DoD Instruction 5200.44 identifies supply chain risk as “the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system.”
Therefore Supply Chain Risk Management (SCRM) is “the process for managing supply chain risk by identifying susceptibilities, vulnerabilities and threats throughout DoD’s “supply chain” and developing mitigation strategies to combat those threats whether presented by the supplier, the supplied product and its subcomponents, or the supply chain.”
With potential damaging threats and liabilities that exist, SCRM should occur throughout the acquisition life cycle. SCRM includes working with appropriate DoD and Office of the Director of National Intelligence (ODNI) organizations on program threats (foreign and counterintelligence), technology vulnerabilities, contractor threat assessments, counterintelligence vulnerabilities, and global distribution risks. (Defense Acquisition Guidebook, Chapter, 4.3.6.T1, Risk Management Process Activities)
Due to the proliferation of micro-electronic assets existing in every almost every DOD weapon system and major information system, an area of significant vulnerability is in potential counterfeiting of micro-electronic assets. DoD established Counterfeit Prevention Policy in DoD Instruction 4140.67. It describes counterfeit materiel as any item that is an unauthorized copy or substitute that has been identified, marked, or altered by a source other than the item’s legally authorized source and has been misrepresented to be an authorized item of the legally authorized source. Additionally, the DAG 4.3.18.3. indicates anti-counterfeiting as a means to combat microelectronic fraud. Anti-counterfeiting represents an increasing threat of counterfeit (and fraudulent) parts in the global marketplace and affects every component of the program from commercial-off-the-shelf (COTS) assemblies to military-unique systems. Preventing counterfeit parts from entering the supply chain reduces cost and negative impacts to program schedule and system performance. "Overarching DoD Counterfeit Prevention Guidance" policy memorandum was signed by USD(AT&L) on March 16, 2012.
In addition, the Department of Defense (DoD) created the Trusted Foundry Program (TFP) in 2003 to respond to the threats of offshoring of microelectronics fabrication and the resulting diminishing influence of the DoD on leading-edge microelectronics research and development. The National Security Agency (NSA) and the Defense Microelectronics Activity (DMEA) equally fund the TFP. Since 2003, IBM provided U.S. Government programs with leading edge application-specific integrated circuits (ASICs). In July 2015, IBM transferred most of its commercial semiconductor business to Global Foundries. This transaction includes the ownership and operation of the two IBM foundries accredited by DMEA to provide microelectronics to U.S. Government programs through the TFP.