{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,6]],"date-time":"2026-07-06T11:27:10Z","timestamp":1783337230820,"version":"3.54.6"},"reference-count":33,"publisher":"IGI Global Scientific Publishing","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,4]]},"abstract":"<jats:p>Higher education curricula, specialized degrees, and certificate programs related to cybersecurity are proliferating in response to student demand; faculty interest and expertise; employer demand; government and industry standards and funding; and the expectations of specialized, state, or regional accrediting agencies. These expanding academic programs, however, do not adequately address supply chain threats that affect national security. The authors assert that cyber supply chain risk management (C-SCRM), with a focus on hardware assurance, should be considered a critical aspect of cybersecurity and be included in higher education curricula to prepare the future cyber workforce to face challenges related to supply chain security and hardware assurance.<\/jats:p>","DOI":"10.4018\/ijsssp.2018040102","type":"journal-article","created":{"date-parts":[[2019,1,23]],"date-time":"2019-01-23T12:02:57Z","timestamp":1548244977000},"page":"14-27","source":"Crossref","is-referenced-by-count":5,"title":["The Need for Higher Education in Cyber Supply Chain Security and Hardware Assurance"],"prefix":"10.4018","volume":"9","author":[{"given":"Brian","family":"Cohen","sequence":"first","affiliation":[{"name":"Institute for Defense Analyses, Alexandria, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michelle G.","family":"Albert","sequence":"additional","affiliation":[{"name":"Institute for Defense Analyses, Alexandria, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Elizabeth A.","family":"McDaniel","sequence":"additional","affiliation":[{"name":"Institute for Defense Analyses, Alexandria, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2432","reference":[{"key":"IJSSSP.2018040102-0","author":"K.Bernstein","year":"2014","journal-title":"An example from the defense supply chain"},{"key":"IJSSSP.2018040102-1","doi-asserted-by":"crossref","unstructured":"Boyens, J. M., Paulsen, C., Bartol, N., Moorthy, R., & Shankles, S. (2012, October 16). Notional supply chain risk management practices for federal information systems (NIST IR 7622). Retrieved from https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2012\/nist.ir.7622.pdf","DOI":"10.6028\/NIST.IR.7622"},{"key":"IJSSSP.2018040102-2","doi-asserted-by":"crossref","unstructured":"Boyens, J., Paulsen, C., Moorthy, R., & Bartol, N. (2014, June). Supply chain risk management practices for federal information systems and organizations (NIST Second Draft SP 800-161). Retrieved from https:\/\/nvlpubs.nist.gov\/nistpubs\/specialpublications\/nist.sp.800-161.pdf","DOI":"10.6028\/NIST.SP.800-161"},{"key":"IJSSSP.2018040102-3","author":"J. A.Chandy","year":"2016","journal-title":"ECE 4095: Trustable computing systems"},{"key":"IJSSSP.2018040102-4","unstructured":"Committee on National Security Systems (CNSS). (2017, July 26). Supply chain risk management (CNSS Directive 505). Retrieved from https:\/\/federalnewsradio.com\/wp-content\/uploads\/2017\/08\/CNSSD_505_Final2-Published-08-01-2017.pdf"},{"key":"IJSSSP.2018040102-5","unstructured":"Congressional Research Service. (2018, June 29). Cyber supply chain risk management: An introduction. In Focus. Retrieved from https:\/\/fas.org\/sgp\/crs\/homesec\/IF10920.pdf"},{"key":"IJSSSP.2018040102-6"},{"key":"IJSSSP.2018040102-7","unstructured":"Defense Acquisition University. (2017, November 6). Hardware assurance. In Defense Acquisition Guidebook (Ch. 9, Sec. 3.2.4)."},{"key":"IJSSSP.2018040102-8","unstructured":"Department of Defense (DoD) Chief Information Officer (DoD CIO). (n.d.). The DoD cyber workforce framework (DCWF). Retrieved from https:\/\/dodcio.defense.gov\/Cyber-Workforce\/dcwf.aspx"},{"key":"IJSSSP.2018040102-9","unstructured":"DoD CIO & the Under Secretary of Defense for Acquisition. Technology and Logistics (USD[AT&L]). (2012, November 5). Protection of mission critical functions to achieve trusted systems and networks (TSN) (DoD Instruction 5200.44, Incorporating Change 2, July 27, 2017). Retrieved from https:\/\/fas.org\/irp\/doddir\/dod\/i5200_44.pdf"},{"key":"IJSSSP.2018040102-10","unstructured":"DoD CIO. (2014, March 12). Risk management framework for DoD information technology (IT) (DoD Instruction 8510.01 Incorporating Change 2, July 28, 2017). Retrieved from http:\/\/www.esd.whs.mil\/Portals\/54\/Documents\/DD\/issuances\/dodi\/851001_2014.pdf"},{"key":"IJSSSP.2018040102-11"},{"key":"IJSSSP.2018040102-12","unstructured":"Joint Task Force on Cybersecurity Education. (2017, December 31). Cybersecurity curricula2017. Retrieved from https:\/\/cybered.hosting.acm.org\/wp-content\/uploads\/2018\/02\/newcover_csec2017.pdf"},{"key":"IJSSSP.2018040102-13","doi-asserted-by":"publisher","DOI":"10.17226\/24676"},{"key":"IJSSSP.2018040102-14","unstructured":"National Institute of Standards and Technology (NIST). (n.d.). Cyber supply chain risk management. Retrieved from https:\/\/csrc.nist.gov\/Projects\/Supply-Chain-Risk-Management"},{"key":"IJSSSP.2018040102-15","unstructured":"National Institute for Standards and Technology (NIST). (2004, February). Standards for security categorization of federal information and information systems (Federal Information Processing Standard [FIPS] 199). Retrieved from https:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.199.pdf"},{"key":"IJSSSP.2018040102-16","unstructured":"National Institute for Standards and Technology (NIST). (2010, February). Guide for applying the risk management framework to federal information systems (NIST SP 800-37 Revision 1). Retrieved from https:\/\/nvlpubs.nist.gov\/nistpubs\/specialpublications\/nist.sp.800-37r1.pdf"},{"key":"IJSSSP.2018040102-17","unstructured":"National Science Foundation (NSF). (n.d.). Cyber-Physical Systems. Retrieved from https:\/\/www.nsf.gov\/funding\/pgm_summ.jsp?pims_id=503286"},{"key":"IJSSSP.2018040102-18","unstructured":"National Security Agency (NSA) Central Security Service. (CSS). (2018, July 3). National Centers of Academic Excellence. Retrieved from https:\/\/www.nsa.gov\/resources\/students-educators\/centers-academic-excellence\/#defense"},{"key":"IJSSSP.2018040102-19","unstructured":"National Security Agency (NSA) & the Department of Homeland Security (DHS). (n.d.). Centers of Academic Excellence in Cyber Defense (CAE-ED) 2019 Knowledge Units. Retrieved from https:\/\/www.iad.gov\/NIETP\/documents\/Requirements\/CAE-CD_2019_Knowledge_Units.pdf"},{"key":"IJSSSP.2018040102-20","unstructured":"Naval Postgraduate School Acquisition Research Program. (2017). 14th Annual Acquisition Research Symposium. Monterey: CA. Retrieved from https:\/\/www.researchsymposium.com\/conf\/app\/researchsymposium\/home#!\/page\/38"},{"key":"IJSSSP.2018040102-21","doi-asserted-by":"crossref","unstructured":"Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017, August). National initiative for cybersecurity education (NICE) cybersecurity workforce framework (NIST SP 800-181). Retrieved from https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-181.pdf","DOI":"10.6028\/NIST.SP.800-181"},{"key":"IJSSSP.2018040102-22","unstructured":"Nissen, C., Gornager, J., Metzger, R., & Rishikof, H. (2018, August). Deliver uncompromised: A strategy for supply chain security and resilience in response to the changing character of war. McLean, VA: The MITRE Corporation. Retrieved from https:\/\/www.mitre.org\/sites\/default\/files\/publications\/pr-18-2417-deliver-uncompromised-MITRE-study-8AUG2018.pdf"},{"key":"IJSSSP.2018040102-23","unstructured":"Office of the Under Secretary of Defense for Acquisition and Sustainment. (OUSD[A&S]) & Office of the Deputy Assistant Secretary of Defense for Manufacturing and Industrial Base Policy (DASD MIBP). (2018, March). Fiscal Year 2017 Annual industrial capabilities report to Congress. Retrieved from https:\/\/www.businessdefense.gov\/Portals\/51\/Documents\/Resources\/2017%20AIC%20RTC%2005-17-2018%20-%20Public%20Release.pdf?ver=2018-05-17-224631-340"},{"key":"IJSSSP.2018040102-24","unstructured":"Putchinski, L. B. (1998). Case study of curriculum change in a College of Business Administration. [Doctoral Dissertation]."},{"key":"IJSSSP.2018040102-25","unstructured":"Toombs, W., & Tierney, W. (1992). Meeting the mandate: Renewing the college and departmental curriculum. Washington, D.C.: George Washington University (ERIC Document Reproduction Service No. ED347957)."},{"key":"IJSSSP.2018040102-26","unstructured":"Tehranipoor, M. (n.d.). EEL 4714\/5716: Introduction to hardware security and trust. Storrs, CT: University of Connecticut. Retrieved from http:\/\/tehranipoor.ece.ufl.edu\/hst.html"},{"key":"IJSSSP.2018040102-27","unstructured":"The White House. (2008a). The comprehensive national cybersecurity initiative. Retrieved from https:\/\/obamawhitehouse.archives.gov\/node\/233086"},{"key":"IJSSSP.2018040102-28","unstructured":"The White House. (2008b, January 8). Cybersecurity policy (NSPD-54\/HSPD-23). Retrieved from https:\/\/fas.org\/irp\/offdocs\/nspd\/nspd-54.pdf"},{"key":"IJSSSP.2018040102-29","unstructured":"Under Secretary of Defense for Intelligence. (USD[I]) & Under Secretary of Defense for Acquisition, Technology and Logistics (USD[AT&L]). (2015, May 28,). Critical program information (CPI) protection within the Department of Defense (DoD Instruction 5200.39 Incorporating Change 1, November 17, 2017). Retrieved from http:\/\/www.esd.whs.mil\/Portals\/54\/Documents\/DD\/issuances\/dodi\/520039p.pdf"},{"key":"IJSSSP.2018040102-30","unstructured":"University of Connecticut. (n.d.). Center for Hardware Assurance, Security, and Engineering. Retrieved from http:\/\/chase.uconn.edu\/"},{"key":"IJSSSP.2018040102-31","unstructured":"University of Maryland. (n.d.). ENEE459B: Reverse engineering and hardware security laboratory. Retrieved from http:\/\/www.ece.umd.edu\/undergrad\/courses\/400-level\/enee459b"},{"key":"IJSSSP.2018040102-32","author":"M.van Dijk","year":"2017","journal-title":"ECE4451 and CSE5451: Hardware security"}],"container-title":["International Journal of Systems and Software Security and Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=221920","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T08:52:46Z","timestamp":1651827166000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJSSSP.2018040102"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2018,4]]},"references-count":33,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.4018\/ijsssp.2018040102","relation":{},"ISSN":["2640-4265","2640-4273"],"issn-type":[{"value":"2640-4265","type":"print"},{"value":"2640-4273","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,4]]}}}