6 November 2017

MICROELECTRONICS SECURITY IN INDIAN DEFENCE MANUFACTURING

Maj Gen PK Mallick, VSM (Retd)

INTRODUCTION

India continues to remain the world's largest arms importer, accounting for 14% of the global imports in the 2011-2015 time frame. India spent Rs. 83,458.31 Crore on arms imports in a matter of three years ending 2013-14. The Modi government in its first year cleared 39 capital procurement proposals, of which 32 proposals worth ₹889 billion (US$14 billion) (or 96% of value of total proposals) were categorized as Buy (Indian) and Buy and Make (Indian). India is planning to set aside about Rs 2,12,843 crore by way of capital expenditure to buy weapons and related military hardware in the next two years.

There are several Indian SMEs that cater to the Defense industry by supplying sub-assemblies and components and providing services like system integration. Under the Make in India initiative, these organizations are set to enhance their manufacturing and development efficiency, thereby contributing to making India self-reliant in defense production

We have nine DPSUs. 41 ordnance factories are spread across 26 different locations and employ close to 1,25,000 people

Whether directly purchased or manufactured in India or totally indigenous production there are a very large percentage of hardware and softwares which are of foreign origin. For example In the indigenously made Tejas fighter aircraft and the BrahMos missiles there will be imported parts. There is an urgent need to analyse and evaluate the security aspects of microelectronic devices in our defence equipments : both imported and indigenously manufactured. The existing supply chain management of these devices and chips needs to be addressed.

Microelectronics

At the end of the 20th century the market for personal computers dominated demand for integrated circuits. This has begun to flatten as demand migrates to other devices, including those that are part of the internet of things. This drives the microelectronics industry to search for new markets, and to restructure itself to serve those markets profitably. New segments generating significant demand are cloud computing, big data and artificial intelligence, which are increasing demand for servers and data centers and social media in which companies like Facebook and YouTube want to store, manage and process massive volumes of data as quickly and cost-efficiently as possible. Other emerging segments include medical, industrial, automotive and the previously mentioned internet of things.

Microelectronics use tiny components, micro or nano-scale, to manufacture electronics and terminology in this area can get confusing. Microelectronics can be considered a broad category within which falls surface-mounted technologies — think motherboards and printed circuit boards — and semiconductor integrated circuits, which, along with other components, are assembled onto circuit boards to create complex assemblies that are then integrated into products, in many cases with software that gives function to a computer

Adding another level of complexity, an integrated circuit that integrates all components of a computer or other electronic systems into a single integrated circuit is known as a system-on-chip. The advancing technology is quite complex, with systems-on-chip and sophisticated components dominating the semiconductor and microelectronics market. Advanced semiconductor design uses electronic design automation that enables the modular design of circuits that contain billions of transistors. The trend is toward the integration of complete electronic systems onto a single chip, reducing cost, size and power consumption while increasing performance. 

The Armed Forces are highly reliant on acquiring customized and commercial off-the-shelf computers, communications equipment, integrated circuits, application software, and other information communications.

Modern weapons systems have depended on microelectronics since the inception of integrated

circuits over fifty years ago. Today, most electronics contain programmable components of ever

increasing complexity. Electronics provide capabilities that are critical to defence requirements and the effectiveness and lethality of weapons systems are increasingly dependent upon the electronics subsystems they employ. Since the Second World War days the speed of a naval warship has not increased much, the technology of the air frame of a fighter aircraft or a tank has improved but the rate of change is nothing compared to electronics field being embedded in these platforms. In the case of aircraft, for example, avionics, multifunctional displays, communication control panels and related electronic systems and components have spread throughout the airframe, not only to improve performance and mission capabilities, but also to reduce acquisition and operating costs. Solid-state, modular electronics, and other innovations such as "fly-by-wire" and "fly-by-light" flight controls, have replaced some of the conventional components, thereby eliminating the huge amount of wiring, hydraulic hoses and steel cables found on previous generations of aircraft. 

Because system configurations typically remain unchanged for very long periods of time, compromising microelectronics can create persistent vulnerabilities. Exploitation of vulnerabilities in microelectronics and embedded software can cause mission failure in modern weapons systems. Integrated circuits in microelectronics are used in everything from cruise missiles to drones and classified computer systems. Building a kill switch into a computer chip could mean embedding as few as 1,000 transistors hidden throughout the hundreds of millions that are already in the original design. It could shut down a radar system, steer a missile off course, or cause an airplane engine to fail catastrophically. Beginning with radar and data processing, microelectronics has underpinned every military and national security system. It is not an exaggeration to say that national security depends on these tiny devices.

The tremendous demand for smart weapons and stronger military systems along with the emergence of cyber terrorism as well as electronic and information warfare have changed the design requirements for military related electronic sensors and systems. Nowadays, the radical extremists and adversaries try to cyber murder and kill these systems at software and/or hardware level and perform operations, such as cyber espionage, subverting the routing path and targeting point of a launched missile or sabotaging the manufacturing process of chemical, biological, radiological, and nuclear (CBRN) weapons. The architect of an attack can be an insider traitor or outsider criminal, and his/her position can be in any stage of the software and/or hardware design and development. In this regard, the defense companies are required to provide the missiles, the aircraft fighters, and any other military-related products with the highest level of safety and quality standards.

Hardware Vs Software. For all the attention paid in recent years to cybersecurity, it remains largely software focused, both in terms of the techniques employed and the expertise of the people and companies working in the field. This is a blind spot; hardware represents a gaping and exploitable hole in the current approach to cybersecurity. While software cybersecurity remains critically important, a complete cybersecurity strategy now requires consideration of hardware as well. Hardware is an especially critical part of this puzzle. Compared with software, hardware vulnerabilities are harder to detect, more destructive, and harder to repair.

Hardware based cyberattacks are : 

Harder to conduct than software attacks, since far fewer people have the necessary skills and access 

Harder to defend against, since replacing corrupted hardware can be extremely difficult and expensive

It does not mean that hardware cybersecurity will require the same level of effort and expense that has been directed to software cybersecurity. Software has always been, and will remain, the more significant vulnerability. But the commonly held view that software is the only vulnerability is out of step with the reality of how today’s systems are designed and built. At the 2011 Aspen Security Forum, retired Gen. Michael Hayden, who formerly headed both the CIA and NSA, said with respect to compromised hardware, “Frankly, it’s not a problem that can be solved . . . This is a condition that you have to manage”.

Malicious Insertion And The Exploitation Of Latent Vulnerabilities. Insertion of a malicious microelectronic vulnerability via the supply chain can occur at any time during production and fielding of a weapons system or during sustainment of the fielded system. No matter where an attack occurs in the lifecycle of the system, an attacker seeking to exploit a maliciously inserted vulnerability must execute each step in the kill chain:

Intelligence and planning: gathering information on target system and suppliers to develop supply chain attack vector.

Design and create: developing malicious hardware or software for insertion into target supply chain. May be done in an attacker-owned facility or by an insider in a legitimate facility.

Insert: incorporating malicious hardware or software into target system through its supply
chain.

Achieve effect: actuating and operating malicious hardware or software to achieve an effect.

Exploitation via malicious insertion has, however, been confirmed in the commercial sector. Prominent recent examples include Volkswagen’s insertion of a “defeat device” to thwart emissions testing and insertion of embedded code into Juniper® routers.

As chips have gotten more complex and design teams have grown larger and more globalized, the opportunities to insert hidden malicious functionality have increased.. The prudent question, therefore, is not “will intentionally compromised hardware will end up in the defense electronics supply chain?” but “how do we maintain security when it inevitably does?” 

A cyberattack launched using a chip containing compromised circuits could: 

Exfiltrate data while making the chip appear to function normally. 

Corrupt data within the chip.

Stop the chip from functioning.

Design corruption is a very real, growing threat for multiple reasons: 

The laws of statistics guarantee that there are people with the skills, access, and motivation to intentionally compromise a chip design

A skilled attacker could compromise a design in a manner minimizing the chance of detection.

The threat of attribution is not a sufficiently strong disincentive.

A skilled attacker could introduce a flaw with plausible deniability.

An attacker could afford to cast a wide net, knowing that only a tiny fraction of the corrupted chips would end up in systems of interest.

Supply Chain Management

The security and integrity of defence electronic systems is challenged by the presence of counterfeit integrated circuits (ICs) in the supply chain. Counterfeiters use a variety of easy and inexpensive techniques to recycle discarded ICs, alter them and reintroduce them to the supply chain for profit. These parts have questionable reliability and may not function as specified. The failure of a fielded defence system due to the presence of a counterfeit IC can jeopardize the success of a mission and put lives at risk. Chip design has become so globally interconnected that, for all but the most narrowly tailored applications and systems, there is no longer any economically practical way to avoid complex international supply chains.

Overview Of The Cyber Supply Chain Landscape. The supply chain for microelectronics parts is complex, involving multiple industry sectors. By the time a defense system is fielded, microelectronic components in that system are likely to be obsolete and may be unavailable from the original equipment manufacturer (OEM) or its sub-tier suppliers. This may force the government to purchase from distributors where pedigree is less secure and provenance is more difficult to track. Furthermore, the longer a system is in the field with the same microelectronic parts and embedded software, the more likely it is that adversaries will be able to gain system information and to insert or discover vulnerabilities. 

The supply chain is almost completely unprotected against a threat that may turn out to be more significant in the long term: Chips could be intentionally compromised during the design process, before they are even manufactured. If placed into the design with sufficient skill, these built in vulnerabilities would be extremely difficult to detect during testing. And, they could be exploited months or years later to disrupt or exfiltrate data from a system containing the compromised chip.


Of course ensuring supply chain management in today’s world would be next to impossible. Take the example of a simple desk top computer. Its Liquid Crystal Display may have come from China, Czech Republic, Japan, Poland, Singapore, Slovak Republic, South Korea, Taiwan; Memory from China, Israel, Italy, Japan, Malaysia, Philippines, Puerto Rico, Singapore, South Korea, Taiwan, United States; Processor from Canada, China, Costa Rica, Ireland, Israel, Malaysia, Singapore, United States, Vietnam; Mother Board from Taiwan and Hard Disk Drive from China, Ireland, Japan, Malaysia, Philippines, Singapore, Thailand, United States. How do you ensure that there is no embedded malware in any of these hardwares?

Best Practices

The problem is universal. Examining some of the best practices of the advanced countries of the world should help. Let us see how USA copes up with this issue.

USA has to figure out a way to stay ahead of this threat and provide the Department of Defense and the intelligence community with a stable domestic supply chain while maintaining a leading edge on microelectronic devices that have no commercial demand. USA must also do more to collaborate with the private sector and develop innovative ways around this problem. Once dominated by domestic sources, microelectronics manufacturing is now largely conducted outside the U.S, primarily in Asia, and largely focused on high-volume production and short life cycles driven by demand for customer electronics. In contrast, DOD requirements for microelectronics tend to be low volume, with unique requirements, that generally are needed for very long periods because weapon systems are often sustained over decades.

DOD developed the Trusted Supplier Program as part of its overall Trusted Defense System Strategy. This strategy focuses on assessing DOD programs for their vulnerabilities and developing policies for requiring trust, meaning all the people and processes used to design, manufacture, and distribute national security critical components must be assessed for integrity. In 2006, DOD began expanding the number of trusted suppliers through an accreditation process, but only one, IBM, had the capabilities to provide leading-edge technologies that meet their needs. In July of 2015, Global Foundries purchased IBM’s U.S.-based Trusted Foundry, creating concerns associated with the Department’s reliance on a sole source and single-qualified IBM-based technology component. These components are designed specifically for and used in many of DOD’s major defense acquisition programs.



DoD’s strategy to ensure that critical and sensitive electronics remain viable includes :

Protection of microelectronics designs and intellectual property;

Aadvanced hardware analysis capabilities; 

Physical, functional, and design verification and validation

A new trust model that leverages commercial state-of-the-art capabilities. 

While understanding and attempting to assure the integrity of the supply chain is critical, at the end of the day, designers and system developers need to convince themselves that the delivered electronic products will actually function as advertised, for the length of time needed by the mission, under the conditions expected, and be free from tampering or malicious content. To do so requires rigorous testing and a well-designed certification scheme. Maintaining and assuring the complete integrity of the supply chain is difficult because of the complexity and interconnectedness of the supply chain elements. Items include the raw materials, development tools, facilities and their integrity (production and storage), and the complex machines used to produce parts and their associated programming. The supply chain, and the ability to assure its integrity, becomes a very important issue for weapon system developers and electronic component manufacturers. 

Critical components may be comprised of software, firmware, or hardware, whether specifically designed for DOD or commercially sourced. The protection of critical components is addressed through secure engineering designs and architectures, supply chain risk management practices, software and hardware assurance activities, and antitamper techniques. The Department is deploying business intelligence tools utilizing big data principles to leverage the latest technologies and analysis techniques. This will allow DOD to engage proactively in the future to ensure that they have access to commercially driven technologies that maintain the military advantage on the battlefield.

Access to design information is very important to the ability to cost effectively perform independent verification of microelectronic components. If these files and other design information are delivered to the government as one of the deliverables in a contract, the time and cost to verify these components can be minimized. The term ‘‘acquire to verify’’ has been coined to promote this idea. 

Obtaining trusted and trustable leading-edge microelectronics is critical to maintaining the U.S. military’s technological advantage. As foreign sources of integrated circuit design and manufacturing capabilities increase their presence in the defense supply chain, the defense industry faces increasing challenges to obtain critical electronic components both in acquisition and sustainment phases.

This is a challenge that needs to be met head-on and will not go away. The funding necessary to develop a parallel, defense-centric, and completely isolated source of electronics for military applications is unimaginable and simply not available. The defense community must adopt practices that allow it to assure itself of trusted sources of supply in what amounts to a foreign-dominated and contested environment

Conclusion

India has a huge import bill for its defence needs. The DPSUs also manufacture lot of equipments including aircrafts and warships. Most of the electronic components are imported. One can easily visualize a situation like the following :

In a war with China in a critical situation some of our major platforms/ weapon systems malfunction .

We are at war with Pakistan. USA wants us to stop the campaign we don’t want to do. Suddenly some of our critical infrastructure or weapon platforms stop functioning. 

In the open domain not much information is available as to how India plans to overcome the microelectronics vulnerabilities. It will be prudent to start thinking on these lines, if not already done.

No comments: