By Dr. Eyal Weiss, Founder & CTO, Cybord
Cyberspace has made the world interconnected. Although this has significant advantages, it creates an opening for electronic attacks. Attackers are exploiting any vulnerability that they can find to threaten, steal, disrupt, or destroy information and services. There are many cyber vulnerabilities, but one that goes overlooked is the manufacturing and supply chain process of hardware. The growing globalized marketplace currently has very few, if any, security measures in place to protect against the counterfeiting of electronic hardware or the insertion of cyber components to infiltrate systems. This creates a significant problem for the market.
One of the gravest issues relates to the installation of “back-doors” in electronic hardware. The potential for “back-doors” being built into cyber components is a reality that puts entire systems at risk. Once these modifications or back-doors have been built into the hardware, they can be nearly impossible to detect, especially in the testing process. The miniaturization and complexity of electronics has made it nearly impossible to detect whether a part of a chip has been tampered with, built in, or compromised.
This counterfeit threat is a growing problem for businesses, costing millions of dollars a year in lost time, labor, and failed equipment. Over the past decade, there have been several cases in which U.S. law enforcement has seized millions of dollars in counterfeit parts and prevented their sale in sting operations. A Senate report from 2012 found “1,800 cases of counterfeit electronics parts involving over one million suspected parts.” Counterfeit parts have been found in aircraft made by Boeing and Lockheed Martin, to name a few. In 2018, the security nightmare came true when Bloomberg reported that Supermicro had been infiltrated by malicious cyber components that introduced a hardware back-door to the company’s server boards. These boards were installed in multiple high-profile locations including Amazon, CIA, the Navy, and more.
Unfortunately, the numbers continue to grow: there are significant examples of counterfeit and cyber-attack incidents that go unreported and even more cases that haven’t yet been identified. One can only imagine what effect an inserted cyber component may have on autonomous vehicles, military equipment or IoT devices.
The testing process can move beyond simply checking that electronic hardware is functioning as intended. Testing should act preventatively by verifying that every component assembled is 100% authentic, without being altered or tampered with. State of the art big-data technology can be used to learn and identify authentic and inauthentic components before they enter production.
Cybord delivers affordable, fully automated, AI, multi-physics, high throughput, 100% non-destructive component inspection and authentication. The system scans every component without removing them from their original packaging. It then uploads and processes the component using comprehensive AI-based, Big-Data algorithms, ensuring the security your product needs.
Software cyber security gets most of the attention, but “Zero-Trust” goes all the way to the hardware, where systems can be the most vulnerable.