by Wesley K. Clark & Peter L. Levin

Securing the Information Highway

How to Enhance the United States' Electronic Defenses

The latest in a series of cyberattacks was launched against popular government Web sites in the United States and South Korea, effectively shutting them down for several hours. It is unlikely that the real culprits will ever be identified or caught. More disturbing is that their limited success may embolden future hackers to attack critical infrastructure, such as power generators or air-traffic-control systems, with devastating consequences for the U.S. economy and national security.

Fortunately, the Obama administration recognized that the United States is utterly dependent on Internet-based systems and that its information assets are precariously exposed. Accordingly, it made electronic network security a crucial defense priority.

But that was only the tip of the iceberg.

Although networks -- along with software, such as games, media, and business applications -- attract most of the public's attention, when it comes to cybersecurity, chip-level hardware is similarly vulnerable: deliberate design deficiencies or malicious tampering during manufacture can easily creep in during the 400-step process required to produce a microchip.

Modern automated testers can test certain kinds of design fidelity within integrated circuits at the rate of millions of transistors per second. The problem is that such equipment can only detect deviations from a narrow set of specifications; testers cannot detect unknown unknowns. Moreover, the timeline of a hardware attack is altogether different from that of a software or network attack. Pervasive network infections are generally detectable, are mostly curable, and, until now, have been largely containable through the use of rapidly deployable software patches.

In contrast, compromised hardware is almost literally a time bomb, because the corruption occurs well before the attack -- during design implementation or manufacturing -- and is detonated sometime in the future, probably from a faraway location.

A hardware breach is also more difficult to defend against than a network or software intrusion. There are two primary challenges when it comes to enhancing security in chips: ensuring their authenticity (because designs can be copied) and detecting malevolent function inside the device (because designs can be changed). But seeking to completely obliterate the threats of electronic infiltration, data theft, and hardware sabotage is neither cost-effective nor technically feasible; the best the United States can achieve is sensible risk management.

The U.S. government can begin by diversifying the country's digital infrastructure; in the virtual world, just as in a natural habitat, a diversity of species offers the best chance for an ecosystem's survival in the event of an outside invasion. By imposing homogeneity onto the United States' computing infrastructure, generations of public- and private-sector systems operators have -- in an attempt to keep costs down and increase control -- exposed the country to a potential catastrophe. Rethinking Washington's approach to cybersecurity will require rebalancing fixed systems with adaptive, responsive infrastructure.

In addition to building a diverse, resilient IT infrastructure, it is crucial to secure the supply chain for hardware. This is a politically delicate issue that pits pro-trade politicians against national security hawks. Since most of the billions of chips that comprise the global information infrastructure are produced in unsecured facilities outside the United States, national security authorities are especially sensitive about the possibility of sabotage.

In fact, streamlining procurement of IT components is utterly unrelated to the integrity of the components themselves; how the government purchases components does not determine what is actually delivered, tested, and deployed. Moreover, the enormous cost of maintaining a parallel domestic production capability to match the tremendous manufacturing advances of the private sector abroad would never pass muster in even the most hawkish appropriations review.

It makes sense to purchase electronic components, even those made offshore. The problem is not foreign sourcing; it is ensuring that foreign-made chips are authentic and secure. And promising strategies exist for doing this in the near term, such as embedding compact authentication codes directly into devices and configuring anti-tamper safeguards after the devices are produced, will enhance protection by tightening control of the supply chain and making the hardware more "self-aware."

The Bush administration's classified Comprehensive National Cyber Security Initiative, which led to a reported commitment of $30 billion to bolster electronic defenses and which the Obama administration supported, was a solid first step toward managing the risk.

Unfortunately, much of the relevant information is classified. But because many of the best-trained and most creative experts work in the private sector, blanket secrecy will limit the government's ability to attract new innovations that could serve the public interest. Washington would be better off following a more "open-source" approach to information sharing.

The cybersecurity threat is real.

All evidence indicates that the country's defenses are already being pounded, and the need to extend protection from computer networks and software to computer hardware is urgent. The U.S. government can not afford to ignore the threat from computer-savvy rivals or technologically advanced terrorist groups, because the consequences of a major breach would be catastrophic.









Securing the Information Highway

© Council on Foreign Relations