Quick Study

By Brian Robinson

Blog archive

Security concerns persist about microchips used in smart devices

A recent investigation by the Center for Public Integrity and ABC News turned up the fact that microchips and antennas intended for U.S. e-Passports were being manufactured in Thailand—a country currently plagued by political and social unrest which, in turn, creates all kinds of security risks for terrorism and others tampering with the main identification used for crossing U.S. borders.

Sen. Charles Schumer, the New York Democrat who heads the Senate Committee on Rules and Administration, is pressuring the Government Printing Office (GPO), which is in charge of e-Passport production, to bring that chip manufacturing back to the U.S.

GPO complained that no U.S. vendor is up to snuff when it comes to testing these chips for international-standards compliance, but Schumer dismissed that pretty handily. “There are more than 25 companies in the United States — and at least five companies in New York — who possess the capability and knowledge to manufacture the chips,” he told GPO.

This points up what’s likely to be an increasing headache for U.S. government users of technology, given that just about all of the electronics they manipulate now to do their jobs is made overseas, including the chips.

It used to be that Intel, AMD and other chip companies did most of their manufacturing in the United States, but that’s not true anymore. A lot of the design still happens here, but manufacturing and testing is increasingly going abroad, primarily to contract Asian foundries, although Germany could soon be another major source of these chips.

One immediate example of what this could mean for the United States is the momentum that’s gathering to give U.S. soldiers smart phones that they could use in the field. The assumption is that the farther away the chip manufacturing for these phones moves from the United States, the less secure the whole system could be.

That’s even more relevant to the weapons the U.S. military uses, which are increasingly computer- and communications-centric. And that’s led to programs such as DARPA’s Trust in Integrated Circuits, which is looking to develop ways to certify that chips that go into these systems haven’t been messed with by bad people with malicious intent.

Given the cutthroat competition in the electronics markets these days, chip companies are unlikely to pull back from these cheaper foreign manufacturers. But, for the really essential stuff, perhaps Schumer has a point?


Posted by Brian Robinson on Jun 16, 2010 at 7:27 PM

Reader Comments

Tue, Jun 22, 2010 Patrick Arnold

Certainly for some vital/high value, devices, and services provenance of design and manufacturing should be a consideration for that system, service or device usage. For most other systems, devices, and services, a strong set of development processes to include a rigorous security development lifecycle (SDLC) should be in place during all phases of development and support. One such recently published example of this discusses our Microsoft Security Development Lifecycle (our SDLC) and the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA). The paper attempts to present how SDL practices and HIPAA requirements intersect in very practical ways by using two common scenarios in the healthcare software ecosystem: a) Developing new software and b) Integrating new software modules or interfaces for a medical environment (to include medical devices). This particular paper can be found here: http://www.microsoft.com/downloads/details.aspx?FamilyID=a471da91-dcbb-4e9a-8b6c-778a79038758&displaylang=en and the Microsoft SDL itself can be found here: http://www.microsoft.com/security/sdl/default.aspx All the best, Patrick Arnold, Trustworthy Computing, Microsoft

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.