March 11, 2008 by jimstogdill
CHIPSAFE for Critical Components?
There has been a surge of articles like this one lately that raise the issue of supply chain integrity for critical computing components especially in the context of security. The emerging trend toward open hardware as exemplified by Sun OpenSPARC will only make the sourcing provenance issue more important as the openness of the design will make it that much easier to knock off a slightly modified chip.
I was the Quality Assurance officer on a U.S. Navy Submarine for a while (too long, it was an awful if important job) and this problem made me think of the SUBSAFE program. Started after the loss of the Thresher it put in stringent controls on material for all seawater systems that cover how the materials are sourced, inspected, tracked to point of installation, installed, tested in place and etc. The reactor systems are covered by similar controls all of which are designed to make sure that the specified thing was manufactured, bought, shipped, and installed, and that it lived up to its specification as implemented. To me, the QA officer at the end of a long chain, it meant material control tags, work package reviews, periodic work-in-progress inspections, a stack of pre-underway paperwork next to my desk that reached from the floor to the desktop, and many many many signatures.
The NSA’s Trusted Foundry Access program sounds like the sourcing piece of SUBSAFE for silicon. I hope it never needs to be extended into a CHIPSAFE program that covers the entire supply chain as the expense and difficulty imposed by such a system would be staggering (there are a lot more things using computers than there are submarines). However, I suspect eventually it will for at least some uses. However, computing is so pervasive that I’m not sure a system like SUBSAFE with carefully controlled and focused scope can be effective.