Alleged China spy chips are another wake-up call to buy only American-manufactured servers

RANCHO CUCAMONGA, Calif. – The 4 Oct. 2018 Bloomberg article "The Big Hack" alleges that China was able to add tiny spy chips to servers made by Super Micro Computer Inc. in San Jose, Calif. (Supermicro), which has manufacturing facilities in Taiwan.

Oct 17th, 2018
By Ben Sharfi
By Ben Sharfi

RANCHO CUCAMONGA, Calif. – The 4 Oct. 2018 Bloomberg article "The Big Hack" alleges that China was able to add tiny spy chips to servers made by Super Micro Computer Inc. in San Jose, Calif. (Supermicro), which has manufacturing facilities in Taiwan.

These spy chips may have reached almost 30 U.S. companies, including Amazon and Apple. While Supermicro, Amazon, and Apple refute the allegations addressed in the Bloomberg article, we see the report as a wake-up call for the U.S. Department of Defense (DOD) to buy only U.S.-designed and U.S.-made servers from ITAR-approved suppliers. Why?

-- China has repeatedly shown a pattern of coordinated and well-funded attempts to compromise trusted computing by infiltrating, hacking, and disrupting U.S. security, secrets, and infrastructure. China has even declared its intention to defeat the U.S. technology industry by 2040;

-- the DOD routinely buys Taiwanese-made servers and deploys them in mission-, safety-, and security-critical areas; and

-- more attempts will be made; we can be sure of that.

Related: The big hack: how China used a tiny chip to infiltrate U.S. companies and computer servers

If this alleged Supermicro backdoor hardware hack is true, then all of the DOD is compromised. Not only is Supermicro a popular choice for government contracts, it also is the choice of many so-called rugged server suppliers who embed Supermicro boards into their systems. Their products are just as vulnerable, and China will definitely take advantage of every exploit possible.

This is what happens when short-term price dictates DOD buying decisions: pay a little now but surrender America's security and our future. It simply doesn't make sense to buy servers from Supermicro, from China, or Chinese-controlled geographies.

The tiny spy chip outlined in the Bloomberg article allegedly enables the server either to pass data elsewhere or grants control of the server to an unknown entity; this effectively allows Chinese spies to see and use all of the server's data.

In that case, DOD servers -- and those installed into the DOD and the U.S. military by contractors using Chinese servers or servers from U.S. companies that contain Chinese servers -- are suspect.

Related: Cyber attack compromises trusted computing, and raises questions about industry's secure supply chain

We believe the DOD should buy only American-designed, -manufactured and -owned servers from ITAR-approved American suppliers such as General Micro Systems. GMS designs its 1U and 2U rackmount servers using American industry standards, using GMS-designed schematics, and GMS-developed and owned BIOS software.

The COTS movement has made leading-edge technology like servers appear to be inexpensive, but America's security should not be sold out for a low-cost server. Don't buy Chinese or Taiwanese servers. Buy ITAR-approved and buy American.

Ben Sharfi is chief executive officer of General Micro Systems in Rancho Cucamonga, Calif., a supplier of high-performance embedded computing products. Contact General Micro Systems online at www.gms4sbc.com.

Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos

More in Computers