SMC Chief Systems Engineer

SMC Activitiesand

Challenges

Parts Standardization & Management Committee

(PSMC) 1 - 3 Nov 2016

2

SMC Space Mission Portfolio

Space SupportLaunch Systems Spacelift Range Sat Control & Network

Force ApplicationConventional MissilesPrompt Global Strike

Space SuperioritySpace Situation Awareness

- SBSS- Space Fence

Defensive Counter SpaceOffensive Counter Space

Space Force EnhancementMilstar/AEHF/EPS DSCS/GBS/WGS GPS DSP/SBIRS DMSP/DWSS NUDET (Nuclear Detection)

WE DEVELOP, ACQUIRE, FIELDAND SUSTAIN SYSTEMS IN

FOUR MAJOR MISSION AREAS

Developing, Delivering, and Supporting Military Space and Missile Capabilities to Preserve Peace and Win Conflicts

AF SPACE PORTFOLIO FUTURE

ARCHITECTURES

4

SMC Next Generation Programs

• The Changing Space Landscape• Evolving and greater threats (contested, congested, competitive)• Higher dependency on space systems (both military and commercial)• Funding constraints (DoD budgets flat at best)

• Challenges to the Current Architecture• Inflexible constellations (hard to maintain and replenish)• Lack of Resilience• Technology Stagnation and lack of competitive forces• Shrinking Industrial Base• Rising Cost

• Current architecture does not adequately address these new challenges

• AFSPC developing future resilient/affordable architectures and near-term investment strategies

Compelling need for alternative space architecture optionsSMC Architecture Studies On-going – Next “Programs of Record” TBD

5

AFSPC Commander Announces Space Enterprise Vision

4/12/2016 - PETERSON AIR FORCE BASE, Colo. -- Commander of Air Force Space Command, announced the command's Space Enterprise Vision here today. The SEV is the result of an AFSPC-commissioned study that looked at how to make the nation's national security space enterprise more resilient.The August 2015 SEV study addressed the findings of several previous studies that identified the U.S. space enterprise is not resilient enough to be successful in a conflict that extends to space. The SEV also recognizes that acquisition and programmatic decisions can no longer occur in mission area stovepipes, but must instead be driven by an overarching space mission enterprise context.To guide the development of this future enterprise, the SEV proposes using a new optimizing concept called "resilience capacity" to characterize and evaluate space capabilities. Resilience capacity will measure how well space enterprise forces can respond to the full range of known threats, and how quickly they can adapt to counter future threats, while continuing to deliver space effects to joint and coalition warfighters. It will replace the traditional "functional availability" metric used for decades to plan and manage individual constellations, but which does not account for emerging threats.

6

Nano, Cube, Small…….Sats

Specificationsand

Standards Status

SMC Standard SMC-S-01131 July 2015

------------------------Supersedes:

SMC-S-011 (2008)

SPACE AND MISSILE SYSTEMS CENTER STANDARD

PARTS, MATERIALS, ANDPROCESSES CONTROL

PROGRAMFOR LAUNCH VEHICLES

9

SMC 011 Major Revision Completed

• ELV - JC 002• Initially published 08 May 1991

• Combined 1546 & 1547 in one ELV standard• Objective was to recognize unique aspects of ELV mission and “optimize”

PM&P mission assurance requirements• Short mission life• But carrying expensive, high value payloads• Driven by affordability

• Minor updates over the years and republished as SMC Standard SMC-S-011• 2015 initiative completed to update SMC-S-011

• Same objectives/drivers• Recognizing “suitability” of PM&P supply base to meet mission needs

based on overall system design• Allow flexibility for alternative PMP management approaches while

maintaining mission success • Recognize short mission life and redundancy impacts on PMP requirements• Leverage PM&P in supply base which can meet mission requirements

10

SMC 011 Parts Selection

• Mission critical Component • System/circuit performing a function required to meet the mission objectives

or flight safety requirements, regardless of redundancy or implementation scheme

• ELV Space PMP Baseline required for Category I • Category I - Mission Critical & Single String or Mission Critical & Single point

Failure• Program PMP Baseline allowable for Category II

• Category II - Mission Critical and Redundant• Selection based on WCCA, Worst Case Derating, Redundancy, Mission

reliability, Survivability• Prescribed part screening and class selection no longer required • Knowledge of manufacturer part control, technology, & failure modes

• Baseline established by Contractor and approved by Parts, Materials, & Processes Control Authority (PMPCA)

• Non Mission Critical Applications• Do no harm analysis

Supply Chain Risk Management

(SCRM)

12

SCRM Policy

Trusted Systems and Networks (TSN)• DoDI 5200.44, November 5, 2012

Protection of Mission Critical Functions to Achieve TrustedSystems and Networks

“Establishes policy and assigns responsibilities to minimize the risk that DoD’s warfighting mission capability will be impaired due to vulnerabilities in system design or sabotage or subversion of a system’s mission critical functions or critical components by foreign intelligence, terrorists, or other hostile elements.”

Counterfeit Prevention• DoDI 4140.67, April 26, 2013

DoD Counterfeit Prevention Policy“Establishes policy and assigns responsibilities necessary to prevent the introduction of counterfeit materiel at any level of the DoD supply chain”

13

• a. Mission critical functions and critical components within applicable systems shall be provided with assurance consistent with the criticality of the system and with their role within the system.

• c. Risk to the trust in applicable systems shall be managed throughout the entire system lifecycle. The application of risk management practices shall begin during the design of applicable systems and prior to the acquisition of critical components or their integration within applicable systems, whether acquired through a commodity purchase, system acquisition, or sustainment process. Risk management shall include TSN process, tools, and techniques to:

• (1) Reduce vulnerabilities in the system design through system security engineering. • (2) Control the quality, configuration, and security of software, firmware, hardware, and

systems throughout their lifecycles, including components or subcomponents from secondary sources. Employ protections that manage risk in the supply chain for components or subcomponent products and services (e.g., integrated circuits, field-programmable gate arrays (FPGA), printed circuit boards) when they are identifiable (to the supplier) as having a DoD end-use. DoDI 5200.44, November 5, 2012

• (3) Detect the occurrence of, reduce the likelihood of, and mitigate the consequences of unknowingly using products containing counterfeit components or malicious functions.

• (4) Detect vulnerabilities within custom and commodity hardware and software through rigorous test and evaluation capabilities, including developmental, acceptance, and operational testing.

• (5) Implement tailored acquisition strategies, contract tools, and procurement methods for critical components in applicable systems, to include covered procurement actions in accordance with Reference (f).

Policy Excerpts

14

• d. The identification of mission critical functions and critical components as well as TSN planning and implementation activities, including risk acceptance as appropriate, shall be documented in the Program Protection Plan (PPP)

• e. In applicable systems, integrated circuit-related products and services shall be procured from a trusted supplier accredited by the Defense Microelectronics Activity (DMEA) when they are custom-designed, custom-manufactured, or tailored for a specific DoD military end use (generally referred to as application-specific integrated circuits (ASIC)).

• 2. DIRECTOR, DMEA. The Director, DMEA, under the authority, direction, and control of USD(AT&L), shall, in coordination with DoD CIO and the Heads of the DoD Components, perform the accreditations of trusted suppliers, review those accreditations on an annual basis, issue follow-on guidance for the use of trusted suppliers, and establish criteria for accrediting trusted suppliers of integrated circuit-related products and services.

Policy Excerpts (cont)

15

Spectrum of Supply Chain Risks

QualityEscape

Reliability Failure

FraudulentProduct

Reverse Engineering

Malicious Insertion

InformationLosses

DoD Program Protection focuses on risks posed by malicious actors

Stolen data provides potential

adversaries extraordinary

insight into US defense and

industrial capabilities and allows them to save time and

expense in developing similar

capabilities.

Unauthorized extraction of

sensitive intellectual

property using reverse

engineering, side channel

scanning, runtime security analysis,

embedded system security weakness, etc.

The intentional insertion of

malicious hard/soft coding, or defect

to enable physical attacks or cause mission failure; includes logic

bombs, Trojan ‘kill switches’ and backdoors for unauthorized

control and access to logic and data.

Counterfeit and other than

genuine and new devices from the legally authorized source including

relabeled, recycled, cloned, defective, out-of-

spec, etc.

Mission failure in the field due to environmental

factors unique to military and aerospace

environment factors such as particle strikes, device aging,

hot-spots, electro-magnetic

pulse, etc.

Product defect/inadequacy

introduced either through mistake or negligence during

design, production, and post-production

handling resulting in the introduction

of deficiencies, vulnerabilities, and degraded life-cycle

performance.

COUNTERFEIT PARTS

17

Parts, Materials & Processes Space StandardsSMC-STD 010/011

• Existing comprehensive PM&P management/technical program• Historically, effective at assuring quality parts, but “silent” on subject of

counterfeit parts • SMC sponsored the update/revision of two PMP

Standards (Aerospace TORs) for Space and Launch Vehicles• Requires all PMP to be procured from the original qualified parts/materials

equipment manufacture (OEM), or it’s franchised/authorized distributor• Requires all parts be delivered with a certificate of compliance to military

specification or space-level-equivalent source control drawing• Requires contractor to approve subcontractor PMP• Requires contractor to establish date/batch number control and two-way

tractability for PMP used in flight hardware• Requires contractor to perform Destructive Physical Analysis (DPA)

consistent with program technical requirements and MIL-STD-1580

18

PMPCB / PMP Selection List

• PMPCB• Requires establishment of a Parts, Materials and Processes

Control Board (PMPCB) with the following responsibilities:• Review and approve all PMP• Establish and maintain all PMP lists• Review results of DPAs, Material Review Board (MRB) actions, and failure analysis.• Ensure laboratories and facilities used for screening and/or evaluation of PMP are adequate.• Establish and maintain a prohibited PMP list• Review all GIDEP, NASA, DOD, contractor, subcontractor and other agency PMP alerts,

advisories, and reports for relevance to items used in the system.

• PMP Selection List• parts and materials are technically justified with approved

and qualified sources of supply, approved procurement specifications, and defined application conditions

• Parts Procurement • All parts shall be procured from the part original equipment

manufacturer (OEM) or its franchised, fully authorized distributor, and shall come with an OEM certificate of compliance.

19

Additional Standards - Counterfeit

• SAE AS-5553A• Fraudulent/Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition

• MIL-STD-3018; w/CHANGE 2; 2 June 2015 • DEPARTMENT OF DEFENSE STANDARD PRACTICE - PARTS MANAGEMENT• 3.4 Counterfeit part. A suspect part that is a copy or substitute without legal right or authority

to do so or one whose material, performance, or characteristics are knowingly misrepresented by a supplier in the supply chain. Parts which have been refinished, upscreened, or uprated and have been identified as such, are not considered counterfeit.

• j. Counterfeit parts. The parts management plan shall address the detection, mitigation, and disposition of counterfeit parts. Electronic, electrical, and mechanical parts are to be addressed. AS5553 should be used as guidance for electronic parts.

• SAE AS6500 (Manufacturing Management Program) • SAE AS5553 Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition• 5.4.1 Supply Chain and Material Management

• d. Counterfeit Parts: The organization shall implement a counterfeit parts prevention program to prevent the acquisition and incorporation of counterfeit parts or parts embedded with malicious logic into factory and test equipment and delivered products. The program shall include procedures for prevention, detection, and reporting of counterfeit parts

Space

Industrial

Base

21

SMC Critical Technology Risk Assessment

Space Systems Engineering Database

SMEs

SPO Survey

CoPs and Working Groups

USG Working Groups

PEO/TEO

Government Partners

Program Anomalies

Industry Contacts

SMC Priorities

EMAC

Interviews

Forums and Conferences

Aero

spac

eG

over

nmen

tIn

dust

ry

Audits and Program Reviews

CTL Ranking

Leverages inputs from Government, Aerospace and Industry to identify technologies at risk

Unclassified

5

4

3

2

1

1 2 3 4 5

SEVERITY of CONSEQUENCE

LIK

ELI

HO

OD

22

ID Name

1 A40 Aluminum Packaging/House

2 Aerospace-Grade Rayon3 Ammonium Perchlorate4 Atomic Clocks 5 Bearings6 Carbon Fibers7 CCDs

8a CdZnTe Substrates for IR Detectors (111)

8b CdZnTe Substrates for IR Detectors (211)

9 Cellophane for Batteries10 Ceramic Packages11 Connectors12 Control Moment Gyros13 Cryocoolers14 Diode Glass15 Diodes16 Fast Steering Mirrors17 Fiber Optics Cable18 Fuel Valves19 Fuses20 GaAs FET21 Gas Valves and Regulators

22 Germanium Substrates for Solar Cells

23 Glass for Optics24 HBTs25 Helium26 Hermetic Tantalum Capacitors27 High Current Relays28 High Efficiency Power Supplies29 High Power Laser Diodes

30 High Speed Digital Electronics for Fiber Optics Systems

31 High-Power Solid State Amplifiers

32 IBC Detectors33 Infrared Dispersive Elements34 Integrated Optics Chips35 Lead Free Coatings36 Lightweight Structures

ID Name37 Liquid Rocket Engines38 Loop Heat Pipes39 Low CTE Glass40 Lubricant41 MMICs42 Nickel-Coated Graphite Powders43 NiH2 Batteries

44 non-volatile Memory/Flash Memory

45 OCXO and Resonators46 Optical Coating for Mirrors47 Optical Coatings for Solar Cells48 Optical Filter

49 Optical Mirror Materials -Beryllium

50 Optical Mirror Materials - SiC51 Ordnance52 Power MOSFETs53 Precision Foil Resistors54 Precision Gyroscopes55 Printed Wiring Boards56 Rad - Hard ASIC57 Rad-Hard FPGA58 Rare Earth Metals59 Reaction Wheel Assembly

60 Read-out Integrated Circuits (ROICs)

61 Rocket Fuels (Hydrazine)62 Rocket Fuels (N2O4)63 Sapphire Substrates64 Sensor Chip Assemblies65 Silver-Zinc Batteries 66 Slip Rings67 Solid Rocket Motors68 Star Tracker69 Super Luminescent Diodes70 Tantalum Chip Capacitors71 Transistors

72 Traveling Wave Tube Amplifiers (TWTAs).

73 Viscous Dampers

CTL Risk Matrix

5

4

3

2

1

1 2 3 4 5

SEVERITY of CONSEQUENCE

LIK

ELI

HO

OD

23

Wide Breath of IB Projects

Infrared Detectors

Batteries

Photovoltaics

Traveling Wave Tubes

Reaction Wheel Assemblies

Star Trackers

RL10 Rocket Engine

Radiation Hardened Electronics

Trusted Foundries/Services

24

• Objective: Demonstrate ability to scale up SLM processfor liquid rocket engine parts combined with a businesscase review of cost savings attributed to themanufacturing process change– Multiple liquid rocket engine programs– Multiple parts– Three large SLM machines– Three alloys

• Awarded to Aerojet Rocketdyne and managed by AFRLWrightPatterson AFB

• Different team members focusing on different alloys– University of Tennessee / ORNL – Al-10SiMg– Aerojet Rocketdyne – Inconel 718– Atlantic Precision – CuCr

• Multiple parts being evaluated– Structural housings (e.g., LOx impeller, gearbox) – Al-10SiMg– Ducts, fittings, tees elbows, housings, impellers – Inconel 718– Upgraded Thrust Chamber Assembly – CuCr

Additive Manufacturing

Committee on Foreign Investment in the United States

(CFIUS)

26

• The Committee on Foreign Investment in the United States (CFIUS) reviews foreign acquisitions, mergers and takeovers of U.S. businesses that raise national security issues.

• CFIUS, working by consensus, has the power to approve a transaction or send it to the President for his decision.

• CFIUS operates on statutory deadlines consisting of an initial 30-day review, a possible further 45-day investigation, and a possible Presidential decision lasting 15 days.

• CFIUS is chaired by the Department of Treasury (Treasury), and includes representatives from 15 other United States government departments, agencies and offices.

• While filing with CFIUS is generally voluntary, and the Committee reviews less than 10% of all inbound foreign transactions, it has the authority to compel a review of a transaction that is not filed voluntarily.

Committee on Foreign Investment in the United States (CFIUS)

27

• USD(AT&L). The USD(AT&L) shall:• a. Identify any effect on national security of a proposed CFIUS foreign acquisition of a

U.S. defense, or potential defense supplier, in areas for which the USD(AT&L) has responsibility, including the defense-related industrial base; research and development; defense cooperation relationships with foreign partners; defense procurement and logistics; and small business programs, specifically addressing whether the firm being acquired possesses critical defense technology under development or is otherwise important to the defense industrial and technological bases.

• b. Assess whether the U.S. firm possesses any critical technologies• c. Assess the likelihood and national security impact of any supply disruption based on

availability of alternative sources and the strategic objectives and economic viability of the acquiring firm

• d. Ensure adequate resources, in terms of staff and budget, are available for statutorily required monitoring and ensuring yearly compliance by foreign entities or their U.S. subsidiaries party to mitigation agreements with the Department of Defense for which USD(AT&L) is primarily responsible.

• DIRECTOR, NATIONAL RECONNAISSANCE OFFICE (NRO).• The Director, NRO, under the authority, direction, and control of the USD(I), shall, in

addition to the responsibilities in section 22 of this enclosure, evaluate CFIUS transactions to determine their impact and implications on overhead reconnaissance systems.

DoDI 2000.25

28

• Typical types of mitigation agreements that CFIUS mayrequire the parties to enter into depending on the level offoreign ownership, control, or influence.

• Board Resolution; Security Control Agreement; Special Security Agreement; ProxyAgreement; Voting Trust Agreement.

• Example CFIUS mitigation conditions:• Establishing a Security Committee, security officers and other mechanisms to ensure

compliance with required actions, including annual reports and independent audits;• Ensuring compliance with established guidelines and terms for handling existing or

future U.S. Government (“USG”) contracts and USG customer information;• Ensuring only U.S. persons handle certain products and services, and ensuring

that certain activities and products are located only in the United States;• Notifying relevant USG parties in advance of foreign national visits to the U.S.

business;• Notifying relevant USG parties of any material introduction, modification or

discontinuation of a product or service, as well as any awareness of anyvulnerability or security incidents; and

• Ensuring continued production of certain products for relevant USG parties forspecified periods;

• Requiring a proxy entity to perform certain functions and activities of the U.S.business.

Mitigation

Long-Term Strategy for DoD Trusted Foundry Needs

DASD(SE)

30

Ensuring Confidence inDefense Systems

• Threat:• Adversary who seeks to exploit vulnerabilities

to:• Acquire program and system information• Disrupt or degrade system performance • Obtain or alter US capability

• Vulnerabilities:• All systems, networks and applications• Intentionally implanted logic (HW/SW)• Unintentional vulnerabilities maliciously

exploited (e.g., poor quality or fragile code)• Controlled defense information resident on, or

transiting supply chain networks• Loss or sale of US capability that provides a

technological advantage• Consequences:

• Loss of data; system corruption• Loss of confidence in critical warfighting

capability; mission impact• Loss of US capability that provides a

technological advantage

Access points are throughout the acquisition life cycle…

…and across numerous supply chain entry points - Government- Prime, subcontractors- Vendors, commercial parts

manufacturers- 3rd party test/certification

activities

31

Trusted Integrated Circuit Supplier

Provides an assured “Chain of Custody” for both classified

and unclassified ICs

Protects the ICs from unauthorized attempts atreverse engineering, exposure of functionality or

evaluation of their possible vulnerabilities

Ensures that there willnot be any reasonable

threats related todisruption of supply

Prevents intentional or unintentional

modification or tampering of the ICs

Design Aggregate Mask Foundry Packaging/ Assembly

Test

Trusted Suppler

Trusted Supplier

Trusted Supplier

Trusted Supplier

Trusted Supplier

Trusted Supplier

32

Trusted Foundry Program

Only method to obtain quick-turn, Trusted microelectronics (protectingintegrity, confidentiality and availability)– Mitigates risk of hardware Trojan insertion per DoDI 5200.44– Protects Critical Program Information per DoDI 5200.39

Trusted Suppliers must meet a comprehensive set of security andquality criteria

– Facility Clearance, FOCI adjudication/mitigation– Cleared Chain of Custody– Information System Security– Configuration Management– Quality– Manufacturing Contingency Plan– Scrap Controls

33

Potential Access Points

Substrates

Materials

Masking IP

Physical DesignFoundry

Fab ToolSuppliers

Wafer Test

Bumping

Assembly

Packages

Tester EquipmentSuppliers

Electrical Test

Life Test

Environmental Test

Logic Design

Requirements

SpacecraftIntegration

EM Building

Box Building

Payload PrimeHigh-LevelDesign &

Partitioning

EDA ToolSuppliers

Possible offshore resources/vulnerability areas

Design development pathSupport elements

KEY:

34

Program Protection Planning Policy

• System Security Engineering is accomplished in the DoD through program protection planning (PPP)

• DoDI 5000.02 requires program managers to employ system security engineering practices and prepare a Program Protection Plan to manage the security risks to critical program information, mission-critical functions and information

• Program managers will describe in their PPP:• Critical Program Information, mission-critical functions and

critical components, and information security threats and vulnerabilities

• Plans to apply countermeasures to mitigate associated risks:• Supply Chain Risk Management• Hardware and software assurance

• Plans for exportability and potential foreign involvement• The Cybersecurity Strategy and Anti-Tamper plan are included

35

Long Term Trusted Foundry Strategy

Supports activities to ensure critical and sensitive integrated circuits are available to meet DoD needsProgram goals:• Protect microelectronic designs and intellectual property (IP) from espionage and manipulation• Advance DoD hardware analysis capability and commercial design standards, e.g., physical,

functional, and design verification and validation• Mature and transition new microelectronics trust model that leverages commercial state-of-the-

art (SOTA) capabilities and ensures future accessTechnical challenges:• Develop alternate trusted photomask capability to preserve long-term trusted access and

protection of IP• Scale/enhance the government’s ability to detect security flaws in integrated circuits• Leverage academic and industry research for assuring trust from any supplierProgram partners: • DoD science & technology (S&T), acquisition communities, academia, industry

Provides technical solutions that can be leveraged by government and industry to enable microelectronics trust

36

Joint Federated Assurance Center (JFAC)

The JFAC is a federation of DoD organizations that have a shared interest in promoting software and hardware assurance in defense acquisition programs, systems, and supporting activities. The JFAC member organizations and their technical service providers interact with program offices and other interested parties to provide software and hardware assurance expertise and support, to include vulnerability assessment, detection, analysis, and remediation services, and information about emerging threats and capabilities, software and hardware assessment tools and services, and best practices.

37

Joint Federated Assurance Center

• JFAC is a federation of DoD software and hardware assurance (SwA/HwA) capabilities and capacities• To support programs in addressing current and emerging threats and

vulnerabilities• To facilitate collaboration across the Department and throughout the

lifecycle of acquisition programs• To maximize use of available resources• To assess and recommend capability and capacity gaps to resource

• Innovation of SW and HW inspection, detection, analysis, risk assessment, and remediation tools and techniques to mitigate risk of malicious insertion• R&D is key component of JFAC operations• Focus on improving tools, techniques, and procedures for SwA and HwA to

support programs

• Federated Organizations• Army, Navy, AF, NSA, DMEA DISA, NRO, MDA laboratories and engineering

support organizations; Intelligence Community and Department of Energy

The mission of JFAC is to support programs with SwA and HwA needs

38

Summary

• SMC pro-active in assuring access to high reliability space qualified technology for current and future programs• S&T, Productization and Qualification of Space

Technology/Products/Supply base• Trusted / SCRM

• Industrial Base Risk Assessment and Mitigation Efforts• Space is niche market

• Extensive collaboration across space & DoD community• National Security Space (SMC, NRO, MDA)• NASA & Commercial Space• DoD “Non-space” Community