Tuesday, October 7, 2008
Chinese Chips In Our Military Computers Causing Crashes
Over the past year, US citizens have become increasingly aware of the substandard consumer-level goods flowing out of China, but new reports indicate that the counterfeit products and dubious quality controls are not confined to the consumer sector. An increasingly large number of supposedly military-grade electronic components are turning out to be counterfeit commercial-grade hardware that, in some cases, is decades older than the manufacturing label indicates.
The problem, to be sure, is not entirely China's fault. Back in 1994 and 1996, the Clinton Administration passed two bills, the Federal Acquisition Streamlining Act (1994), and the Clinger-Cohen Act of 1996 (PDF, originally known as the Information Technology Management Reform Act). Collectively, these two bills were designed to streamline and simplify federal purchasing procedures, as well as allow for the use of commercial off-the-shelf hardware in certain areas. The concepts were sold to the public and Congress as a way to save a tremendous amount of money—rather than designing and implementing its own, custom products at tremendous manufacturing and R&D costs, the government would instead use (or modify) products that were readily available on today's market. That was the idea, anyway, but new reporting from BusinessWeek highlights how these two laws have had long-term unintended consequences.
One of the unintended consequences of both cutting the Pentagon's budget and encouraging low-cost, off-the-shelf procurement, has been a dramatic decline in the use of authorized resellers and/or parts purchased directly from the manufacturer. Under the new rules, government contractors were explicitly discouraged from designing systems that required the use of expensive, proprietary electronics or processors that would never be widely produced. This left the Pentagon largely unable to fund inefficient, small-scale production runs, and gave electronics manufacturers little reason to produce them.
Moving the acquisition and sourcing for these parts to China has opened security holes that haven't gone entirely unnoticed. As we covered earlier this year, the Department of Defense is aware that the processors it's acquiring are vulnerable to tampering, since some of them are complex enough to easily conceal trojan horses or backdoor circuitry installed by parties unknown. The DoD plans to launch a program designed to evaluate the best ways to detect circuit-level and chip-level tampering, but results are still years away.
Keeping China from advancing too far, meanwhile, is still a major concern of the United States. Intel is building a fab plant in Shanghai, but the new facility won't come online with anything like the cutting-edge technology the chip giant deploys in its other facilities. Even allowing Intel to build a facility in Shanghai at all is something of a bend in historical US policy. Current Chinese fabrication technology lags the US by multiple generations, and it's not in our best interest to hand a potential enemy the tools with which we build our own leading-edge equipment.
The bad parts flowing into the military's hands now aren't being modified in clean rooms; rather, they're being stripped off old boards in China's back alleys, doctored cosmetically, and passed off as new, military-grade components. The difference between true military-grade parts and the commercial-grade chips that are actually shipping out is non-trivial. In many cases, military-grade components are exposed to prolonged environmental stressors that commercial components are not designed to deal with, including extreme fluctuations in temperature and humidity. It's absolutely critical that components remain durable and functional under such conditions, as having the radar on one's F-15 suddenly fail is considered slightly more hazardous than, say, the failure of one's cellular phone.
Component failure reports from defense contractors worldwide, including Boeing, Raytheon, BAE, Northrop Grumman, and Lockheed, however, suggest that sufficient verification of part authenticity is no longer taking place, and investigations have turned up a significant number of counterfeit parts, sometimes installed in mission-critical systems. The culprit, in this case, is price. In the name of cost-cutting, the federal government has stripped away many of the authorization and authentication procedures that once defined federal purchasing and replaced them with a system that rewards the penny-pincher who can find the cheapest products.
Posted by Steve Douglass at 5:42 AM