At the end of last year, the United States Department of Defense (DoD) announced that it would tighten the cybersecurity standards that contractors need to meet when taking on business with the Pentagon. The new contracting language, which is currently under development by the DoD, would hold contractors accountable for the cybersecurity of products delivered to the government, as well as the security of each company in their supply chain.

In addition, in May the Pentagon announced that it was developing a new cybersecurity certification for DoD contractors that will be made available to contractors later this year. The new standard, called the “Cybersecurity Maturity Model Certification” (CMMC), is intended to address cybersecurity deficiencies in the defense industrial base and to secure the supply chain.

“Supply chains are constantly at risk of being compromised by entities who possess sophisticated, high-tech methods that are difficult to counteract,” explained Scott Fletcher, CEO of Atlanta-based startup LocatorX, which offers companies a Certified QR code for logistics, supply chain management.

The DoD’s stronger regulations should also proactively protect critical technologies from dangerous vulnerabilities in geo-political transactions

“Pending new regulations from the DoD, contractors may now be held accountable for the security of their supply chain while working under government contracts,” Fletcher told ClearanceJobs.

The Weak Links in the Supply Chain

While there has been a lot of focus in the computer networks of government contractors, the supply chain is actually being seen as a potential “weak link.” Last year there were reports that Chinese spies had placed illicit microchips on the motherboards of servers that were assembled by San Jose-based Super Micro Computers Inc. Some of these services were reportedly sold to firms that worked with U.S. intelligence agencies, as well as tech giants including Amazon and Apple.

The rogue microchip – not bigger than a grain of rice – was reported by Amazon to U.S. authorities, but it cast a spotlight on the dangers that an insecure supply chain can have on our digital devices. The best security software is of course useless if there is a hardwired entry point on those systems.

LocatorX now offers a solution, one that utilizes “nanotechnology” that provides traceability and security within the supply chain.

“These innovative technology solutions are offered at a size and cost point that have never been offered before,” added Fletcher. “When compared with the two technologies widely used for supply chain security today, GPS and RFID, LocatorX’s solutions have much richer features, a lower price-point, and a significantly smaller size.”

This could help make managing the DoD supply chain a little easier, especially as it includes many of the second- and third- or fourth-tier supply base that could be vulnerable to such exploits. Today the Pentagon contracts with thousands of companies – many of which subcontract out some of the work – so having a system to monitor the supply chain is a necessity. According to a 2018 report by the Government Accountability Office, harmful hardware or software was one of the major risks facing all federal agencies.

“Contractors will be able to trace the flow of their supply chain on an item-level basis using solution sets from LocatorX,” Fletcher told ClearanceJobs.

“Through the implementation of low-cost, high-tech labels and chips, contractors will have access to more data surrounding the location and status of their goods,” he added. “Both the price and the size will allow these solutions to be affixed to almost any physical item. They can be added to the product itself or included in a pallet, depending on the functionality needed. Not only will they transmit location information, but using environmental sensors, they will be able to relay information about temperature and humidity regarding the product. LocatorX aims to provide unparalleled added security to mitigate loss in the supply chain.”

Related News

Peter Suciu is a freelance writer who covers business technology and cyber security. He currently lives in Michigan and can be reached at petersuciu@gmail.com.