Quick Study

By Brian Robinson

Blog archive

Security concerns persist about microchips used in smart devices

A recent investigation by the Center for Public Integrity and ABC News turned up the fact that microchips and antennas intended for U.S. e-Passports were being manufactured in Thailand—a country currently plagued by political and social unrest which, in turn, creates all kinds of security risks for terrorism and others tampering with the main identification used for crossing U.S. borders.

Sen. Charles Schumer, the New York Democrat who heads the Senate Committee on Rules and Administration, is pressuring the Government Printing Office (GPO), which is in charge of e-Passport production, to bring that chip manufacturing back to the U.S.

GPO complained that no U.S. vendor is up to snuff when it comes to testing these chips for international-standards compliance, but Schumer dismissed that pretty handily. “There are more than 25 companies in the United States — and at least five companies in New York — who possess the capability and knowledge to manufacture the chips,” he told GPO.

This points up what’s likely to be an increasing headache for U.S. government users of technology, given that just about all of the electronics they manipulate now to do their jobs is made overseas, including the chips.

It used to be that Intel, AMD and other chip companies did most of their manufacturing in the United States, but that’s not true anymore. A lot of the design still happens here, but manufacturing and testing is increasingly going abroad, primarily to contract Asian foundries, although Germany could soon be another major source of these chips.

One immediate example of what this could mean for the United States is the momentum that’s gathering to give U.S. soldiers smart phones that they could use in the field. The assumption is that the farther away the chip manufacturing for these phones moves from the United States, the less secure the whole system could be.

That’s even more relevant to the weapons the U.S. military uses, which are increasingly computer- and communications-centric. And that’s led to programs such as DARPA’s Trust in Integrated Circuits, which is looking to develop ways to certify that chips that go into these systems haven’t been messed with by bad people with malicious intent.

Given the cutthroat competition in the electronics markets these days, chip companies are unlikely to pull back from these cheaper foreign manufacturers. But, for the really essential stuff, perhaps Schumer has a point?

 

Posted by Brian Robinson on Jun 16, 2010 at 7:27 PM


Reader Comments

Tue, Jun 22, 2010 Patrick Arnold

Certainly for some vital/high value, devices, and services provenance of design and manufacturing should be a consideration for that system, service or device usage. For most other systems, devices, and services, a strong set of development processes to include a rigorous security development lifecycle (SDLC) should be in place during all phases of development and support. One such recently published example of this discusses our Microsoft Security Development Lifecycle (our SDLC) and the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA). The paper attempts to present how SDL practices and HIPAA requirements intersect in very practical ways by using two common scenarios in the healthcare software ecosystem: a) Developing new software and b) Integrating new software modules or interfaces for a medical environment (to include medical devices). This particular paper can be found here: http://www.microsoft.com/downloads/details.aspx?FamilyID=a471da91-dcbb-4e9a-8b6c-778a79038758&displaylang=en and the Microsoft SDL itself can be found here: http://www.microsoft.com/security/sdl/default.aspx All the best, Patrick Arnold, Trustworthy Computing, Microsoft

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!