The National Security Agency has released a report providing guidance on characterizing threats to defense microelectronics.
The Cybersecurity Technical Report defines three levels of hardware assurance and outlines steps on how to implement them to protect custom microelectronic components used in Department of Defense systems, NSA said Thursday.
These custom microelectronic parts include field programmable gate arrays, application-specific integrated circuits and other components containing reprogrammable digital logic.
NSA’s Joint Federated Assurance Center identified the three levels of hardware assurance that DOD programs can apply to top-level systems and critical components.
For the first level of assurance, essential defense capabilities will remain available during a system failure but subversion of a system can cause harm to U.S. property, personnel or interests.
Under LoA2, the failure of a system can cause serious harm to personnel or property and that essential operational capabilities may be degraded. Under LoA3, system failure can result in extremely grave consequences and interrupt DOD’s essential operational capabilities.
Once the appropriate level of assurance is determined, the customized microelectronics part is analyzed to identify potential threats to the manufacturing process, according to the document.
Threats are defined by cost and utility characteristics. Cost characteristics include access, technology and investment, while utility characteristics are targetability and value of effect.