DHS created the Information and Communications Technology Supply Chain Risk Management Task Force to determine whether tweaks should be made to Federal Acquisition Regulation rules that require the government to purchase certain IT and communications products only from the original manufacturer or authorized resellers.
However, Bob Kolasky, co-chairman of the task force, told FCW in December 2018 that the group will focus less on technological solutions, such as identity and authenti- cation, and more on building better decision-making pro-
authentication for hardware using diamonds. In fact, the company’s name stands for Diamond Unclonable Security Tag.
Founded in 2018 by former MIT Media Lab researcher Ophir Gaathon, the company is developing tags composed of microscopic diamond dust that can be applied in a variety of ways — such as spray coating, dipping or applying with stickers — onto devices, parts and components. Gaathon said the process creates a very complex fingerprint that can be used to catalogue and scan items for identity and provenance.
Why dia- monds? “You really want a material that lasts forever... where there’s no concern about degra- dation of the technology over time,” he said.
Gaathon told FCW the com- pany purchases bulk diamond dust from the abrasive indus- try that is con- sidered waste because the particles are too small to be of value. The dust is then purified
and nanoengineered to insert defects that can store unique identifying information. It’s the same principle underlying a 2017 study by MIT researchers that found diamond-defect optical circuits could store information to advance the development of quantum computing.
Gaathon said projects like his and DARPA’s are coming to the forefront now for two interconnected reasons. First, policymakers have only recently begun to give supply chain security the level of attention it deserves. Second, incorpo- rating electronic components into critical infrastructure over the years, including industrial control systems and voting equipment, has created an ever-increasing attack surface for hackers and nation-states to probe.
“People just realized that we don’t really know where things are coming from, and we don’t have good measures and good processes to secure the supply chain,” Gaathon said. n
tocols for risk Bill Evan- ina, director of the Nation- al Counter-
intelligence
and Security
Center, told
FCW last year
that rather
than attempt
to unwind
the supply
chain at a
macro level,
national secu-
rity officials
are telling
manufactur-
ers and con-
tractors that
they will be
held respon-
sible for any
defects or vul-
nerabilities in their products, no matter how far down the chain they go.
To effectively serve as a practical solution for manu- facturers, SHIELD’s dielets must overcome a number of hurdles. Current technologies, such as barcodes and RFID tags, are ineffective or expensive to use at scale, meaning production costs for the dielets must be extremely low.
Leef said the project is targeting a price point of 1 cent per dielet. “If you think about it, attaching this thing that costs one penny to an object whose provenance you want to track seems like an attractive value proposition,” he added.
Diamonds are forever
Meanwhile, a startup company is working on technology that is similar to SHIELD’s silicon-based dielets but with a twist. DUST Identity aims to accomplish the same kind of
management in the private sector.
January/February 2019 FCW.COM 47