General Michael Hayden, the retired Director of the CIA and National Security Agency, once deemed hardware hacking “the problem from hell.” And many purport he was right. With today’s global economy, manufacturers can never be sure if the hardware and firmware they are putting into systems such as planes, nuclear power plants or electrical grids have been compromised.
To make matters worse, today’s testing methods have significant shortcomings and can be extremely expensive and unscalable, leaving the potential for widespread damage to our critical infrastructure and threatening our national security.
We can build the latest and greatest technology to keep planes safe, stop reactors from overheating and prevent power surges on our grids, but with one corrupt semiconductor coming in from the supply chain, those expensive systems can be rendered useless, or worse, cause grave harm.
Additionally, as computer networks become more and more complex and intricate in their architecture,so, too, are microchips, which opens up nearly limitless opportunities for hardware and firmware hacks. So much effort has been put into stopping software hacking in the past few years, but what about hardware hacking?
While many security professionals are working to figure out how to stop continuing network breaches, hackers are discovering more and more ways to break into hardware — a relatively unprotected attack vector when compared to software, but one which can lead to major problems.
In looking at our defense industry, modern-day military planes like the F-35 Joint Strike Fighter contain thousands of individual chips from the avionics system to payload deployment. Any of these chips have the potential to be tampered with along their lifecycle, whether they are used and relabeled as new, or altered with a backdoor Trojan, compromising the security of essential military devices.
Read the complete report here in the latest issue of Homeland Security Today.
Steven Chen is CEO and founder of PFP Cybersecurity who also founded 4 other companies, including Totus Solution, Inc., and 3eTI, a secure wireless company and an Intel Capital portfolio company.
Gordon England is served as the 29th Deputy Secretary of Defense from January 2006 to February 2009. He previously served as the 72nd and 73rd Secretary of the Navy and as the first Deputy Secretary of the Department of Homeland Security.
