For anyone interested, here is a soft copy of the presentation John Mulder and myself gave at the IFIP Working Group 11.10 on Critical Infrastructure Protection at National Defense University last Spring: Industrial Control System Field Device Analysis
On November 5, DoD approved/released DoD Instruction 5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN). The memo “Establishes policy and assigns responsibilities to minimize the risk that DoD’s warfighting mission capability will be impaired due to vulnerabilities in system design or sabotage or subversion of a system’s mission critical functions or critical components, as defined in this Instruction, by foreign intelligence, terrorists, or other hostile elements.”
This policy memo may look like the most boring thing ever, but it’s actually pretty exciting for my work. DoD has been blazing the trail for US Government supply chain risk management (at least, what’s what GAO says), but the high-level policies are still being developed. The memo formalizes a large part of DoD’s supply chain risk management program.