Counterfeit chips may hobble advanced weapons

to using commercial technology in general and that there are greater risks to using globally sourced technology,” said Robert Lentz, who before his retirement last month was in charge of the Trusted Foundry program as the deputy assistant defense secretary for cyber, identity and information assurance.

Counterfeit hardware
Counterfeit computer hardware, largely manufactured in Asian factories, is viewed as a significant problem by private corporations and military planners. A recent White House review noted that there had been several “unambiguous, deliberate subversions” of computer hardware. “These are not hypothetical threats,” the report’s author, Melissa Hathaway, told Markoff in an e-mail message. “We have witnessed countless intrusions that have allowed criminals to steal hundreds of millions of dollars and allowed nation-states and others to steal intellectual property and sensitive military information.” Hathaway declined to offer specifics.

Cyberwarfare analysts argue that while most computer security efforts have until now been focused on software, tampering with hardware circuitry may ultimately be an equally dangerous threat. This is because modern computer chips routinely comprise hundreds of millions, or even billions, of transistors. The increasing complexity means that subtle modifications in manufacturing or in the design of chips will be virtually impossible to detect. “Compromised hardware is, almost literally, a time bomb, because the corruption occurs well before the attack,” Wesley Clark, a retired Army general, wrote in an article in Foreign Affairs magazine that warns of the risks the nation faces from insecure computer hardware. “Maliciously tampered integrated circuits cannot be patched,” General Clark wrote. “They are the ultimate sleeper cell.”

Markoff notes that in cyberwarfare, the most ancient strategy is also the most modern. Internet software programs known as Trojan horses have become a tool of choice for computer criminals who sneak malicious software into computers by putting it in seemingly innocuous programs. They then pilfer information and transform Internet-connected PCs into slave machines. With hardware, the strategy is an even more subtle form of sabotage, building a chip with a hidden flaw or a means for adversaries to make it crash when wanted.

Pentagon executives defend the manufacturing strategy, which is largely based on a 10-year contract with a secure IBM chipmaking plant in Burlington, Vermont, reported to be valued as high as $600 million, and a certification process that has been extended to twenty-eight American chipmakers and related technology firms. “The department has a comprehensive risk-management strategy that addresses a variety