Home » Around the Globe » Making Headway on Cyber Counterfeits

Making Headway on Cyber Counterfeits

By Kevin Coleman — Defense Tech Cyber Warfare Correspondent

Back in April 2008 DefenseTech ran a post about the risk of compromised / counterfeit products entering the supply chain supporting sensitive systems. ( ) These risks are still present today some three years later.  However, just recently, Senator Sheldon Whitehouse (D-RI) introduced a piece of bipartisan legislation that addresses this risk. The legislation targets those who traffic in counterfeit goods. The legislation “Combating Military Counterfeits Act of 2011”  is co-sponsored by U.S. Senators John McCain (R-Ariz), Lindsey Graham (R-S.C.), and Chris Coons (D-Del) and if enacted would establish a higher level criminal offense for trafficking in counterfeit military products and would increase penalties for these criminal acts.

Last year, Deputy Defense Secretary William Lynn was quoted in an article on the Pentagon’s strategy to counter cyber intrusions, saying that “counterfeit hardware has been detected in systems that the DoD has procured.” So how big is the problem? One published report showed that, in 2010, investigators from Immigration and Customs Enforcement (ICE) made nearly 20,000 seizures of suspected counterfeit materials valued at $1.4 billion; a 34-percent increase from 2009. Last year, the Commerce Department referenced a Defense Department official who estimated that counterfeit aircraft parts were “leading to a 5 to 15 percent annual decrease in weapons systems reliability.”

In 2010 a Saudi national living in Texas was found guilty of trafficking in counterfeit Cisco equipment.  Adding insult to injury he resold the counterfeit equipment for nearly 24 times the price he originally paid for the computer/networking equipment! The Defense Criminal Investigative Service is aggressively working to mitigate this risk and is said to currently have dozens of investigations underway. Now all we have to do is to get our critical infrastructure providers to follow DoD’s lead!

Here’s more on the counterfeit problem.

 

{ 10 comments… read them below or add one }

Musson July 5, 2011 at 11:30 am

http://www.businessinsider.com/navy-chinese-micro…

According to Business insider the Navy bought 59,000 Chinese chips with a backdoor shutdown. If installed - they could have been shut down at any time.

That is one way to beat your enemy. Not to mention shut down the economy.

Reply

ew-3 July 5, 2011 at 5:05 pm

"they could have been shut down at any time."

How? I've been around micro processors (firmware and hardware design) for about 25 years, and I simply can't see how it could be done.

The article you are referring to says they can be shut down remotely. That would indicate an RF device. So where is the antenna to receive the RF energy? What if the chip is mounted inside an aircraft or missile which is then wrapped in aluminum of some other metal ?

Should also mention that the chip could be x-rayed and any deviation from the expected layout would easily be seen.. Not to mention that each pin of a device has very tight tolerances on impedance and in normal testing you can catch anyone trying to alter the electrical characteristics. And 100% testing is normal even in COTS devices.

Not nearly as easy as non-technical folks would have you think.

Reply

Dogface July 6, 2011 at 11:25 am

The israeli's did it to the Syrian radar batteries. You might try taking a system's approach to the problem.

Reply

blight July 6, 2011 at 11:27 am

The real question is this: are we outsourcing micro-processors, or final PCB assembly? If it's individual micro-processors while we retain PCB assembly, messing with microchips to have effects limits you to working within whatever chip you are supplying. If you are buying whole printed circuit boards from a foreign supplier, then you have to analyze a representative sample (or even all) of the parts coming from overseas for deviations from your specifications.

The amount of "control" one can be expected to receive is proportional to what you can design in. If a foreign company is /making/ your missiles, don't expect them to behave as intended if used in combat against that nation. If a foreign company is supplying individual chips, expect a high defect rate or parts designed to fail faster as a indirect form of sabotage (as remote control requires extensive design inputs, as you say…)

Reply

Technolytics July 5, 2011 at 12:18 pm

We know there are counterfeit chips orbiting the earth right now as well. Identifying those 59,000 counterfeit chips is a big step toward putting integrity back in our supply chain. There is still a long way to go. Not that long ago we did not even look at security problems or integrity issues in the supply chain.

Reply

Mark July 5, 2011 at 2:41 pm

So let me get this straight. I selling componate widgets (item needing certain different kinds of widgets to complete) to the government look to my supply chain to acquire the needed products. My supply chain may be a series of two different suppliers. One of them might acquire some of said widget componants that turn out to be counterfeits and simply because it got in my government componant widget I am a criminal along with the company which supplied me with the componant? Sigh - the fall of the USA is lead by its own government. If I knew about it yet still proceeded I can agree. However if duped I can not. For my company is as much a victim as the government itself. The nanny state must stop.

Reply

blight July 6, 2011 at 11:22 am

One could argue you had no intent to supply fake products to the government, but there should be responsibility to check your supply chain in the first place to ensure you receive no fake product. Unless you feel that your commercial clients "deserve" to receive defective parts?

Reply

dogface July 6, 2011 at 11:27 am

Actually I think you have to certify the origin of parts when you sell, so you'd be committing a fraud by originating parts overseas that were not allowed to be sourced there.

Reply

Musson July 5, 2011 at 4:30 pm

I am reminded of the counterfeit high strength steel helicopter bolts that found their way into the US. Helicopter rotors started dropping off in flight.

Reply

blight July 6, 2011 at 11:22 am

Well, if you buy American you can always prosecute an American worker or low level manager for it.

Reply

Leave a Comment

Previous post:

Next post: