Chinese Hardware Hack Shows That the U.S. Needs More Than Tariffs to Contain the Dragon

Bloomberg/Business Week this morning broke the most disturbing spy story in years: Chinese cyber-spies embedded a secret back door onto computer motherboards intended for super-secret CIA cloud computing. The techies at Amazon Web Services discovered one particular back door in hardware built by Chinese subcontractors for Supermicro of San Jose, California, one of the world's biggest suppliers of motherboards.

Bloomberg reports:

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs.

Let that sink in: the U.S. Department of Defense uses Chinese computer components because they are NOT manufactured in the United States of America. U.S. counterintelligence found one back door. We have no idea how many more back doors are out here.

The level of technological skill required for this sort of "seeding" attack is impressive, according to Bloomberg. This isn't like planting a microphone in a flower pot:

To actually accomplish a seeding attack would mean developing deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location -- a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle.

“Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.” But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army.

It's been obvious for years that the United States needs to bring high-tech manufacturing onshore for national security reasons -- whatever the economic consequences. The Pentagon procurement system favors the bottom line of an oligopoly of defense contractors. Chinese hardware is cheaper and the globalized supply chain has been a bonanza for the defense industry. The Pentagon's hardware requirements, moreover, are a tiny fraction of the American market. Building chip foundries in the U.S. for national security reasons will cost a lot more.

This recalls J.P. Morgan's quip about buying a yacht: If you have to ask how how much it costs, you can't afford it. China manufactures 90% of the computers used in the United States. U.S. companies like Cisco manufacture virtually all of their telecommunications equipment in China. There's no way to stop China from embedding secret points of access in hardware, except to produce it here.

Dr. Henry Kressel and I argued two years ago in a Wall Street Journal op-ed that the United States had no choice but to shift the production of sensitive electronics goods onshore:

Washington should also enforce strict U.S. content rules for sensitive defense technology. Many of the Pentagon’s military systems depend on imported components. That’s a concern on security grounds alone. Procurement rules should be changed to require that critical components be manufactured in the U.S.

That will cost a bundle. It will create American jobs, to be sure, but at a considerable price to the taxpayers. A 25% tariff isn't enough to force the supply-chain for high-tech electronics onshore. We require an infinitely high tariff for defense electronics: No foreign components, period.

Securing our computation and communications systems isn't optional. That will be expensive, but it's only a painful, expensive, first step. As the Bloomberg story observed, China's hardware hackers made a unicorn jump over a rainbow. What should worry us is not the information that Chinese military intelligence might have garnered, but China's level of technical proficiency. With four times our numbers of STEM undergraduates and twice the number of STEM PhDs, China is gaining on our technological edge. In the cited WSJ op-ed, Dr. Kressel and I argued that the U.S. needed a crash program to rebuild STEM skills. The Hudson Institute's Dr. Arthur Herman made a similar point in a recent Forbes column, and I agree with every word he wrote.

We tend to forget that beating the Russians in the Cold War wasn't easy. We were losing the Cold War during the 1970s. Russian surface-to-air-missiles decimated Israel's American-built air force during the 1973 war, and Russia was convinced that it had a technological edge that would enable it to win any conventional war in the world. The tide began to turn exactly 50 years ago when the U.S. installed look-down radar in F-15s. By 1982, Israel demonstrated the power of American (as well as some Israeli) avionics when it destroyed most of the Syrian air force. But that required a revolution in technology, including the invention of CMOS chip manufacturing at RCA Labs in 1976.

Back then, America spent double what it does now on federal R&D and major corporations maintained their own research labs -- Bell, RCA, GE, IBM, Hughes and many others. We had the only top-rate universities in the world for physics and computer science and we drew in the world's top talent. It's tougher today. We can win this one, but it won't be cheap or easy. It will require a national mobilization on the scale of the Eisenhower response to Sputnik, the Kennedy moonshot or the Reagan SDI. Failing that, China will win, just as Russia almost won before Ronald Reagan took office.

Apple and Amazon can strongly deny it all the want.

https://www.eetimes.com/document.asp?doc_id=1333839

The craze is now officially off the chain.

The entire electronics space is buzzing for the seismic implications of this. The damage this is going to do to China in the mid to long term is going to be massive.

Talk has spread to routers, of all sizes - industrial to household.

The sources for the Bloomberg article were government and military.

This revelation could be the neutron bomb, the EMP of this trade conflict with China - nobody is going to buy from you because nobody trusts you, period.

The electronics business, for China, is everything. This may actually for the Chinese government to disavow this activity by groups within the PLA as rebellious, and force the Chinese into removing non-tariff barriers to business in China.

They overstepped in a major way here. Our entire position is they’ve taken advantage of the world, especially in IP confiscation. This hardware hack, its scope, and the arrogance of it - them using it as a way to turn the entire world into an idea factory for their eventual world domination. There is no other way to look at this.

This is check and mate. This may collapse China. They just injected 174 billion today. It’s an astounding number. When we nationalized the big nine bangs in 2008, we spent 250 billion, and did that in massive extremis.

Going to be an active news week.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

We need to make our own hardware, now.