An audit by the Department of Defense’s inspector general office has revealed that Air Force Space Command’s supply chain is not well safeguarded, which leaves critical space systems — programs that provide strategic capabilities to the military — vulnerable to hardware and software attacks.

The audit, mandated by the Congress last year, reviewed the military’s supply chain risk management program for four critical systems — the Space Based Infrared System, the Air Force satellite control network, the family of advanced beyond line-of-sight terminals, and the global positioning system.

The Space Based Infrared System (SBIRS), which enables rapid detection of nuclear detonations, missile and space launches, was fully analyzed, while the Air Force satellite control network designed for seamless command, control and communication with space vehicles was part of a limited review. The other two space systems — for enabling satellite communication in the event of a nuclear explosion and navigation support across the globe — were also a part of the same limited review.

In order to keep the supply chain free from vulnerabilities, all DOD organizations, including the Air Force Space Command, have to identify critical information and communication components, get those parts from trusted suppliers, and conduct proper testing and evaluation to identify security threats.

Earth The Department of Defense revealed the Air Force's critical space systems are vulnerable to security risks. Pictured, Earth as viewed by Apollo 8. Photo: NASA/Image Science & Analysis Laboratory/ Johnson Space Center

However, the IG review revealed some major security flaws in the risk management effort. Essentially, the Air Force Space Command did not take thorough steps to establish controls and oversight required for sourcing critical components from trusted suppliers and keeping them from free from threats from a potential adversary.

The command neither mandated the purchase of application specific integrated circuits from accredited suppliers with proven processes nor conducted testing and evaluation as DOD risk management policy requires. Very similar security flaws, as the report stated, were found in the other three systems of the Air Force Space Command.

If not addressed soon, these security loopholes can give the nation’s adversaries an opportunity to infiltrate into the Air Force Space Command’s supply chain network, according to the IG. Once in, they can easily sabotage the network, which includes all phases of a system’s development or compromise the design, integrity of critical hardware, software, and firmware. They could even introduce a malicious function to compromise the system.

The report has given a series of recommendations to deal with the security risk. As SpaceNews reported, the Air Force Space and Missile Systems Center or the agency overseeing the Air Force’s Space Command has accepted the findings of the IG report and assured that necessary steps will be taken to control supply chain risk and ensure proper outsourcing of critical system components.

The complete inspector general report detailing the security flaws and necessary recommendations is available online.