Purposefully Manufactured Vulnerabilities in U.S. Government Technology Microchips: Risks and Homeland Security Implications.

摘要

Government, industry, the military, and critical infrastructure may be at risk due to the purposeful manipulation of micro-processing chips during the manufacturing process. Many microchips intentionally provide remote access to systems to allow for monitoring and updating firmware. However, remote access capability also introduces vulnerability. An unauthorized person could take control of a system remotely and shut it down, spy on it, or remove data. If this is occurring, the implications to national and homeland security could be significant. Currently there are no policies and processes to identify purposefully manufactured vulnerable micro-processing chips. If it is determined that vulnerable microchips do exist, a federal government-led effort will be needed to do the following: identify the entities producing these chips, assess the intentions of these entities, inventory vulnerable microchips that are in use, and pursue the development of a remediation strategy. Furthermore, the current supply chain process will have to be reexamined to mitigate current and future concerns. In 2012, the Government Accounting Office recommended that the Department of Homeland Security (DHS) create and implement a cybersecurity supply chain vulnerability policy. This policy will assist federal, state, and local governments, as well as private sector entities, in developing guidelines for microchip manufacturing.