SUPPLY-CHAIN SECURITYThwarting Threats in the Supply Chain

By Linh Truong

Published 31 October 2024

Exploding pagers, a bridge in Baltimore collapsed by a cargo ship, and hacks on a water system in rural Texas. All spotlight vulnerabilities in our complex, global supply chain.

Exploding pagers, a bridge in Baltimore collapsed by a cargo ship, and hacks on a water system in rural Texas. All spotlight vulnerabilities in our complex, global supply chain.

Researchers at Pacific Northwest National Laboratory (PNNL), like Jess Smith, are familiar with the challenges and consequences. Smith is an expert in supply chain risk management (SCRM) for cyber systems who has dedicated her career looking at potential weaknesses in the nation’s infrastructures to ‘fix them before the bad guys find them.’

At PNNL, these efforts focus on taking a wider look at the system through the supply chain’s lifecycle and subcomponents to determine the big-picture risks. Researchers are developing secure cyber processes through maturity models, which identify bottlenecks and areas of improvement and enable ongoing improvement; electronic component and device verification and validation; and system resiliency analyses.

For Smith, success means assessing supply chains for cyber systems and identifying solutions that can be implemented at a national scale.

Building a Fixable Computer
Shortly after graduating from a technical charter high school, Smith found herself working in various computer repair shops as she moved around the country with her husband, who was in the military. She quickly realized that computers weren’t built to be easily repaired. Her frustration convinced her to go back to school to design computers that could be more easily fixed.

At the University of Idaho while studying computer engineering, a professor recommended that she take a cybersecurity class. She realized that solving cybersecurity challenges, both in class or in the real world, wasn’t about finding only the right and wrong approaches but more centered on the many different possible approaches.

“I loved it!” said Smith. “I realized I wanted to shift my focus to building things that are secure and underpin our lives, like keeping the lights on in our communities or providing people with clean water.”

Collaboration and Consensus
Smith and PNNL were partnering with other national laboratories, academia, and industry 10 years before the White House issued executive orders to elevate support of supply chain and cybersecurity measures in 2021, requiring interagency compliance with SCRM.