoD needsProgram goals:• Protect microelectronic designs and intellectual property (IP) from espionage and manipulation• Advance DoD hardware analysis capability and commercial design standards, e.g., physical,
functional, and design verification and validation• Mature and transition new microelectronics trust model that leverages commercial state-of-the-
art (SOTA) capabilities and ensures future accessTechnical challenges:• Develop alternate trusted photomask capability to preserve long-term trusted access and
protection of IP• Scale/enhance the government’s ability to detect security flaws in integrated circuits• Leverage academic and industry research for assuring trust from any supplierProgram partners: • DoD science & technology (S&T), acquisition communities, academia, industry
Provides technical solutions that can be leveraged by government and industry to enable microelectronics trust
36
Joint Federated Assurance Center (JFAC)
The JFAC is a federation of DoD organizations that have a shared interest in promoting software and hardware assurance in defense acquisition programs, systems, and supporting activities. The JFAC member organizations and their technical service providers interact with program offices and other interested parties to provide software and hardware assurance expertise and support, to include vulnerability assessment, detection, analysis, and remediation services, and information about emerging threats and capabilities, software and hardware assessment tools and services, and best practices.
37
Joint Federated Assurance Center
• JFAC is a federation of DoD software and hardware assurance (SwA/HwA) capabilities and capacities• To support programs in addressing current and emerging threats and
vulnerabilities• To facilitate collaboration across the Department and throughout the
lifecycle of acquisition programs• To maximize use of available resources• To assess and recommend capability and capacity gaps to resource
• Innovation of SW and HW inspection, detection, analysis, risk assessment, and remediation tools and techniques to mitigate risk of malicious insertion• R&D is key component of JFAC operations• Focus on improving tools, techniques, and procedures for SwA and HwA to
support programs
• Federated Organizations• Army, Navy, AF, NSA, DMEA DISA, NRO, MDA laboratories and engineering
support organizations; Intelligence Community and Department of Energy
The mission of JFAC is to support programs with SwA and HwA needs
38
Summary
• SMC pro-active in assuring access to high reliability space qualified technology for current and future programs• S&T, Productization and Qualification of Space
Technology/Products/Supply base• Trusted / SCRM
• Industrial Base Risk Assessment and Mitigation Efforts• Space is niche market
• Extensive collaboration across space & DoD community• National Security Space (SMC, NRO, MDA)• NASA & Commercial Space• DoD “Non-space” Community