Counterfeit threat taking malicious turn?
In June 2014, an American contractor from Massachusetts admitted to conspiring to traffic counterfeit military goods for his role in shipping counterfeit semiconductors from Hong Kong to a U.S. Navy submarine base in Connecticut. The chips – sold as new – were actually refurbished and remarked. Had this criminal scheme not been thwarted, the parts would have been installed in nuclear submarines. The catastrophic potential cannot be overstated.
One could say we all got lucky in this instance, but luck had nothing to do with it. Coordinated actions within and between federal and state lawmakers and law enforcement, as well as various electronics industry organizations and representatives, have put a spotlight on the once-veiled counterfeit component issue. With the National Defense Authorization Act (NDAA) rule on the Detection and Avoidance of Counterfeit Electronic Parts finally in effect, the mil/aero sector is now better equipped than ever before to stem the flow of fraudulent chips into the supply chain.
That’s the good news. The bad news is that as the threat landscape evolves, current anti-counterfeit defenses may prove inadequate. Today, the vast majority of the safeguards within the supply chain are predicated on the assumption that profit is the primary motive of these perpetrators; therefore, detection strategies focus on the identification of parts that have been reclaimed, remarked, re-engineered, or otherwise fraudulently represented. A lesser-known, but significantly more ominous threat, is the potential for malicious counterfeits.
In a case like this, chips are intentionally altered during the IC design process to insert malignant functionality into the code before it is manufactured. The tainted code remains dormant in the device until it is triggered to launch a cyberattack that may intercept classified intelligence or compromise critical infrastructure capabilities. Because it does not initially impede the normal functioning of the chip, this kind of tampering is unlikely to be detected via standard inspection and testing protocols.
Malicious counterfeiting is not a new threat, and most discourse about it is largely theoretical, but the increasing globalization and complexity of the semiconductor supply chain leaves the U.S military “uncomfortably dependent on foreign sources for the critical components that underpin our warfighting capability,” according to Sonny Maynard, program manager of the Department of Defense (DoD) Trusted Foundry initiative.
Programs like Trusted Foundry have helped insulate the DoD from this exposure, but the mil/aero sector’s reliance on commercial off-the-shelf (COTS) components limits the benefit. Securing the commercial semiconductor supply chain is significantly more challenging due to the offshore outsourcing of IC design and fabrication. As a result, chip design represents “a gaping and exploitable hole” in the current approach to supply chain security, according to a paper by John Villasenor, senior fellow in Governance Studies and the Center for Technology Innovation at the Brookings Institute. Figure 1 shows the goals, attack method, and attacker location of possible breaches of cybersecurity.
Statement of work
At this point, it may sound like there is a whole lot more bad news than good news. Let’s look at it this way: There are many promising solutions on the horizon that could dramatically mitigate the threat of both fraudulent and malicious electronic components in the future. In addition, members of the supply chain can take action now to better protect our economic interests and national security.
The first step is acknowledging that the counterfeit threat is bigger – and more malevolent – than most members of the commercial supply chain have previously realized. The threat exists both upstream and downstream; therefore, a comprehensive anti-counterfeit strategy must include buy-in from all members of the supply chain. Such a strategy must also confront exposures throughout the entire life cycle – from cradle (secure IC design) to grave (ethical e-waste disposal) and everything in between, including Trusted Foundry, proactive technology management, responsible sourcing, and secure logistics.
Without the benefit of a resource like the Trusted Foundry program, members of the IC supply chain must be particularly vigilant in their efforts to defend against chip tampering at the design level. Greater awareness of the risk should prompt more stringent vetting of offshore suppliers and their subcontractors, together with improvements in testing and verification methods.
Secure by design
The Semiconductor Research Corporation, a leading university-research consortium, is working with the National Science Foundation on a $9 million joint research effort called Secure, Trustworthy, Assured, and Resilient Semiconductors and Systems (STARSS). The stated goal of this group is to develop new strategies for IC architecture, specification, and verification that will provide “assurance and confidence in the trustworthiness, reliability, and security of electronic systems, strategies, and techniques that incorporate security in all stages of design and manufacture.”
Adaptations to the chip-fabrication process could also enable the U.S. to leverage global semiconductor manufacturing capacity while still protecting design integrity. The Intelligence Advanced Research Projects Activity (IARPA) government research agency – part of the Office of the Director of National Intelligence – is said to be investigating the feasibility of an advanced chipmaking technology under its Trusted Integrated Chips program that entails what it calls the “split-manufacturing” process. This method would divide chip fabrication into Front-End-of-Line (FEOL) manufacturing, consisting of transistor layers to be fabricated by offshore foundries, and Back-End-of-Line (BEOL) development, with pieces that would be fabricated by trusted U.S. facilities.
Breaking the cycle
As initiatives to more firmly secure IC-level hardware progress, it is incumbent upon the rest of the supply chain to continue to actively support the anti-counterfeit movement within our respective domains.
It has been well documented that counterfeit components are most often introduced into the supply chain through non-authorized, gray market sources. A 2012 report from the DoD stated that the “overwhelming majority” of the more than one million counterfeit parts identified in an investigation of the DoD’s supply chain were sourced from independent electronic parts distributors.
Since part obsolescence is a known trigger for the less-than-vigilant sourcing practices that drive buyers to the gray market, it stands to reason that avoiding obsolescence will go a long way toward mitigating the counterfeit risk.
Defense systems engineers can help minimize these part crises through more proactive technology planning and management. Using resources like the Government-Industry Data Exchange Program (GIDEP), designers can assure that they are specifying products offering the greatest life cycle support. Designers can also avert obsolescence by designing with open architecture, which allows for easier part replacement; by proactively planning new technology insertion through the production and support life of the program; and by sourcing “COTS+” parts with enhanced performance and extended product life cycle support.
Still, there will be occasions when the authorized channel cannot fulfill customer demand for legacy parts. This is typically where panic begins and procurement discipline ends. Rather than taking that dive into the murky waters of the Internet broker market, those looking for product can talk to companies like Rochester Electronics, e2v, and Micross Components, who develop authorizations to manufacture pedigreed and traceable products using original die, IP, test fixtures, and some of the identical packaging subcontractors used by the original component manufacturers (OCMs) themselves. Although this option has traditionally been considered too costly, advancements in both technology and cooperation between OCMs, distributors, and aftermarket suppliers are now making this a much more cost-effective alternative.
Support the troops
As a franchised distributor, Avnet is confident in the pedigree of its product while recognizing that every time a part changes hands – whether through the returns process, testing in an outside lab, warranty/repair work or other physical value add – it is vulnerable to tampering. Avnet’s policy, therefore, is trust, but verify. The company maintains a materials-control process that includes traceability mechanisms such as barcodes and date coding, which provides assurance that the chain of custody remains secure. The company also audits the materials-handling and return policies of its supplier partners.
To assure that designers can satisfy their bill-of-materials requirements without risking the integrity of their supply chain, Avnet offers inventory and product-lifecycle-management support, executes end-of-life bridge buys to assure ongoing supply, and works with suppliers to develop product continuity programs, assuring longer-term manufacture and supply of components.
Going all in
The supply chain’s approach to the counterfeit issue can almost be regarded as a dam with a number of individuals working feverishly to plug a few gaping holes, while countless smaller leaks go largely unnoticed. To win the battle against counterfeits, the industry has to be more vigilant in identifying weak points throughout the supply chain and use its collective strength to secure these breaches before it’s too late. What appears to be an insignificant trickle today could become a life-threatening flood tomorrow.
Avnet 1-800-409-1483 www.avnet.com