Supply Chain Security Technical Paper

+ Supply Chain Security Goes Digital Intel and Dell have spent years innovating to provide industry-leading solutions to help secure compute supply chains. Authors Patrick Bohart Director of Initiatives, Intel Rick Martinez Sr. Distinguished Engineer, Sr. Director at Dell Table of Contents Growing Attention to Supply Chain Security . Expanding the Definitions of Supply Chain and Supply Chain Security. Dell and Intel Roles Within Supply Chain Security . Physical Supply Chain Security. Digital Supply Chain Security . Traceability and Transparency . Device Trust. Resillience. Hygiene . Looking Forward. More Information. 1 1 2 2 3 3 4 4 4 5 6 Growing Attention to Supply Chain Security Recent high-profile attacks on critical infrastructure have pushed supply chain security into the news and helped foster new and emerging industry requirements and recommendations. The SolarWinds attack of 2020 within the U.S. Treasury Department, the White House’s Executive Order on America’s Supply Chain, and emerging standards and recommendations from organizations such as the National Institute of Science and Technology (NIST) highlight growing interest and investment in securing computer supply chains. Alongside the increase in incidents and headlines, there are also significant recent advances in supply chain security for IT infrastructure and devices. Industry leaders are innovating around modern supply chain security practices and technologies to augment existing approaches. Recent innovations in high tech manufacturing enable the highest levels of device traceability and transparency ever available. Dell and Intel have been leaders in developing innovative supply chain security capabilities, for their own products as well as for the industry more broadly. Expanding the Definitions of Supply Chain and Supply Chain Security Innovating around supply chain security requires broadening previous definitions of the supply chain itself. Traditionally, and depending on customer context, the supply chain for IT infrastructure and compute devices has focused on sourcing parts and materials, device manufacturing, and “last mile” product delivery to customers. Today, it is important to extend our conception of the supply chain across the entire lifecycle of the device, as shown in Figure 1. Suppliers Manufacture Integration Deployment Operation Figure 1. Defining the supply chain across the entire device lifecycle. This perspective spans sourcing, manufacture, integration, transfer, deployment, operation, and retirement of the device. Many leaders in supply chain security employ this lifecycle model to enable a holistic approach, ensuring that systems are built in the most secure manner possible and remain in the most secure posture possible as they travel through the integration channel and into their operational lifespans. Technical Paper | Supply Chain Security Goes Digital It is also important to expand the traditional definition of supply chain to include the concept of digital supply chain security, as illustrated in Figure 2. Discussion of supply chain security has typically focused on physical supply chain security (e.g., facilities, personnel, and tamper-evident packaging). Digital supply chain security expands this scope to encompass recording and tracking key information about a device’s entire lifespan, including details about how, when, and by whom it was manufactured and subsequently modified. Physical Supply Chain Security Digital Supply Chain Security Trusted people, factories, and suppliers Digital transparency, traceability, trust, and resilience Figure 2. Expanding supply chain security to include both physical and digital elements. Digital supply chain security is sometimes referred to as exposing and recording the digital DNA of the device, as represented in Figure 3, and then tracking that information in a secure, trusted, and reliable