Abstract: The risks posed by counterfeit electronics are numerous, and there exist a large number of potential risk mitigation measures which one can implement for a given system or across the enterprise. Each mitigation has associated with it a certain effectiveness in mitigating risks, but also comes at a cost. Moreover, mitigations can be implemented in combination with one another for a defense-in-dept strategy. The resulting question is that for a given level of risk reduction and a certain budget, what is the optimal investment strategy, in the form of combination of mitigations, to implement? Leveraging quantitative portfolio analysis methods originally developed in finance and economics,and subsequently applied to a number of other domains, a user-friendly portfolio tool was developed which aids the investment decision process. The tool identifies the optimal “mix” of risk reduction countermeasures given several user-defined inputs related to cost and risk-reduction targets. This provides a platform for users to investigate how to “buy down” the risk to acceptable levels.

Bio: Zachary A. Collier is Assistant Professor in the Department of Management at Radford University. His research interests include risk analysis and decision analysis. He is President of Collier Research Systems, a consultancy providing decision making and analytics services. He is a Fellow of the Center for Risk Management of Engineering Systems at University of Virginia, a Visiting Scholar of the NSF-funded Center for Hardware and Embedded Systems Security and Trust (CHEST), and is co-lead of the Risk Management Framework subgroup of SAE International’s G32 Committee. His prior work experience includes the U.S. Army Engineer Research and Development Center, where he was a member of the Risk and Decision Science Team. He earned his Ph.D. in Systems Engineering from University of Virginia, a Master of Engineering Management from Duke University, and a Bachelor of Science from Florida State University. He is managing editor of the journal Environment Systems and Decisions.