Governments, corporations, and consumers embattled by relentless cyberattacks have a growing imperative for secure supply chain assurance. Current industry standards have proven insufficient in mitigating supply chain risks from compromise and attacks. Many critical systems (cloud software, weapon systems, expert systems, human, and modeling/simulation) rely on extensive networks of interconnected capabilities. These interconnected systems encompass sensitive processes and data used for configuration, operations, and training.

Following Executive Order 10428, Improving the Nation’s Cybersecurity, supply chain industry has observed a resurgence in the adoption of Software Bills of Materials (BOMs). Building on SBOM adoption, xBOM pattern exhibits the potential to streamline communication about all aspects of the supply chain from boardroom to battlefield. Broad applicability across various asset classes requires adaptable metadata patterns and structures that surpass domain specific limitations while maintaining provenance across dozens of layers of sub-dependencies. Data set operations prior to introduction into a model make creating these structures elusive.

Unauthorized data manipulation for AI algorithms has serious consequences. Corrupt data compromises the integrity of AI models and leads to inaccurate predictions, biased outcomes, and detrimental decisions. Physical security relies on defense in depth, where exterior cameras detect perimeter motion, keyed locks protect the front door, elevators control floor access via a badge, and a hand palm reader protects the research laboratory door. Layered cybersecurity architectures follow similar principles in protecting various aspects of DoD networks. However, additional security techniques are necessary to observe the myriad of atomic data manipulation and fundamental zero trust principles. 

Explicit deterministic steps compose the processes driven by software and data pipelines. This paper will document the processes required for observing and cataloging the data the input(s), commands, environmental characteristics, and output(s), including cryptographic hashing, prior to inclusion in an [x]BOM fabric to establish provenance with high-confidence characteristics.

Keywords
ADVANCED DISTRIBUTED LEARNING;AGILE SOFTWARE DEVELOPMENT;AI;ARCHITECTURE;AUTOMATION;BIG DATA;CLOUD COMPUTING;CYBER;DATA;DISRUPTIVE INNOVATION;EMERGING TECHNOLOGIES;ENVIRONMENTS;INFORMATION WARFARE;LEARNING ANALYTICS;METAVERSE;OPEN ARCHITECTURE;POLICY;SIMULATORS;VIRTUALIZATION

Additional Keywords