Hardware Hacking

  • majorbloodnock (8/9/2011)


    Another thought. You're suggesting that the US require that chip manufacturers divulge their plans and plants to the government. What if they don't? Would they be shut down? If so, how is that different from a Far Eastern country applying similar pressure for slightly different ends?

    I would assume this would follow the precedence of many other government contractors. If you don't meet their requirements you don't get government contracts and that's where that ends. Just like if you were doing business with a private company, only with more requirements and jumping through hoops.

    majorbloodnock (8/9/2011)


    And if one of America's allies is also concerned about security in this area, should those chip plans be shared between friendly governments, or should the world just live with the fact we have to trust the US?

    If we want to get along with our allies I think it will be in our best interest to share the plans. Which doesn't mean sharing with everyone we do business with, just those we trust enough not to abuse it.

    majorbloodnock (8/9/2011)


    I realise this is a valid security concern, that countries have to protect both their civil and military infrastructures, and that to do this requires manufacturers to allow governments greater visibility than would be afforded to other customers. However, the solution is just as complex as the problem, so we need to be wary of oversimplifying our judgements.

    At least the US government, probably several others as well, are big purchasers and companies are usually willing to bend over backwards for big clients and I don't see why, to a degree, the government would be different. Especially the way it works in the US. If the government is asking too much then no one will be willing to do it and they won't be able to make the purchase so either restrictions get more lax or the price goes up.

  • cfradenburg (8/9/2011)


    majorbloodnock (8/9/2011)


    Another thought. You're suggesting that the US require that chip manufacturers divulge their plans and plants to the government. What if they don't? Would they be shut down? If so, how is that different from a Far Eastern country applying similar pressure for slightly different ends?

    I would assume this would follow the precedence of many other government contractors. If you don't meet their requirements you don't get government contracts and that's where that ends. Just like if you were doing business with a private company, only with more requirements and jumping through hoops.

    majorbloodnock (8/9/2011)


    And if one of America's allies is also concerned about security in this area, should those chip plans be shared between friendly governments, or should the world just live with the fact we have to trust the US?

    If we want to get along with our allies I think it will be in our best interest to share the plans. Which doesn't mean sharing with everyone we do business with, just those we trust enough not to abuse it.

    majorbloodnock (8/9/2011)


    I realise this is a valid security concern, that countries have to protect both their civil and military infrastructures, and that to do this requires manufacturers to allow governments greater visibility than would be afforded to other customers. However, the solution is just as complex as the problem, so we need to be wary of oversimplifying our judgements.

    At least the US government, probably several others as well, are big purchasers and companies are usually willing to bend over backwards for big clients and I don't see why, to a degree, the government would be different. Especially the way it works in the US. If the government is asking too much then no one will be willing to do it and they won't be able to make the purchase so either restrictions get more lax or the price goes up.

    ....all of which, of course, is independent of location, which is my point. A government carries out what checks it can, and if after that it still can't trust the product, it doesn't buy. This is the same whether the product has been made in the US or Europe or China or Vietnam or wherever. Assuming a domestically produced product is inherently more trustworthy is dangerous.

    This all assumes, of course, that the Government in question is only wielding its buying power to exert pressure. Any suggestion that, within its own borders, it might wield any other means of pressure starts to wander onto dubious moral ground.

    Semper in excretia, suus solum profundum variat

  • It is in dependent of location and you bring up good points, majorbloodnock. However using foreign firms v domestic ones can make a difference. Ultimately if there is a domestic company we might exercise more control or have less risk than if foreign companies are involved.

    It doesn't necessarily help smaller countries, like the UK, though Ireland has a nice research infrastructure that might be leveraged.

    Ultimately I think this is a problem with no good solution, other than auditing and review of the hardware at some point. Maybe banning some companies from sales inside the country for a period of time.

  • Rather than worrying about chip producing countries (and companies) gaining access to our data, worry about NSA and our phone companies outsorcing mass surveilance and data services to Israel, which is happening already. Foreign governments (and companies) don't need hardware inside our hardware if they have hardware inside our country.

    Here's James Bamford on the topic:

    http://www.youtube.com/watch?v=hI_k9Xt00YE

  • majorbloodnock (8/9/2011)


    I understand what you're saying, Steve, but with respect you're only really in a position to suggest that because you're an American. The UK, for instance, is certainly not a third world country (although with the recent rioting, you'd be forgiven for thinking so....), but we're nowhere near rich enough for large scale chip production within our borders to be realistic; we have to rely on foreign imports.

    Pardon my stupidity but how does chip manufacturing depend upon how "wealthy" a country is? I am confused by this concept.

    Manufacturing companies will go where they are welcomed and not taxed or regulated into oblivion. Any number of the countries that are major chip manufacturers are located around the Pacific rim, South America and Mexico. These countries have not been known for their tremendous wealth. What they do have is a business friendly environment. They are happy for these businesses contributions to GNP and the additional taxpayers (employees) they provide and the increase in standard of living that results.

    As manufacturing companies flee the (formerly) 'wealthy' nations for more more friendlier ones with lower taxes, less regulations and right to work environments, the 'wealthy' countries have fewer taxpayers to support their bloated governments and bankrupt social programs.

    The probability of survival is inversely proportional to the angle of arrival.

  • sturner (8/12/2011)


    majorbloodnock (8/9/2011)


    I understand what you're saying, Steve, but with respect you're only really in a position to suggest that because you're an American. The UK, for instance, is certainly not a third world country (although with the recent rioting, you'd be forgiven for thinking so....), but we're nowhere near rich enough for large scale chip production within our borders to be realistic; we have to rely on foreign imports.

    Pardon my stupidity but how does chip manufacturing depend upon how "wealthy" a country is? I am confused by this concept.

    Manufacturing companies will go where they are welcomed and not taxed or regulated into oblivion. Any number of the countries that are major chip manufacturers are located around the Pacific rim, South America and Mexico. These countries have not been known for their tremendous wealth. What they do have is a business friendly environment. They are happy for these businesses contributions to GNP and the additional taxpayers (employees) they provide and the increase in standard of living that results.

    As manufacturing companies flee the (formerly) 'wealthy' nations for more more friendlier ones with lower taxes, less regulations and right to work environments, the 'wealthy' countries have fewer taxpayers to support their bloated governments and bankrupt social programs.

    No, that's not stupidity at all. I was trying to rattle off a fairly succinct reply, and oversimplified.

    In the case we're talking about, no chip manufacturer would ignore the immense buying power of the US market. That could be used either as a big stick or a carrot, but either way as a means of dictating certain terms, and the one Steve was raising for discussion was ensuring manufacturing within US borders. The UK, whilst definitely a first world country, doesn't represent that kind of market, so the terms we could dictate are necessarily far more modest, and certainly wouldn't include significantly influencing where a manufacturer places its production facilities.

    Semper in excretia, suus solum profundum variat

  • Steve Jones - SSC Editor (8/9/2011)


    It is in dependent of location and you bring up good points, majorbloodnock. However using foreign firms v domestic ones can make a difference. Ultimately if there is a domestic company we might exercise more control or have less risk than if foreign companies are involved.

    It doesn't necessarily help smaller countries, like the UK, though Ireland has a nice research infrastructure that might be leveraged.

    Ultimately I think this is a problem with no good solution, other than auditing and review of the hardware at some point. Maybe banning some companies from sales inside the country for a period of time.

    What exactly IS a domestic company anymore, at least in the scope of companies big enough to do business with the government? Noone I know (including defense contractors) do all of their work in a single country. Look at our weapon systems: the stealth fighter's parts are made in a dozen countries, and that's about as secure a project as we can make one.

    I doubt even outfits like Intel or Motorola would be able to easily meet a "you can only use parts from X origin" requirement. The requisition and provisioning processes just aren't built that way anymore. The best you can realistically hope for is a strong after production check system, to include some random deconstruction and analysis in those sensitive systems. In the above they do have some way to check the boards to make sure they contain exactly what the spec mentioned.

    Commercial-grade devices however can't bear that kind of expense and still compete.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

Viewing 7 posts - 16 through 21 (of 21 total)

You must be logged in to reply to this topic. Login to reply