

Nov 01, 2023

Department of Defense
OFFICE OF PREPUBLICATION AND SECURITY REVIEW



October 19, 2023





#### OFFICE OF THE SECRETARY OF DEFENSE 3140 DEFENSE PENTAGON WASHINGTON, DC 20301-3140

## MEMORANDUM FOR UNDER SECRETARY OF DEFENSE FOR RESEARCH AND ENGINEERING

SUBJECT: Executive Summary of the Secure Electronic Processing Task Force

I am pleased to forward the executive summary of the Defense Science Board Task Force on Secure Electronic Processing, chaired by Dr. Robert Wisnieff.

The security, availability, and reliability of electronic equipment, information technology systems, and embedded systems are at risk in an operational environment where abundant threats exist that endanger system capability. Department of Defense (DoD) technological capabilities must be protected from threats that exploit hardware and software vulnerabilities that are inherent in system design. Commercially available secure processors are increasingly available that have dual-use security solutions is of paramount interest to the DoD.

The recommendations proposed by the Task Force, if implemented, create solutions to mitigate vulnerabilities and increase the resilience of the DoD's electronic systems.

I fully endorse all of the Task Force's recommendations and urge their careful consideration and soonest adoption.

Dr. Eric Evans

Chair, Defense Science Board

Jan D Grans





### OFFICE OF THE SECRETARY OF DEFENSE 3140 DEFENSE PENTAGON WASHINGTON, DC 20301-3140

### MEMORANDUM TO THE CHAIRMAN, DEFENSE SCIENCE BOARD

SUBJECT: Executive Summary of the Secure Electronic Processing Task Force

In a world of ever-changing threats to electronic systems and equipment, it is incumbent on the Department of Defense (DoD) to have secure processors and technologies capable of protecting needed systems and its assets from the potential exploitation of hardware and software vulnerabilities inherent in system design. In assessing these options, it is also important to consider the availability of commercial capacity for secure processors to leverage dual-use security solutions paramount interest to the DoD.

The Secure Electronic Processing Task Force was established to provide advice and recommendations on implementing such solutions to mitigate vulnerabilities and increase the resilience of the DoD's electronic systems. The Task Force considered the following:

- Commercial secure processors to determine dual-use applications in support of the DoD missions.
- Susceptibility of commercial secure processor vulnerabilities.
- Alternatives to acquisition of commercial secure processors.
- Suitability for technology protection.
- Extent to which Creating Helpful Incentives to Produce Semiconductors Act of 2022 (CHIPS Act) opens further opportunities for developing commercial secure processors.

The recommendations proposed by the Task Force, if implemented, create solutions to mitigate potential hardware and software vulnerabilities and offer options for fostering technology protection to increase the resilience of the DoD's electronic systems.

I offer my sincerest admiration, respect, and thanks to the Task Force team (members, government advisors, and staff) for their contributions to this important effort.

Dr. Robert Wisnieff

Chair, Secure Electronic Processing Task Force

Robert Word

## **Appendix A: Terms of Reference**



### UNDER SECRETARY OF DEFENSE

3030 DEFENSE PENTAGON WASHINGTON, DC 20301-3000

- 9 NOV 2022

#### MEMORANDUM FOR CHAIR, DEFENSE SCIENCE BOARD

SUBJECT: Terms of Reference – Defense Science Board Task Force on Secure Electronic Processing

The security, availability, and reliability of electronic equipment, information technology systems, and embedded systems are at risk in an operational environment where abundant threats exist that endanger system capability. Department of Defense (DoD) technological capabilities must be protected from threats that exploit hardware and software vulnerabilities that are inherent in system design. Commercially available secure processors are increasingly available that have utility in both government and commercial applications. Evaluating and understanding these dual-use security solutions is of paramount interest to the DoD.

I am establishing the Task Force on Secure Electronic Processing ("the Task Force") as a subcommittee of the Defense Science Board (DSB) to provide advice and recommendations on implementing solutions to mitigate vulnerabilities and increase the resilience of DoD's electronic systems. The DSB, working through the Task Force, should:

- Evaluate commercial secure processors to determine dual-use applications in support of DoD missions;
- Evaluate susceptibility of commercial secure processor vulnerabilities;
- Examine alternatives to acquisition of commercial secure processors;
- · Examine suitability for technology protection; and
- Assess whether the Creating Helpful Incentives to Produce Semiconductors Act of 2022 (CHIPS Act) opens any opportunities for developing commercial secure processors.

The Task Force findings, observations, and recommendations will be presented to the full DSB for its thorough, open discussion and deliberation at a properly noticed and public meeting, unless it must be closed pursuant to one or more of the Government in the Sunshine Act exemptions. The DSB will provide its findings and recommendations to the USD(R&E) as the Sponsor of the DSB. The nominal start date of the study period will be within 30 days of the initial appointment of Task Force members. In no event will the duration of the Task Force exceed 12 months from the start date.

In support of this Terms of Reference (ToR) and the work conducted in response to it, the DSB and the Task Force have my full support to meet with Department leaders. The DSB staff,

on behalf of the DSB and the Task Force, may request the Office of the Secretary of Defense and DoD Component Heads to timely furnish any requested information, assistance, or access to personnel to the DSB or the Task Force. All requests shall be consistent with applicable laws; applicable security classifications; DoD Instruction 5105.04, "Department of Defense Federal Advisory Committee Management Program"; and this ToR. As special government employee members of a DoD federal advisory committee, the DSB and the Task Force members will not be given any access to DoD networks, to include DoD email systems.

Once material is provided to the DSB and the Task Force, it becomes a permanent part of the DSB's records. All data/information provided is subject to public inspection unless the originating Component office properly marks the data/information with the appropriate classification and Freedom of Information Act exemption categories before the data/information is released to the DSB and the Task Force. The DSB has physical storage capability and electronic storage and communications capability on both unclassified and classified networks to support receipt of material up to the TS/SCI level.

The DSB and the Task Force will operate in conformity with and pursuant to the DSB's charter, the Federal Advisory Committee Act (5 United States Code (U.S.C.), Appendix), the Government in the Sunshine Act (5 U.S.C. § 552b), and other applicable federal statutes, regulations, and policy. Individual DSB and Task Force members and the Task Force as a whole do not have the authority to make decisions or provide recommendations on behalf of the DSB nor report directly to any Federal representative. The members of the Task Force and the DSB are subject to certain Federal ethics laws, including 18 U.S.C. § 208, governing conflicts of interest, and the Standards of Ethical Conduct regulations in 5 Code of Federal Regulations, Part 2635.

Heidi Shyu

Hirl Sh

# **Appendix B: Membership**

| Task Force Chair    |     |
|---------------------|-----|
| Dr. Robert Wisnieff | IBM |

| DSB Secretariat        |                                       |
|------------------------|---------------------------------------|
| Ms. Elizabeth Kowalski | Senior Advisor, Defense Science Board |

| Executive Secretary |           |
|---------------------|-----------|
| Mr. D. Todd Spates  | OUSD(A&S) |

| Membership           |                                       |
|----------------------|---------------------------------------|
| Dr. Eric Evans       | MIT-LL                                |
| Dr. Robert Grossman  | University of Chicago                 |
| Dr. Paul Kaminski    | Technovation, Inc.                    |
| Dr. John Manferdelli | VMware                                |
| Dr. Sanjay Raman     | University of Massachusetts – Amherst |

| Subject Matter Experts      |                                       |
|-----------------------------|---------------------------------------|
| Hon. William Schneider, Jr. | International Planning Services, Inc. |
| Mr. Peter Verga             | Private Consultant                    |

| Government Advisors |           |
|---------------------|-----------|
| Mr. Pio Arroyo      | OUSD(R&E) |
| Dr. Walter Weiss    | OUSD(I&S) |

| Analytical Support |                          |
|--------------------|--------------------------|
| Mr. Marcus Hawkins | Strategic Analysis, Inc. |