

## **DDQA Workshop**

#### Housekeeping Items



- All conversations must remain at Distribution A level (No classified, FOUO, CUI, etc. )
- Attendee microphones are muted and videos are turned off.
- If you have a question for the presenter or panel, please submit through the Q&A button.
  - Questions will be answered at the end of the panel member talks
- If you dial in separately using your phone, link the phone connection with your assigned
   Zoom participant id
  - The participant id is 6 numbers seen by clicking on the the zoom screen



in the upper left of

- On your phone press #, enter the participant id, #
- If you have any logistical or connection issues:
  - Connect with Zoom support:
    - Zoom Troubleshooting Guidance: https://support.zoom.us/hc/enus/sections/200305593-Troubleshooting
    - Wireless Connection Issues: https://support.zoom.us/hc/enus/articles/201362463-Wireless-WiFi-Connection-Issues
  - Connect with the ERI Team desk via the 6Connex platform



## **DDQA** Agenda



| Late Afternoon Break: 15:55pm-16:05pm |                                                                                    |
|---------------------------------------|------------------------------------------------------------------------------------|
| 1605-1615                             | Introduction                                                                       |
|                                       | Brian Dupaix, Air Force Research Laboratory, Project Lead and Moderator            |
| 1615-1645                             | Data Driven Quantifiable Assurance Panel                                           |
|                                       | Brian Dupaix, Air Force Research Laboratory, Design Assurance, Risk Assessment and |
|                                       | Metrics                                                                            |
|                                       | G. Dave Via, Air Force Research Laboratory, Quantifiably Assured Manufacturing     |
|                                       | Glenn Berger, NSWC Crane, Verification and Validation                              |
|                                       | Jeff Krieg, NSA, Field Programmable Gate Array Assurance                           |
|                                       |                                                                                    |
| 1645-1745                             | Questions and Answers                                                              |





# Trusted and Assured Microelectronics Program

Data Driven
Quantifiable Assurance

Aug 2020



**UNCLASSIFIED** 



@DoDCTO



## **Assured Microelectronics Evolution**





T&AM/MINSEC Program is developing the secure ecosystem to assure SOTA performance for Modernization



## Trusted and Assured Microelectronics Strategic Approach



#### **Microelectronics - DoD's Top Modernization Priority**

We cannot expect success fighting tomorrow's conflicts with yesterday's weapons or equipment.

-National Defense Strategy



## Access to State of the Art Commercial Technology

Gaps:

DoD lags commercial CMOS ecosystem/ infrastructure

Approach:

Establish best practices for secure design, assembly, packaging, and test capabilities to support DIB and co-development of dual use electronics



## Data Driven Quantifiable Assurance

Threats to design and manufacturing in global supply chain

Secure full lifecycle confidentiality, Integrity, verification & validation, and supply chain for assured warfighters electronics



#### Address DoD Unique Needs

Increased sources for national strategic defense

Develop sustainable sources of mission essential niche radhard electronics capabilities, and specialized radio frequency and electro-optic components



## Create a Resilient and Robust Pipeline

Domestic and Allied Ecosystem to rapidly and securely mature emerging advanced technology

Invigorate secure pipeline for disruptive R&D transition, supply chain aware technology development, education and workforce.



## **Lifecycle Microelectronics Threats**





"Data collection and analysis methods must be developed and applied along the entire lifecycle, in a manner that does not introduce significant throughput impact or prohibitive cost penalties, in order to effectively counter security threats that include malicious insertion, fraudulent products, theft of IP, and quality and reliability failures."

— Dr. Lisa Porter, DUSD R&E, ERI Summit 2019





## **Data Driven Quantifiable Assurance**



Lifecycle assurance tools & techniques quantified & qualified for military use to develop & demonstrate "Zero-trust" Architecture with Quantifiable **Assurance and security standards!** 



Design Assurance

Design with Confidentiality

and Integrity

evaluation

IP Protection and

Quantified Assurance

#### Risk Assessment and Metrics

- Data Automation & Collection
- Mathematical Models
- Integration in Practice

#### **Manufacturing**

- Fab Data Product capture
- Post Silicon Inspection and Verification
- IC Personalization

#### Quantifiably Assured WWW Verification and Validation

- Design Verification
- Physical Verification
- Functional Verification

#### **FPGA Assurance**

0110101010010101011110 101001010101010100100 010101001100101010010 101001010101001010101 00101010101001010101000 01010101000101010101010

- FPGA Assurance Standards
- Detection and Prevention Capability
- Response/Analysis Capability

#### JFAC\*

- Federated capability to support Programs in HW and SW assurance
- Core Laboratories and Service Providers
- PPP Guidance and Support

Program\* **Development & Capabilities** 

PPP\* CPI

Design

Verify

Mask

**Fabrication** 

Pack. & tes Verify & validate Config. prog. SW

Integrate & test

Operation & maint.

UNCLASSIFIED



## Data Driven Quantifiable Assurance



Lifecycle assurance tools & techniques quantified & qualified for military use & commercial standards



Develop and demonstrate a Zero-trust Architecture with Quantifiable Assurance and security standards!



## **T&AM Data Driven Quantifiable Assurance**



#### "Zero-trust" principles





USD(R&E) efforts are establishing *Quantifiable Assurance (QA)* and an objective framework that identifies metrics and data to prove and measure confidentiality and integrity in the microelectronics lifecycle.





## **Summary & Keys to Modernization**



#### **Keys to Modernization**

- Address full microelectronics lifecycle "Zero-Trust" Architecture with data and metrics for Quantifiable Assurance
- Accelerate practice of protecting intellectual property through design
- Increase capability to verify and validate integrity of complex systems
- Enhance commercial partnerships to develop standards and promote assurance as a market differentiator
- Meet Programs where they are in the acquisition and sustainment cycle to increase lethality, improve readiness, and reduce vulnerabilities



#### **Keys to T&AM Execution**

- Microelectronics landscape continues to change....so does the world
- Service and Agency partnerships key to program success
- Build confidence in quantifiable assurance framework through successes and program aligned demonstrations
- Updating Policy and Guidance to enable modernization at the speed of relevance







## **Data Driven Quantifiable Assurance**



Lifecycle assurance tools & techniques quantified & qualified for military use to develop & demonstrate "Zero-trust" Architecture with quantifiable assurance and security standards!



Design Assurance

Design with Confidentiality

and Integrity

evaluation

IP Protection and

Quantified Assurance



- Data Automation & Collection
- Mathematical Models

#### Integration in Practice

### **Manufacturing**

- Fab Data Product capture
- Post Silicon Inspection and Verification
- IC Personalization

#### Quantifiably Assured WWW Verification and Validation

- Design Verification
- Physical Verification
- Functional Verification

#### **FPGA Assurance**

0110101010010101011110 101001010101010100100 010101001100101010010 101001010101001010101 00101010101001010101000 10111001010100101010101 01010101000101010101010

- FPGA Assurance Standards
- Detection and Prevention Capability
- Response/Analysis Capability

#### JFAC\*

- Federated capability to support Programs in HW and SW assurance
- Core Laboratories and Service Providers
- PPP Guidance and Support

Program\* **Development & Capabilities** 

PPP\* CPI

Design

Verify

Mask

**Fabrication** 

Pack. & tes Verify & validate Config. prog. SW

Integrate & test

Operation & maint.

UNCLASSIFIED