July 14, 2011

Why Is America’s Military Buying China’s Bargain-Bin Microchips?

July 13, 2011 | From theTrumpet.com
It’s desperate to cut costs—and foolish enough to trust an enemy.

You may have heard the story: Last year, the U.S. military bought 59,000 counterfeit microchips from China for use aboard American warships, fighter planes, missile and antimissile systems.

Thankfully, these fake chips were caught. But of course, the question remains as to how many others have gone undetected. What makes this particularly concerning is the vulnerability of such chips to sabotage, which could wreak untold damage.

This threat has been known for years. I have in front of me a book by computer security expert Winn Schwartau called Information Warfare that contains a chapter explaining this danger (“chipping,” he calls it). It has a 1996 copyright. However, the danger of chipping has apparently become near impossible to protect against. In both civilian and military spheres, our reliance on chips continues to grow, and in today’s global, integrated and highly competitive market, the things we buy increasingly contain components from all over, often channeled through third parties that can make them difficult to track.

And with a tiny, complex product like an integrated circuit, quality control is really tough. Chips could be manufactured to fail prematurely, for example, or to supply spying capability like tracking or surveillance, or to provide hackers hidden “back doors” by which to slip past, say, a sophisticated network firewall. Security experts will tell you that it is realistically impossible to test complex chips thoroughly enough to guarantee that they are totally tamper-free.

They call such problems “hardware Trojans”—after the famed stratagem used to topple Troy: the gift of a wooden horse that secretly contained crack Greek troops. As the revelation about the 59,000 fake Chinese chips illustrates, America has willingly ushered these potential Trojan horses inside our sturdiest walls of defense by the boatload.

“Individuals, companies and federal agencies could all be at risk from foreign governments or criminal enterprises,” wrote Popular Mechanics back in 2009. “A computer chip built with a subtle error might allow an identity-theft ring to hack past the encryption used to connect customers with their banks. Flash memory hidden inside a corporation’s networked printers could save an image file of every document it printed, then send out the information. In a disturbing national-security scenario, overseas agents might be able to hard-wire instructions to bring down a Department of Defense system on a predetermined date or in response to an external trigger. In the time it took to bring the systems back online, a military assault could be underway.”

Counterfeits are common in the microchip market. There is a lot of money to be made, and a lot of places to procure old chips in order to reverse-engineer and then repackage them. In some cases, such shoddy chips may be commercial, off-the-shelf products that are nowhere near the standards required for military use.

Because military gear is often subjected to extremes in temperatures, weather, shock, vibration and other conditions, its components must be engineered to much more rigorous specifications. But with chips, it can be difficult to tell the difference beyond the fact that the military-grade versions are often two to three times more expensive. If older, worn-out chips are pawned off as newer, or if commercial-grade chips are counterfeited as military-grade, then even if these chips weren’t intentionally sabotaged, the damaging effects—failure of vital hardware, perhaps at crucial, even life-and-death moments—could be the same.

Why, then, doesn’t the military only use trusted chip manufacturers? How could such subpar chips end up in military equipment? Mostly, because the government is trying to save money.

After the Soviet Union collapsed, in the 1990s the Clinton administration launched a penny-pinching initiative: Rather than using only custom, government-made products at enormous cost, federal agencies could begin to purchase commercial, off-the-shelf hardware in some cases. The money for secure, trusted, domestic electronics manufacturers dried up, and a bumper crop of smaller, bargain-bin parts brokers sprang up—businesses that got their products from who-knows-where.

Additionally, the government introduced affirmative-action goals that encouraged the military and other agencies to favor “disadvantaged” suppliers. To this day the Department of Defense is required to make 22 percent of its purchases from small contractors, including those run by women, military veterans and ethnic minority groups.

The result has been an enormous cost savings—and a huge new security hole.

In 2005, the Defense Science Board warned that permitting foreign-manufactured circuitry in military hardware opened the door to the potential for deadly sabotage. In 2008, a BusinessWeek investigation found that these fears were justified: Problems were arising, crashes were happening, that could well be attributed to fake Chinese chips. Robert P. Ernst, a Naval Air Systems official who heads research into counterfeit parts, estimated at the time that such components were degrading weapon system reliability by 5 to 15 percent each year.

The warnings and revelations, however, did nothing to halt the trend. They simply could not overcome the stark and growing realities driving much of the increase in foreign chip acquisition: aging military equipment needing repairs, and defense budgets getting squeezed. In fact, last January the Commerce Department reported that cases of counterfeiting discovered by the military and its suppliers almost doubled from 2005 to 2008.

Today, Ernst believes 15 percent of the spare and replacement chips the DoD buys are counterfeits. As a result, he told the Atlantic Wire, “We are having field failures regularly within our weapon systems—and in almost every weapon system.” When a helicopter goes down or a missile fizzles, detailed investigations don’t always take place—and whether fake microchips caused the problem or not is very difficult to prove, he says.

Not only is it tricky to pinpoint faulty chips in such cases, it is practically impossible to trace counterfeits back to a specific source with malicious intent. Like most cyberwarfare, chipping carries the enormous advantage of anonymity and plausible deniability. It is in many ways a perfect weapon.

Take this recent case of the 59,000 fake chips, for example. Though they were found to be of Chinese origin, the U.S. has spoken nary a word about any kind of retaliation. The Chinese government wasn’t even implicated. All the fallout has centered around America looking for ways to continue buying foreign-made chips while plugging the security hole.

However, just because Beijing received no recriminations doesn’t mean it is innocent.

Time and again, China’s leaders have declared by their actions, if not their words, that America is their primary enemy. The People’s Liberation Army has a very active cyberwarfare department. China routinely, even daily, launches cyberattacks on Washington, especially the Defense Department. The Pentagon defends itself against over a thousand attempted computer break-ins every day, most of which come from China. According to a Heritage Foundation report, “U.S. Defense Department sources say privately that the level of Chinese cyberattacks obliges them to avoid Chinese-origin hardware and software in all classified systems and as many unclassified systems as fiscally possible.”

Sounds great—but if they were really following through on that pledge, how did 59,000 bad chips make it through?

China is quickly growing to become the main overseas source of commercial, off-the-shelf chips.
Government policies are helping to drive this rapid manufacturing expansion. And China’s top technology company, Huawei Shenzhen, has close ties with the Chinese military. That Heritage Foundation report said an expert told a conference of American federal government information managers in 2007 “the Chinese are in half of your agencies’ systems.”

To dismiss the idea that the Chinese government could be seeking to exploit the vulnerabilities in America’s electronics—particularly within the military—is sheer folly. Yet this is precisely what the U.S. is demonstrating by buying its microchips from sources that trace back to China!

As we have said for years, America has won its last war. The spiritual cause for that is plainly spelled out in Scripture. Physically, though, in the end it will be traceable to a host of naive and injudicious decisions like this one: to compromise the functionality of critical equipment by buying bargain-basement electronics components from foreigners within countries that are trying to bring America to its knees.


No comments: