Old Trick Threatens the Newest Weapons
http://www.nytimes.com/2009/10/27/science/27trojan.html?8dpc=&pagewanted=all Old Trick Threatens the Newest Weapons By JOHN MARKOFF Published: October 26, 2009 Despite a six-year effort to build trusted computer chips for military systems, the Pentagon now manufactures in secure facilities run by American companies only about 2 percent of the more than $3.5 billion of integrated circuits bought annually for use in military gear. That shortfall is viewed with concern by current and former United States military and intelligence agency executives who argue that the menace of so-called Trojan horses hidden in equipment circuitry is among the most severe threats the nation faces in the event of a war in which communications and weaponry rely on computer technology. As advanced systems like aircraft, missiles and radars have become dependent on their computing capabilities, the specter of subversion causing weapons to fail in times of crisis, or secretly corrupting crucial data, has come to haunt military planners. The problem has grown more severe as most American semiconductor manufacturing plants have moved offshore. Only one-fifth of all computer chips are now made in the United States, and just one-quarter of the chips based on the most advanced technologies are built here, I.B.M. executives say. That has led the Pentagon and the National Security Agency to expand significantly the number of American plants authorized to manufacture chips for the Pentagonbs Trusted Foundry program. Despite the increases, semiconductor industry executives and Pentagon officials say, the United States lacks the ability to fulfill the capacity requirements needed to manufacture computer chips for classified systems. b The department is aware that there are risks to using commercial technology in general and that there are greater risks to using globally sourced technology,b said Robert Lentz, who before his retirement last month was in charge of the Trusted Foundry program as the deputy assistant defense secretary for cyber, identity and information assurance. Counterfeit computer hardware, largely manufactured in Asian factories, is viewed as a significant problem by private corporations and military planners. A recent White House review noted that there had been several b unambiguous, deliberate subversionsb of computer hardware. b These are not hypothetical threats,b the reportbs author, Melissa Hathaway, said in an e-mail message. b We have witnessed countless intrusions that have allowed criminals to steal hundreds of millions of dollars and allowed nation-states and others to steal intellectual property and sensitive military information.b Ms. Hathaway declined to offer specifics. Cyberwarfare analysts argue that while most computer security efforts have until now been focused on software, tampering with hardware circuitry may ultimately be an equally dangerous threat. That is because modern computer chips routinely comprise hundreds of millions, or even billions, of transistors. The increasing complexity means that subtle modifications in manufacturing or in the design of chips will be virtually impossible to detect. b Compromised hardware is, almost literally, a time bomb, because the corruption occurs well before the attack,b Wesley K. Clark, a retired Army general, wrote in an article in Foreign Affairs magazine that warns of the risks the nation faces from insecure computer hardware. b Maliciously tampered integrated circuits cannot be patched,b General Clark wrote. b They are the ultimate sleeper cell.b Indeed, in cyberwarfare, the most ancient strategy is also the most modern. Internet software programs known as Trojan horses have become a tool of choice for computer criminals who sneak malicious software into computers by putting it in seemingly innocuous programs. They then pilfer information and transform Internet-connected PCs into slave machines. With hardware, the strategy is an even more subtle form of sabotage, building a chip with a hidden flaw or a means for adversaries to make it crash when wanted. Pentagon executives defend the manufacturing strategy, which is largely based on a 10-year contract with a secure I.B.M. chipmaking plant in Burlington, Vt., reported to be valued as high as $600 million, and a certification process that has been extended to 28 American chipmakers and related technology firms. b The department has a comprehensive risk-management strategy that addresses a variety of risks in different ways,b said Mitchell Komaroff, the director of a Pentagon program intended to develop a strategy to minimize national security risks in the face of the computer industrybs globalization. Mr. Komaroff pointed to advanced chip technologies that made it possible to buy standard hardware components that could be securely programmed after they were acquired. But as military planners have come to view cyberspace as an impending battlefield, American intelligence agency experts said, all sides are arming themselves with the ability to create hardware Trojan horses and to hide them deep inside the circuitry of computer hardware and electronic devices to facilitate military attacks. In the future, and possibly already hidden in existing weapons, clandestine additions to electronic circuitry could open secret back doors that would let the makers in when the users were depending on the technology to function. Hidden kill switches could be included to make it possible to disable computer-controlled military equipment from a distance. Such switches could be used by an adversary or as a safeguard if the technology fell into enemy hands. A Trojan horse kill switch may already have been used. A 2007 Israeli Air Force attack on a suspected partly constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not respond to the Israeli aircraft. Accounts of the event initially indicated that sophisticated jamming technology was used to blind the radars. Last December, however, a report in an American technical publication, IEEE Spectrum, cited a European industry source in raising the possibility that the Israelis might have used a built-in kill switch to shut down the radars. Separately, an American semiconductor industry executive said in an interview that he had direct knowledge of the operation and that the technology for disabling the radars was supplied by Americans to the Israeli electronic intelligence agency, Unit 8200. The disabling technology was given informally but with the knowledge of the American government, said the executive, who spoke on the condition of anonymity. His claim could not be independently verified, and American military, intelligence and contractors with classified clearance declined to discuss the attack. The United States has used a variety of Trojan horses, according to various sources. In 2004, Thomas C. Reed, an Air Force secretary in the Reagan administration, wrote that the United States had successfully inserted a software Trojan horse into computing equipment that the Soviet Union had bought from Canadian suppliers. Used to control a Trans-Siberian gas pipeline, the doctored software failed, leading to a spectacular explosion in 1982. Crypto AG, a Swiss maker of cryptographic equipment, was the subject of intense international speculation during the 1980s when, after the Reagan administration took diplomatic actions in Iran and Libya, it was widely reported in the European press that the National Security Agency had access to a hardware back door in the companybs encryption machines that made it possible to read electronic messages transmitted by many governments. According to a former federal prosecutor, who declined to be identified because of his involvement in the operation, during the early b80s the Justice Department, with the assistance of an American intelligence agency, also modified the hardware of a Digital Equipment Corporation computer to ensure that the machine b being shipped through Canada to Russia b would work erratically and could be disabled remotely. The American government began making a concerted effort to protect against hardware tampering in 2003, when Deputy Defense Secretary Paul D. Wolfowitz circulated a memorandum calling on the military to ensure the economic viability of domestic chipmakers. In 2005, the Defense Science Advisory Board issued a report warning of the risks of foreign-made computer chips and calling on the Defense Department to create a policy intended to stem the erosion of American semiconductor manufacturing capacity. Former Pentagon officials said the United States had not yet adequately addressed the problem. b The more we looked at this problem the more concerned we were,b said Linton Wells II, formerly the principal deputy assistant defense secretary for networks and information integration. b Frankly, we have no systematic process for addressing these problems.b
participants (1)
-
Eugen Leitl