Interruption, Not Interference, Imperils Chip Supply Chain
Losing access to electronics is more of a threat than device sabotage.
The electronics supply chain to the West faces a greater threat from total cutoff than from having its components tinkered with by malefactors, according to some experts. Many measures currently in place to help ensure quality also serve to thwart saboteurs and counterfeiters. However, a far greater menace looms in the potential for a complete damming of the flow of chips and circuit boards, as the United States and most Western countries lack the infrastructure to pick up fabrication and manufacturing on short notice.
This threat applies both to economic well-being and military security. “Persistent access to the necessary microelectronic components to defend our nation and to ensure further economic success” is imperiled, warns Douglas Thornton, research leader at Battelle Memorial Institute. He offers that much of the economic growth over the past 50 years has been driven by U.S. dominance in the design and fabrication of microelectronics. Both of those disciplines continue to move offshore, which generates new threats to the electronics supply chain.
These threats could apply to new circuitry and legacy replacement parts. The ability to mitigate obsolescence will be harmed as improvements are designed and implemented. Long life-cycle systems need established parts for sustainability.
“If we were to go into conflict in those regions of the world [where chips are made], we would no longer have a supply chain for the microelectronics that are necessary to even produce new designs for simple components,” cautions Thornton. Systems as diverse as truck engine controllers, unmanned aerial vehicles, missile guidance systems and personal electronics used by soldiers could be at risk.
Currently, Samsung and Taiwan Semiconductor Manufacturing Company (TMSC) serve as major process nodes. Many other companies’ processors come from TMSC, and some companies tap foundries in China for specialized chips, such as memory. China could inhibit production in Korea and Taiwan through intense economic influence as well as regional conflict, and China could simply deny access to chips made within its own borders.
China already has made efforts to deny chip manufacturers access to the rare earths that are essential to electronics. With the Asian nation still controlling 80 percent of rare earth production, that remains an issue, although several countries are working to ameliorate this threat. Thornton says the device persistent-access threat is different and greater.
“This has a greater economic value than raw materials because of the ability to extract our intellectual property at many levels within the supply chain,” he states. “And, it’s not actually dependent on the locale.” He continues that the supply chain could be interrupted in any of a number of places and ways.
Overcoming this challenge will require huge investments in fabrication facilities as well as in education. Thornton relates that the U.S. government is working this through the Microelectronics Innovation for National Security and Economic Competitiveness (MINSEC) campaign and the Electronics Resurgence Initiative by the Defense Advanced Research Projects Agency (DARPA). He notes that Intel continues to build and upgrade its foundries in the United States, but that domestic corporate investment is the exception, not the rule.
One potential alternative would be to use a Trusted Foundry Program model. Under this model, a manufactured part would have a degree of implicit assurance and provenance based on a chain of custody or control—a “guards, gates and guns model,” Thornton says. Every person, every part, and every movement of the supply chain would be secured.
However, the Trusted Foundry Program currently is substantially behind the state of the art for the type of electronics that outfit computer central processing units, Thornton points out. Despite being a Defense Department program, it lags in being able to build fabrication entities that would produce electronics specific to warfighters.
And the supply chain need not be interrupted by adversarial actions. Both Taiwan and Korea sit astride the Pacific ring of fire, and both are susceptible to earthquakes. A large temblor that knocks fabrication plants offline could have the same effect as a nation-state-driven intervention. Thornton cites the hard drive shortage that happened about a decade ago following natural disasters in Vietnam, where many hard drives are manufactured.
Overcoming this challenge will not be easy, Thornton offers. “The state of our electronics supply chain today is one where we still have the time to see the risks that will confront us tomorrow,” he states. “The decisions that we make within the next three years will truly drive the relevance of our microelectronics design and fabrication ecosystem, our economic competitiveness in the area, and our persistent access to both consumer and defense goods.
“It’s not too late,” he continues. “However, if we wait too much longer, it could be too late.”
One approach would be for the U.S. government to build or subsidize domestic modern foundries. This would go beyond the trusted foundry approach, as the government would need to continually invest in the capability. The economics are hard to work out, Thornton concedes, but new or innovative economic approaches to the trusted foundry model could emerge.
Another approach would be the “zero trust” model, which differs from the trusted foundry model in that elements could be transferred in the open. This would entail employing techniques to obfuscate designs that could be built in commercial foundries on U.S. soil. It would insert signatures at a variety of points in the supply chain with obfuscation or encryption. When a part is received, the fact that it hasn’t changed from the original design could be validated along with the design’s security.
The employees of these foundries need not be vetted, as the obfuscated design would prevent its theft. Thornton notes that this approach is important to economic competitiveness, as well as persistent access. Adversaries would be limited in their ability to steal an integrated processor design.
Using established foundries in an untrusted model allows devices to be fabricated for the government along with improved economies of scale, workforce training and continued government investments along the lines of the small business innovation research program, Thornton says. This also would permit smaller companies to have their designs fabricated and tested.
Yet, denial of chip service is not the only threat to the electronics supply chain. Experts long have worried about tampering with chips in a number of ways, and that remains a concern.
Early failure of components, in which devices are deliberately built to die early deaths, represents a leading potential threat. Faulty chip designs or fabrications could render the devices useless after a short service period.
The integrated processor market can be affected by chips built overseas by contractors with malicious intent. They could be designed to divert intellectual capital, or even financial transactions, to people linked to the contractors. At the very least, counterfeit versions would generate profits that otherwise would go to the legitimate inventors.
And counterfeit chips pose their own types of risk. They usually are not built to standards demanded of the original devices, and thus are more likely to fail from routine environmental causes such as temperature extremes—even though the chips passed performance tests showing they function as designed. A SCADA system that is part of the vital infrastructure, for example, could suffer catastrophic failure on a severely cold or unusually hot day. This would not be a deliberate act of sabotage, but instead the result of a profiteer selling a fake device.
Replacing chips in legacy systems can require purchases on the secondary market, and these chips could be counterfeit or even built to fail by adversaries. “When a chip is designed, it has many levels of abstraction,” Thornton relates. “Just because a trusted vendor is building some sort of Defense Department-relevant part, or maybe a dual-use part that could be made up of many IP [integrated processor] blocks, some of those might be sourced from untrusted entities. So, injection into the supply chain at that point could happen from an IP level to be encoded into modern silicon.”
Many companies have implemented security approaches that seek to detect or protect against circuit tampering. One counterfeit detection method employs X-rays to view the exact chip pattern, although a matching die placed by a counterfeiter could fool this method.
Thornton’s firm focuses on reading second-order effects to determine if a chip has been affected. This involves following elements of the chip’s performance that result from the device’s design but are not necessarily the intent of the design, he explains.
These elements generate signatures that permit classification of components, and this enables detection of modifications to the baseline of these components. For example, a chip may consume a specific amount of power that is determined by its internal layout, the gates that are actively being used, and other performance factors. High-resolution data streams of that power consumption can be processed mathematically to generate signatures, which in turn permits sorting parts by their date and lock code as well as factory of origin.
This approach also helps betray cloned parts and counterfeits, Thornton relates. A part may have a package that looks identical to an authentic part, and a cloned or counterfeit component might even meet the device’s specifications. A functional test on the device would not betray its faux origins, but analyzing its secondary functions could detect differences in the inside elements of the chip. These measurements take only milliseconds to conduct, he notes.
This approach also can be applied to circuit boards, he continues. This would reveal if any components have been added, removed or replaced. Even passive devices such as capacitors, which Thornton describes as among the more commonly counterfeited parts that can fail early in their use with destructive results, can be validated on a circuit board using the secondary approach.
Even these security measures might not be sufficient. Thornton raises the issue of an individual chip designer embedding a back door into a modern processor or even its support chip. It could be triggered remotely to initiate cyber attacks that are independent of software’s ability to mitigate. The designer would have backdoor access into a number of types of platforms that hold data, which then could be exfiltrated or locked in a ransomware attack “on a scale that we have yet to see,” he suggests.
The potential for a nation-state to sabotage chips or embed malware is a nearer term threat that is empowered by the ability of nations to invest in these capabilities, Thornton offers, adding, “The period of payback can be measured in decades.”