Purposefully manufactured vulnerabilities in U.S. government technology microchips: risks and homeland security implications

Loading...
Thumbnail Image
Authors
Perera, George
Subjects
cyber
cybersecurity
hardware
hardware security
microchip security
supply chain security
hardware vulnerability
back door
Miami-Dade Police Department
Advisors
Rollins, John
Date of Issue
2012-12
Date
Dec-12
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Government at all levels, industry, military and critical infrastructure, may be at risk due to purposeful manipulation of micro-processing chips during the manufacturing process. Many microchips intentionally provide remote access to allow for monitoring and updating firmware. However, a remote access capability also introduces a vulnerability, which allows others to potentially take control of a system and shut it down remotely, spy, or remove data. If this is in fact occurring, the implications to the national and homeland security could be significant. It does not appear that there are currently policies and processes to identify purposefully manufactured vulnerable micro processing chips. Should it be determined that vulnerabilities do in fact exist, a federal government-led effort is needed to identify the entities producing these chips; to assess possible intentions of these actors; inventory hardware that is in use, which may have been compromised; and, finally, to pursue the development of a remediation strategy. Additionally, the current supply chain process will have to be re-examined to mitigate current and future concerns. Therefore, in 2012, the Government Accounting Office recommended that the Department of Homeland Security (DHS) create and implement a cyber security supply chain vulnerability policy. This policy will assist the federal, state, and local governments, as well as private sector entities, to develop guidelines for procurement and policy decisions.
Type
Thesis
Description
Series/Report No
Department
National Security Affairs
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Copyright is reserved by the copyright owner.
Collections