via Brookings Institute – Executive Summary.
More than ever, the electronic devices that are critical to everyday life, to the larger infrastructure, and to national defense are dependent on increasingly sophisticated semiconductor integrated circuits, also referred to as “chips”. For example, laptop computers and tablets, smartphones, the financial system, the Internet, aircraft flight controls, automobile antilock braking, the power grid, and an almost endless list of other devices and systems can be trusted to run properly only if the chips they contain are free of hidden malicious circuits inserted during the design or manufacturing process.
The combination of continued chip technology advances and an unprecedented level of globalization in the semiconductor industry has spurred enormous changes in the way chips are designed, manufactured, and used. These changes bring many benefits to the consumer including lower prices and faster time to market for products and services, but they have also created a widening set of opportunities for would-be attackers to insert malicious circuits during the chip design process that could be used to launch a hardware attack.
Despite the potentially devastating impact that a large-scale hardware attack could have on commerce, defense, and government function, the need to proactively address hardware security remains widely underappreciated. This document explains the causes and nature of the hardware security threat and outlines a multipronged approach to address it involving:
1) a change in design practices within the semiconductor industry,
2) the establishment of a national-level capability to coordinate a quick response to an attack,
3) improved testing procedures to detect corrupted chips before they are placed into products, and
4) the inclusion of built-in defenses into chips to identify and thwart attacks as they occur.
Full Paper here.