quote:

Chinese hardware hack shows that the US needs more than tariffs to contain the dragon
Bloomberg/Business Week this morning broke the most disturbing spy story in years: Chinese cyber-spies embedded a secret back door onto computer motherboards intended for super-secret CIA cloud computing. The techies at Amazon Web Services discovered one particular back door in hardware built by Chinese subcontractors for Supermicro of San Jose California, one of the world's biggest suppliers of motherboards.

Bloomberg reports:

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
One country in particular has an advantage executing this
kind of attack: China, which by some estimates makes 75 percent

of the world’s mobile phones and 90 percent of its PCs.

Let that sink in: the US Department of Defense uses Chinese computer components because they are NOT manufactured in the United States of America. US counterintelligence found one back door. We have no idea how many more back doors are out here.

The level of technological skill required for this sort of "seeding" attack is impressive, according to Bloomberg. This isn't like planting a microphone in a flower pot.

To actually accomplish a seeding attack would mean developing a
deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location—a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of

Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.” But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two

officials say, by operatives from a unit of the People’s Liberation Army.

It's been obvious for years that the United States needs to bring high-tech manufacturing onshore for national security reasons--whatever the economic consequences. The Pentagon procurement system favors the bottom line of an oligopoly of defense contractors. Chinese hardware is cheaper and the globalized supply chain has been a bonanza for the defense industry. The Pentagon's hardware requirements, moreover, are a tiny fraction of the American market. Building chip foundries in the US for national security reasons will cost a lot more.

The cost of having a country, though, recalls J.P. Morgan's quip about buying a yacht: If you have to ask how how much it costs, you can't afford it. China manufactures 90% of the computers used in the United States. US companies like Cisco manufacture virtually all of their telecommunications equipment in China. There's no way to stop China from embedding secret points of access in hardware, except to produce it here.

Dr. Henry Kressel and I argued two years in a Wall Street Journal op-ed that the United States had no choice but to shift the production of sensitive electronics goods onshore:

Washington should also enforce strict U.S. content rules for sensitive defense technology. Many of the Pentagon’s military systems depend on imported components. That’s a concern on security grounds alone. Procurement rules should be changed to require that critical components be manufactured in the U.S.
That will cost a bundle. It will create American jobs, to be sure, but at a considerable price to the taxpayers. A 25% tariff isn't enough to force the supply-chain for high-tech electronics onshore. We require an infinitely high tariff for defense electronics: No foreign components, period.

Securing our computation and communications systems isn't optional. That will be expensive, but it's only a painful, expensive, first step. As the Bloomberg story observed, China's hardware hackers made a unicorn jump over a rainbow. What should worry us is not the information that Chinese military intelligence might have garnered, but China's level of technical proficiency. With four times our numbers of STEM undergraduates and twice the number of STEM PhD's, China is gaining on our technological edge. In the cited WSJ op-ed, Dr. Kressel and I argued that the US needed a crash program to rebuild STEM skills. The Hudson Institute's Dr. Arthur Herman made a similar point in a recent Forbes column, and I agree with every word he wrote.

We tend to forget that beating the Russians in the Cold War wasn't easy. We were losing the Cold War during the 1970s. Russian surface-to-air-missiles decimated Israel's American-built air force during the 1973 war, and Russia was convinced that it had a technological edge that would enable it to win any conventional war in the world. The tide began to turn exactly 50 years ago when the US installed look-down radar in F-15's. By 1982, Israel demonstrated the power of American (as well as some Israeli) avionics when it destroyed most of the Syrian air force. But that required revolution in technology, including the invention of CMOS chip manufacturing at RCA Labs in 1976.

Back then, America spent double what it does now on federal R&D and major corporations maintained their own research labs -- Bell, RCA, GE, IBM, Hughes and many others. We had the only top-rate universities in the world for physics and computer science and we drew in the world's to talent. It's tougher today. We can win this one, but it won't be cheap or easy. It will require a national mobilization on the scale of the Eisenhower response to Sputnik, the Kennedy moonshot or the Reagan SDI. Failing that, China will win, just as Russia almost won before Ronald Reagan took office.

quote:

Originally posted by nhtagmember:
I worked as an engineer in the semiconductor industry for several years so my recollection may be a wee bit fuzzy

but

This isn't at the chip level. The cost of real estate on a chip is enormous even at 10 micron geometry (give or take a micron or two), and that means that with a 14-layer or better chip, the cost of manufacture goes up a lot.

This is at the board level. The chip they made is mounted on the physical hold-in-your-hands board. But because its small, and boards are very densely packed, unless you knew what to look for, or had a way of detecting an abnormal test then its very possible to put not only one, but perhaps several. And at the board level one could park an entire ASIC on the board and no one might be the wiser. Simply mark it as something it isn't but might otherwise be normal.

quote:

Originally posted by nhtagmember:
are there any phones currently designed and made America?

quote:

The threat from hardware implants “is very real,” said Sean Kanuck, who until 2016 was the top cyber official inside the Office of the Director of National Intelligence. He's now director of future conflict and cyber security for the International Institute for Strategic Studies in Washington