NCCoE unveils final project description for manufacturing supply chain traceability using blockchain technology
The National Institute of Standards and Technology (NIST) published Wednesday the final project description demonstrating traceability across manufacturing domain stakeholder blockchain-related technologies enabled ecosystems to determine the authenticity of products for use in critical infrastructures. Led by the National Cybersecurity Center of Excellence (NCCoE), the project will continue building on ongoing efforts to demonstrate the role that blockchain-related technologies may play to improve manufacturing supply chain traceability.
The NCCoE project aims to demonstrate traceability across manufacturing domain stakeholder blockchain-related technologies enabling ecosystems to determine the authenticity of products for use in critical infrastructures. The project will continue building on NCCoE’s ongoing efforts to demonstrate the role that blockchain-related technologies may play to improve manufacturing supply chain traceability. The project will result in a freely available NIST Cybersecurity Practice Guide.
By introducing the concept of a manufacturing supply chain ‘traceability chain,’ consisting of a series of manufacturing traceability records written to industry-specific ecosystem blockchain-related technologies. The traceability chain is intended to provide supply chain visibility from the end users to the original components.
The project description describes a Traceability Chain Minimum Viable Product (MVP) reference implementation as a starting point for further research and refinement. NCCoE cybersecurity experts will address this challenge through collaboration with a Community of Interest, including vendors of cybersecurity solutions. The resulting reference design will detail an approach that can be incorporated across multiple sectors.
The MVP will implement specific manufacturing and critical infrastructure domains, covering microelectronic chip manufacturers, OT (operational technology) manufacturers, and critical infrastructure. MVP manufacturers and critical infrastructure operators are stakeholders of their respective manufacturing ecosystems. Each stakeholder has an identity that is unique across the MVP.
The project also describes an MVP Reference Implementation (RI) of manufacturing supply chain ecosystems to illustrate product traceability across microelectronic and OT supply chains to critical infrastructure operators.
Titled ‘Manufacturing Supply Chain Traceability with Blockchain-Related Technology,’ the project addresses organizations that cannot distinguish between trustworthy and untrustworthy products readily. “Having a repeatable, quick, and provable means to determine if a product is trustworthy is a critical foundation of cybersecurity supply chain risk management.”
The document recognizes that supply chains supporting critical infrastructure become more complex and the origins of products become harder to discern, efforts are emerging that improve the traceability of goods by exchanging traceability data records using ecosystems enabled by distributed ledger technologies (DLTs) and other blockchain-related technologies that provide provenance and integrity.
The document identifies the key challenges in the manufacturing supply chain to improve the visibility, integrity, and permanence of the manufacturing supply chain product pedigree. The initial claim of product authenticity by a manufacturer needs to survive the lifetime of the manufacturer through mergers, acquisitions, and dissolution. It also improves the visibility and integrity of provenance across tiers of manufacturers. The existing process of tracking provenance via bilateral exchange of traceability information between buyer and seller is complicated, and non-permanent, where information may be lost or further obscured during mergers, acquisitions, and dissolutions.
The project describes and delivers a reference implementation of a potential manufacturing supply chain traceability mechanism that demonstrates the manufacturers’ ability to post traceability records to their respective industry ecosystem DLTs. Each traceability record written to the DLT links to the prior traceability record(s), going back to the original traceability record(s) where the traceability record links to the originating manufacturer. It also looks into establishing traceability record links and forms as an immutable traceability chain. Traceability records can link to multiple prior traceability records in the case of combining components in higher-order assemblies and products.
The project also associates traceability records linked to relevant contexts. In addition to linking to previous traceability records, traceability records point to relevant context such as the author (e.g., who wrote the record) and additional data in external repositories as needed. It also establishes traceability record links to external data as required. In addition to the minimal data in the traceability record, traceability can link to external data as needed with appropriate access controls for larger data sets, images, audio, video, etc.
The NCCoE project delivers an MVP RI that demonstrates manufacturers joining their respective blockchain-related technology-enabled ecosystems; demonstrates manufacturers writing and linking traceability records; and showcases critical infrastructure operators reading the traceability chain to inform their assessment of whether to employ the manufactured product. It also uses microelectronics, OT, and critical infrastructure as example domains, and positions the MVP RI as a starting point for future research and refinement.
The document also includes high-level architecture that develops the structure of the MVP components, expressed in a server/host architecture context. The description then continues to develop the data structure of traceability records and the resulting traceability chain by stepping through the lifecycle of using traceability records to create a traceability chain.
The latest document builds on the NCCoE’s April release of the draft project description that introduces the concept of a manufacturing supply chain traceability, made up of a series of manufacturing traceability records written to industry-specific ecosystem blockchain-related technologies.
Related
