Nuclear Security Implications of Counterfeit, Fraudulent, and Suspect Items (CFSI)

The commercial supply chain, to include the nuclear supply chain, is ever more expansive as globalization offers producers and suppliers, alike, with more affordable items as a consequence of increased competition and greater availability. However, this globalization complicates the supply chain, and diminishes or completely prevents the transparency and traceability of items as they change hands on their way to the final customer. This lack of transparency in production practices or traceability of item integrity allows for the pervasive issue of CFSI infiltration to take place on a grand scale. CFSIs do not undergo the same rigorous quality assurance procedures as legitimate items and deviate from prescribed specifications. Within the nuclear supply chain, CFSIs can diminish the integrity of equipment, systems, structures, components or devices that may be critical to nuclear safety and/or nuclear security. The inadvertent introduction or malicious insertion of CFSIs within the nuclear security supply chain could lead to the occurrence of a nuclear security event, due to premature or unexpected part failure or performance. CFSIs may be inserted for financial gain or based on malicious intent; however, independent of the motivation for the insertion, the creation of CFSIs is intentional. CFSIs are a concern from a nuclear security perspective in many forms. Computer components from previously disposed systems that are repackaged and sold as new, computer hardware that has been altered to allow for adversaries to access sensitive information through undisclosed backdoors, and construction hardware that is misrepresented as being a higher grade than actually are all examples of CFSIs that can cause nuclear security implications.
The focus of the one-year duration CRP (June 2023-May 2024) is to coordinate numerous individual projects that when combined will represent a holistic approach for minimizing the likelihood that CFSI could initiate a nuclear security event. The best way to accomplish this is to develop methods (tools and processes) for identifying CFSIs at all stages of the supply chain, including after installation. The implementation of measures to accomplish this goal will enhance the reliability and confidence of the components (hardware and software) that comprise the systems upon which a nuclear security regime is reliant. Additionally, the close cooperation between customers, suppliers, and producers will enhance the trust between each entity, while allowing for verification activities to be conducted. Additionally, the implementation of measures to address CFSIs enhances nuclear security, but also nuclear safety. CFSIs will never be eradicated, but it is necessary for the issue to be actively addressed due to the potential consequences of an inserted CFSI within the nuclear supply chain.