By John Keller Editor in Chief
An ill-fated U.S. military reconnaissance mission off the coast of China nearly eight years ago still stands as a stark warning that U.S. defense electronics suppliers must get serious about building hardware security into their components and subsystems to provide anti-tamper protection.
On the first of April 2001, a Navy EP-3 aircraft was on a surveillance mission over the South China Sea about 70 miles off the Chinese coast. The EP-3 is designed for signals intelligence to gather information about radar, communications, and other radio frequency emissions. The Navy four-engine turboprop was intercepted by two Chinese J-8 jet fighters –one of which flew so erratically and closely to the EP-3 that the fighter crashed into the reconnaissance plane’s wing and nose. The collision forced the EP-3 to make an emergency landing on the Chinese island of Hainan near Vietnam, destroyed the Chinese fighter, and killed the fighter’s pilot.
Crew members of the Navy EP-3 did everything they could to destroy sensitive equipment aboard their aircraft before Chinese military officials took control of the plane after it landed safely on Hainan Island. Photos show the collision tore off the reconnaissance plane’s nose-mounted radome.
The Chinese government kept the 24-member EP-3 crew for 10 days. More troubling, they kept the EP-3 aircraft and its onboard systems for four months. They returned the aircraft in pieces after undoubtedly going through the aircraft and its onboard systems with a fine-tooth comb. What this so-called Hainan Island Incident tells us is the government and the electronics industry need to do better in developing technologies that hinder or prevent unauthorized tampering with sensitive defense equipment in attempts to learn military secrets or to reverse engineer the electronics, counterfeit it, and sell it later on the black market.
We don’t know everything that the Chinese learned from dissecting the EP-3 and its systems. We do know that we should have made it harder for them to find out what they did. This imperative is even more important in the era of commercial off-the-shelf (COTS) military electronics technology.
COTS electronics vendors have to get on the bandwagon; it isn’t just the government that should be involved with developing and mandating the use of anti-tamper technology that makes its way into military systems. COTS vendors need to make it easy for military systems integrators to use off-the-shelf components and subsystems that are near-impossible to reverse engineer.
There is far more reason for COTS vendors to get involved in anti-tamper technology than doing business with the military.
Industrial espionage is an endemic problem in the advanced-technology field. Counterfeit electronics have become the scourge of high-tech. It’s everybody’s problem, and so everybody ought to be part of the solution. Make it hard to take electronics apart to learn its secrets, and much of the problem of military technology spying and counterfeit electronics goes away.
When COTS companies get serious about anti-tamper technology, they need to do it early in the design process. Try to introduce anti-tamper in existing systems and the costs escalate very quickly. The time to do it is from the beginning of design.
COTS companies also need to approach anti-tamper technology smartly. Too little, and it’s not effective. Too much, and it’s too expensive. Maybe a layered approach is the best way. This approach would protect the system rack, chassis, and modules to make reverse engineering as difficult as possible.
It’s going to take teamwork to make this happen. The longer our industry waits, the more costly and difficult it will be to introduce anti-tamper technology, and the more damaging it will be from the spreading contagion of counterfeit parts.