Security Experts Worried about Military Chips from OffshoreOctober 30, 2009

 

chip

Just about 2% of the more than $3.5 billion in integrated circuits the Pentagon purchases annually to control its military gear is manufactured in facilities secured by American companies, according to an article in The New York Times.

That's a big concern for cybersecurity experts, and current and former military planners who worry that malicious code, called Trojan horses, can easily be embedded within the circuitry and triggered at will to render weapons and communications systems useless or uncontrollable at critical moments.

The menace has grown as most American semiconductor manufacturing plants have been moved offshore to reduce manufacturing costs, according to the article. IBM executives noted that only one-fifth of all computer chips and just one-quarter of the most advanced chips are built in the United States.

The security implications of this decline in chip production at home prompted the Pentagon and the National Security Agency to increase the number of American plants approved to make chips for the military's Trusted Foundry Program. Still, industry and military experts do not believe the U.S. has the capacity for all classified systems.

"The department is aware that there are risks to using commercial technology in general and that there are greater risks to using globally sourced technology," Robert Lentz told the Times. Lentz ran the Trusted Foundry program as the deputy assistant defense secretary for cyber, identity and information assurance until he retired last month.

Cyberwarfare analysts caution that although most security efforts have been directed toward software attacks (see the Wharton Aerospace & Defense Report's Cyber Attacks: What Can Be Done to Stem the Tide of Defense Technology Theft?), hardware circuitry might be just as big a threat. Just as software has millions of lines of code making it difficult to scrutinize, modern computer chips are made up of hundreds of millions -- even billions -- of transistors, according to the Times article. A slight modification in the design or manufacturing of the chip would be nearly impossible to detect but could have severe repercussions.

In a recent Foreign Affairs article, retired Army general Wesley K. Clark writes that "Compromised hardware is, almost literally, a time bomb, because the corruption occurs well before the attack," according to the Times.

The U.S. is not only preparing to defend against such attacks on its hardware, but is also ready to go on the offensive. In the future, the Times article notes, hidden kill switches could be triggered to disable enemy weapons or as a precaution in case U.S. technology fell into the wrong hands.

The article lists several examples of how this form of warfare might already be underway, including an incident in which Israel might have used a built-in kill switch to disable Syrian radar systems when it destroyed Syria's suspected nuclear reactor construction site.