Operation Orchard – Syria is about to go nuclear, then somebody turned off the air defense radar & Israeli jets are inbound to target. This is September 6, 2007, not all that long ago. One moment the reactor is there, the next moment a hole in the desert. Go figure! Is it just coincidence that Syrian air defense radar malfunctions?
Counterfeit microchips can have a disruptive and debilitating impact on your operations. No vertical is immune – military, medical device, automotive, consumer industries, high-tech – if it has a microchip in it, odds are some of them are bogus. This briefing introduces microchip cyber-espionage (the Syrian case) and how criminals and unscrupulous competitors have the means, motive and opportunity to disrupt your supply chain.
My full paper is now available “We Have Crossed Into Syrian Airspace: an Allegory On Microchips, Espionage & Economic Warfare.”
The first years of the 21st century has seen more than a few surprises. Those “black swans,” the things that weren’t supposed to happen, well they did. Would you like a list: credit default swaps and sub-primes, Hurricane Katrina, lead in the supply chain, melamine in milk and cat food, and “kill switches” that black out Syrian radar, counterfeit microchips in the Space Shuttle?
The problem of counterfeit microchips brings law enforcement, risk professionals, supply chain experts, quality and performance people, and manufacturing together – probably the only people who don’t have a stake in this are the people who organize your annual corporate picnic.
Welcome to the black art of cyber warfare where Trojan horses, “trap doors” and “kill switches” can waste a product line or a radar system. The threat can come from Mom & Pop criminals that literally assemble counterfeits at their kitchen table to nation-states with sophisticated intelligence services.
A microchip can contain billions of transistors and we readily admit there is no way to test this “code” to determine if it has been contaminated. Back in the old days (before globalization?) we built a microchip to strictly perform its advertised function – no funny business with malware or any of that crud. It is deterministic, locked into a predictable path. The only thing that is probabilistic about it is its odds of failing over a given timeframe. These microchips were really complicated entities. Think of them as tiny little cities of “agents” running around doing path dependent operations, all nicely engineered and pre-determined. Because the chip is, in effect another form of software.
Congress is now debating the threat of counterfeit microchips in the defense logistics pipeline. And yes it is a threat. But what about the private sector? What would strategically placed “too small to notice, but certain to fail” microchips do to key safety systems in automobiles? Reputations are built in inches per year and lost in feet per second. Of course no one would be so despicable as to deliberately sabotage a competitor merely to gain market share….right?