There’s a serious cyber warfare problem that may be drawing-in deployed U.S. military and aerospace mission-critical embedded computing systems, and few peple really want to talk about it.
It has to do with a computer chip no bigger than a grain of rice that’s suspected of being surreptitiously installed by Chinese intelligence agencies on embedded servers made by San Jose, Calif-based Super Micro Computer Inc. These tiny chips may be enabling China and other U.S. adversaries to monitor the inner workings of military computers and the data they are processing.
Super Micro embedded computer servers are now, or in the past have been in use by some of the world’s largest corporations, including Amazon and Apple. They also may now, or in the past have been in use by several companies that specialize in real-time mission-critical computing for military and aerospace applications.
Are these Chinese spy chips actually out there today in deployed U.S. military systems? Nobody’s talking. It could represent one of the biggest national security breaches in U.S. history. We need to find out how big the problem is, and how to fix it.
How could this have happened? Super Micro designs these embedded servers in Silicon Valley and Taiwan, yet has them manufactured in China, where assembly lines were infiltrated and spy chips installed on some of Super Micro’s high-performance computer boards. The chips are small, and hard to detect.
How many boards made it into the supply chain with the Chinese spyware? It’s not clear. Exactly where were these boards installed? Also not clear, and the companies using Super Micro embedded server boards are silent on the topic.
Some maintain that all boards and components that go into U.S. military systems be made in America, and everything going into these systems be traceable to authorized U.S. suppliers.
Hasn’t this been happening all along, what with regulations in place like the International Traffic in Arms Regulations (ITAR)? Apparently not. What regulations actually are in place may have allowed one of the biggest foreign intelligence coups against U.S. national security interests ever.
“We believe the DOD [the U.S. Department of Defense] should buy only American-designed, -manufactured and -owned servers from ITAR-approved American suppliers,” said Ben Sharfi, chief executive officer of General Micro Systems in Rancho Cucamonga, Calif., in a commentary he wrote titled “Alleged China spy chips are another wake-up call to buy only American-manufactured servers.”
Christopher Cummins, chief operating officer of Abaco Systems in Huntsville, Ala., says he agrees that buy-American is perhaps the best place to start working these problems out. Cummins penned an article titled “Cyber attack compromises trusted computing, and raises questions about industry’s secure supply chain.”
“As an industry, our need for diligence in this area is paramount,” Cummins wrote. “Abaco Systems doesn’t buy in commercial products and then make them rugged after the fact; we design and build rugged into our products from the ground-up. We manufacture everything ourselves: we don’t subcontract offshore.”
Do Abaco Systems and General Micro Systems have their own business interests to support here? Sure ... but they also have a point. It’s a lot harder for Chinese intelligence to gain access to U.S.-based assembly lines than it is for them to access contract manufacturing lines inside China.
Would there be such a risk to crucial U.S. military technology if the Pentagon had been serious about buying all computer components only from security-certified U.S. manufacturing lines?
It’s imperative for the Pentagon to get to the bottom of this, determine if Chinese spyware is inside any deployed U.S. military computer systems, and rectify the problem, fast. As for the future? It seems obvious that the Pentagon needs to do a better job of relying exclusively on U.S.-manufactured computer systems.