• D.C.
  • BXL
  • Lagos
  • Riyadh
  • Beijing
  • SG
  • D.C.
  • BXL
  • Lagos
Semafor Logo
  • Riyadh
  • Beijing
  • SG


Ex-FBI officials lay out security demands for companies to get billions in chips funding

Updated Mar 10, 2023, 10:17am EST
techbusinesspoliticssecurity
Dall-E
PostEmailWhatsapp
Title icon

The Scoop

A group of former FBI agents, intelligence analysts, and military officials is calling on the White House to add new security requirements for companies seeking part of $50 billion in new funding to bolster the U.S. chips industry.

In a letter sent to White House officials on Tuesday, including National Security Advisor Jake Sullivan, the authors said their aim is to prevent hackers and U.S. adversaries from adding backdoors into the tiny devices that power everything from fighter jets to power windows. And they want some of the $11 billion for research and development in the CHIPS Act to be allocated to studying new, cutting-edge semiconductor security.

“Like other consumer protections, such as seatbelts in cars and labels on foods, the government can establish guidelines that industry must follow to keep our citizens safe,“ they wrote in the letter reviewed by Semafor. “If a bad actor hijacks a chip, there is no software that can stop them.”

AD

The authors of the letter include Michael Lumpkin, former acting under secretary of defense for policy, and Leo Taddeo, a former senior FBI official who is now CEO of cybersecurity firm Appgate, as well as Peter Levin, the former Chief Technology Officer of the U.S. Department of Veterans Affairs and is now CEO of Amida Technology Solutions.

While semiconductor manufacturers already implement security features and controls that track every step of development, the letter’s authors say the U.S. should create a certification process by 2026 to ensure chips used in critical infrastructure and national security are hardened against attacks.

Title icon

Reed’s view

Concerns over semiconductor security can be divided into two broad categories. The first is when somebody or some entity secretly adds some tiny, physical device to a chip at some point along the supply chain in order to exploit it later.

AD

The second category is when the would-be hackers find a way to add some kind of vulnerability to the code inside the chip itself. That would happen earlier in the process, either by infiltrating the company that designs the chip or the firm that takes those designs and physically makes the chip.

National security experts will tell you both of these things are happening, but there isn’t any definitive proof that’s been made available to the public.

Regardless, in the long run, allocating money to chip security will have a great return on investment, both for the U.S. government and for U.S. companies.

AD

Imagine if we could go back to the 1970s and 1980s — when the U.S. government was building out the backbone of the internet — and allocate $1 billion toward researching security in internet protocols. That would have had a better return for taxpayers than buying Apple stock.

By 2016, the cost to the U.S. economy of neglecting security when internet protocols were originally conceived was conservatively estimated at $109 billion a year. And it’s probably a lot more.

We know how the government usually works. People warn of potential catastrophes and explain how to prevent them. They are ignored. Decades later, the catastrophe happens and the government springs into action.

The CHIPS Act is an opportunity to break that cycle, at least in this one area.

Unsplash/Laura Ockel
Title icon

Know More

The U.S. pioneered the development of semiconductor technology, giving it a massive advantage in the Cold War space race, military technology, and in the growth of the technology industry. But now, the technology is as much a liability as it is an advantage.

For decades, most U.S. chip companies have outsourced the physical manufacturing of the devices, including those destined for high-tech military technology in fighter jets, tanks, and similar products

In recent years, concerns have mounted that enemies of the U.S. could exploit the supply chain and secretly compromise the chips in subtle ways that would be difficult to detect.

Worries about semiconductors came to a head during the global pandemic, when demand for consumer electronics surged and supply constraints crippled companies, including automakers. China’s aggression toward Taiwan, where most advanced chips are manufactured, added to worries that the outsourcing of chip manufacturing was a national security liability.

Those concerns led to the CHIPS act, which provides government subsidies to help diversify the semiconductor supply chain, bringing the fabrication of the devices back to the U.S. and allied countries.

Since the CHIPS Act passed last year, the Commerce Department has been adding new strings to the bill aimed at bringing semiconductor manufacturing back to the U.S., including requirements that companies offer affordable childcare to certain workers and use union labor.

Title icon

Room for Disagreement

Joe Grand, known in the hacking world as “Kingpin,” is one of a small handful of elite (and fun) hardware hackers in the world. He argues that, while the proposal is a good start, there are practical challenges to this proposal, including how to ensure technical countermeasures are being implemented properly.

“There are only a handful of people in the world that I know of who can hack silicon at a chip level without a huge conspiracy throughout an entire factory,” Grand said. “There are so many pieces and complexity to chip fabrication that one person isn’t just going to be able to go in and make a change.”

He also noted that protecting against chip-level attacks is going to take years because of the time it will take to create and then build solutions into silicon production.

Title icon

The View From the semiconductor industry

It’s already prohibitively expensive and complicated to jumpstart the semiconductor industry in the United States. That’s why American chip companies gave up their “fabs” a long time ago.

Without concrete evidence that this type of hack has happened or that it’s possible, there’s an argument to be made that restrictions around security will only slow the process of reshoring semiconductor manufacturing — which is already going to take years. The clock is ticking as tensions with China rise, which may threaten the supply of chips if China invades or blockades Taiwan.

Title icon

Notable

  • Bloomberg’s controversial 2018 article about chip security, headlined “The Big Hack,” kicked off a debate about whether semiconductor hacks were a real thing. Critics in the security industry panned the article and tech companies like Apple denied it had ever happened. Bloomberg stuck by the reporting. The story remains a permanent exclusive, and the backstory is one of tech journalism’s great mysteries.
AD