Enemy inside

Published 28 June 2006

This is more serious — and less benign — than “Intel inside”: practically no microchip manufacturing is done in the U.S.; when the Pentagon needs computer chips for its advanced weapons — say, a GPS-guided bomb — it buys the chips abroad; experts are worried that hostile entities will penetrate the chip factory floor subtly and stealthily to introduce flaws onto the chips; trouble is, until the chip actually fails in action, there is no way to detect such flaws; the Pentagon wants the help of business and academia in developing malware detection methods

Perhaps it is too late to bring back large-scale microchip manufacturing to the United States, but we see another industry emerging to compensate for the chip manufacturing migration to the east. Background: As is the case with other industries, microchip manufacturing is moving from industrialized countries to countries where labor is cheaper. In the United States, for example, most chip work now involves only design and architecture. The result is that the Pentagon and other U.S. security and intelligence agencies are buying microchips produced in other countries, especially in east Asia (or, rather, these agencies buy advanced weapon systems, computers, servers, and hand-helds here, but the chips in this gear are manufactured abroad). The Pentagon’s Defense Science Board is worried: Imagine a hostile country or organization secretly tampering with microchips at the factory — microchips which are then incorporated into sophisticated weapons systems such as GPS-guided smart bombs.

The Science Board fears hostile entities may tamper with chips by installing back-door vulnerabilities such as hard-wired computer viruses, or by altering either the chemistry of the chip or the width of gaps between nanoscale wires to make chips burn out sooner than they should. Such tampering would be undetectable. The Board warns: “Neither extensive electrical testing nor reverse engineering is capable of reliably detecting compromised microelectronics components.”

The envisioned solution: DARPA, the Pentagon’s research arm, has begun discussing with U.S. universities and electronics companies the best ways for DoD to examine the reliability of imported chips. The drive for reliability checking has a name — Trust for integrated circuits — and its goal is to develop methods and systems to make microchip malware detectable. DARPA says one promising path would be self-repairing microchips which would switch back to a pre-tamper condition if they were interfered with.