Enemy inside

Perhaps it is too late to bring back large-scale microchip manufacturing to the United States, but we see another industry emerging to compensate for the chip manufacturing migration to the east. Background: As is the case with other industries, microchip manufacturing is moving from industrialized countries to countries where labor is cheaper. In the United States, for example, most chip work now involves only design and architecture. The result is that the Pentagon and other U.S. security and intelligence agencies are buying microchips produced in other countries, especially in east Asia (or, rather, these agencies buy advanced weapon systems, computers, servers, and hand-helds here, but the chips in this gear are manufactured abroad). The Pentagon’s Defense Science Board is worried: Imagine a hostile country or organization secretly tampering with microchips at the factory — microchips which are then incorporated into sophisticated weapons systems such as GPS-guided smart bombs.

The Science Board fears hostile entities may tamper with chips by installing back-door vulnerabilities such as hard-wired computer viruses, or by altering either the chemistry of the chip or the width of gaps between nanoscale wires to make chips burn out sooner than they should. Such tampering would be undetectable. The Board warns: “Neither extensive electrical testing nor reverse engineering is capable of reliably detecting compromised microelectronics components.”

The envisioned solution: DARPA, the Pentagon’s research arm, has begun discussing with U.S. universities and electronics companies the best ways for DoD to examine the reliability of imported chips. The drive for reliability checking has a name — Trust for integrated circuits — and its goal is to develop methods and systems to make microchip malware detectable. DARPA says one promising path would be self-repairing microchips which would switch back to a pre-tamper condition if they were interfered with.