Weapons systems with feet of China clay

[Update: the Washington Post article to which "A Dude" refers in his comment is here.]

Back in 2009 I blogged about the fact that UK telecoms giant BT was buying in components for its £10 billion network from the Chinese telecoms supplier Huawei. This article came in part from a leaked memo demonstrating concerns in Whitehall at the time that this could, in theory at any rate, give China the ability to launch a serious attack on UK communications.

I didn't then and don't now wish to delve too deeply into the ambivalence of the relationships between China and the West, but I did say that:

it seems unfortunate that "government departments, the intelligence services and the military" are apparently committed to the use of the new BT network if that network cedes significant potential control, even at component level, to a nation that clearly isn’t trusted at high levels of government.

I have to wonder how many elements of the UK’s Critical National Infrastructure (CNI) are labelled "made in China". Not that I want to buy into the universal xenophobia that seems to dominate this story, but if you’re building or maintaining a CNI, don’t you try to keep it in-house, even if it costs more to buy from trusted sources?

I still don't have an answer to the question in that second paragraph. But I was reminded of it today by an article from Business Insider flagged by my colleague Aryeh Goretsky: it concerns 59,000 fake microchips purchased by the US Navy for use in systems "from missiles to transponders" ultimately sourced from China. Somewhat alarmingly, the article claims asserts that the chips "had been made with a 'back-door' and could have been remotely shut down at any time.

In fact, the article in Wired from which this assertion derives makes a rather less sensational claim:  

 Instead of crappy Chinese fakes being put into Navy weapons systems, the chips could have been hacked, able to shut off a missile in the event of war or lie around just waiting to malfunction.

A hypothetical then, not a clearcut attempt at sabotage. But by no means far-fetched. Fortunately for the US, the Intelligence Advanced Research Projects Agency is aiming to mitigate that risk with its Trusted Integrated Circuit programme. But the issue goes beyond silicon, and perhaps even beyond defence of the realm (whichever realm you're talking about)…

At a time where the West is, generally speaking, not at the top of its game economically, I can see why defence contractors, like anyone else, are anxious to save money, but outsourcing critical systems purely for economic advantage in the hope of submitting the lowest tender is a risky strategy.

ESET Senior Research Fellow

Author David Harley, ESET

  • A Dude

    I think you'll find that there are a couple of very major inaccuracies in that 'Business Insider' report. The original source of the article's story is here, FYI:


    • David Harley

      Yes, I realize that the Business Insider report inaccurate: I pointed that out in the article. The URL you included in your comment was automatically stripped as a measure against comment spam, but if it was to the Wired report, that’s also linked in the article.

  • A Dude

    oops, my link was auto-removed but anyway, it was a washington post article … a google search for "washington post 59000 counterfeit microchips" brings it up …

    • David Harley

      Ah. That I hadn’t seen. Thanks, I’ll check it out.

  • A Dude

    No problem, it makes you wonder if there are any background checks to becoming a military supplier though … seems like they could do with being beefed up

  • Kevin W

    I'm fairly sure IEEE Computer or Spectrum had an article about this maybe two years ago, looking at risk of hardware hacks and how US DoD was aware of issue. Lots of weapon systems use very old CPUs, and the DoD does seek to secure supplies into the forseeable future (even if just buying shit loads for spares) according to my remembrance of the article.
    I wonder how it affects the war games? If you know your chips are dodgy maybe you won't first strike – however if you know your enemy has dodgy chips maybe you can risk first strike, but then again maybe you can cripple them more easily.

Follow us

Copyright © 2017 ESET, All Rights Reserved.