“The risk of compromise in the manufacturing process is very real and is perhaps the least understood cyber threat.”
– Former Deputy Secretary of Defense, William Lynn, September 2010
In 2012, Cambridge University researchers announced the discovery of burned-in vulnerabilities on the silicon of high-security chips used widely in defense, financial, and industrial control systems. These backdoors originated in the manufacturing process at industry-leading suppliers, and they permit attackers to disable security, monitor and modify information on the chip, and to permanently damage the device. During the design, manufacturing, and assembly stages of components and finished goods, the integrity of the critical systems is dependent on non-US nationals in countries whose governments may benefit greatly from inserting vulnerabilities into IT hardware. It would be a challenge to design a less secure supply chain.
Cyber security efforts have focused on protecting against insider threats and vulnerabilities in software, but without addressing the foundational vulnerabilities in hardware and the supply chains behind it, those security efforts amount to little more than building castles on a foundation of sand.
Manufacturing Cyber Threat
• Thousands of foreign nationals handle critical systems.
• Hardware and software both highly vulnerable.
• Built-in backdoors, malware undetectable.