Trusted Access to Microelectronics

Trusted Access to Microelectronics

Addressing DoD’s Unique Issues of Accessibility, Integrity, and Confidentiality of Microelectronics

 

TAMSlideTed Glum, Member of the Board of Directors, Potomac Institute for Policy Studies

 

With all the current emphasis on the supply chain issues for microelectronics, as well as the CHIPS Act’s attempt to re-shore production, it is worth considering the unique needs of the US Department of Defense (DoD). The DoD needs access to both commercial-off-the-shelf (COTS) microelectronics and trustworthy devices for its weapon systems and operations. The US military has long depended on electronics, and modern defense systems increasingly rely on the superior performance of microelectronics to sense, decide, adjust, control, and act. Whereas in the past, the best defense was to have the most firepower and best armor, now a modern defense depends on superior microelectronics.

This dependence is why the US DoD has long been concerned with “trusted access” to microelectronics. Trust means different things in different contexts, but here we adopt an inclusive understanding of trusted access in three dimensions:

  • Accessibility refers to the ability to obtain and use the required microelectronics when needed. For example, in wartime, the Department might need to produce many weapon systems rapidly. Production delays due to microelectronics supply limitations would operationally compromise the military.
  • Integrity refers to the trust that the microelectronics serve their intended functions and that no other functionality such as a kill switch, backdoor, or data capture was inserted covertly.
  • Confidentiality of the microelectronics relates to trust that competitors and adversaries cannot glean information to compete with or defeat a system based on their knowledge of the design or type of microelectronics. This dimension of trust includes security against major vulnerabilities such as rival access to proprietary or classified knowledge of a microelectronic part’s intended use (or even the customized design of those parts).

Critical infrastructure industries, such as companies involved in the electric power grid, cloud services, and banking, are concerned with trusted microelectronics to ensure the integrity and reliability of their systems. Producers and consumers of commercial products, such as automobiles, similarly have an interest in the accessibility and integrity of their constituent electronics, if not also confidentiality. But the military has a particular interest in a high level of trust across all three dimensions because adversaries are motivated to attack these attributes. Thus, microelectronics used in all these areas need reliable access to trusted parts with the assurance of some degree of accessibility, integrity, and confidentiality of the supply.

The COVID pandemic highlighted the vast regional concentration of microelectronics production in Asia, exposed the fragility of the microelectronics supply chain, and revealed the vulnerability of microelectronics parts to malicious intent. Recently, there has been much focus on the fact that a large percentage of the microelectronics used in the US, including by the DoD, are manufactured, assembled, and tested overseas. While the CHIPS portion of the CHIPS and Science Act of 2022 will attempt to re-shore American microelectronics manufacturing, it will not automatically guarantee access to trusted microelectronics. American fabrication alone will not ensure that microelectronics are free of defects, malware, inserts, or spyware.

The Department has a long history of providing support and services to DoD industrial suppliers to ensure that microelectronics are trusted, as defined in this paper. The program, generally known as the Trusted Foundry program, has evolved over time, addressing the issue of trust for parts over the entire range of the microelectronic supply chain (design, fabrication, packaging, and testing) to include guaranteed access, integrity, and confidentiality. The program’s name, the Trusted Foundry program, is a misnomer because the program goes far beyond foundry services and has led to confusion over what this program provides and the gaps (including those in the CHIPS Act) that it hopes to fill.

 

See full Article PDF here