The complex and often misunderstood interplay between Operational Technology (OT) and Information Technology (IT) introduces significant supply chain vulnerabilities in critical infrastructure. A major area of concern is Facility-Related Control Systems (FRCS), which oversee essential everyday processes such as HVAC, lighting, and fire protection. These systems are prime targets for cyberattacks aimed at disrupting operations within the broader US Department of Defense (DoD) mission. Such attacks can lead to overheating server rooms, theft of sensitive data, or cascading failures across interconnected networks potentially affecting larger targets. This presentation examines FRCS-focused supply chain risks, including reliance on components from third-parties, counterfeit hardware and the gray market, and backdoor access. It also analyzes real- world attacks such as the Hezbollah Pager Explosions and possible implications for future supply chain interdiction. Additionally, this discussion delves into best practices to maintain cybersecure systems during procurement and design, guided by the Idaho National Laboratory’s Cyber- Informed Engineering Guide, specifically principle nine, Cyber-Secure Supply Chain Controls.

Attendees will leave equipped to identify and mitigate risks in the devices and systems essential to operating our most critical facilities.