Chinese Hardware Hack Shows That the U.S. Needs More Than Tariffs to Contain the Dragon

Visitors look at an exhibit as an image of Chinese President Xi Jinping is displayed on a video screen at the PT Expo in Beijing, Wednesday, Sept. 26, 2018. (AP Photo/Mark Schiefelbein)

Bloomberg/Business Week this morning broke the most disturbing spy story in years: Chinese cyber-spies embedded a secret back door onto computer motherboards intended for super-secret CIA cloud computing. The techies at Amazon Web Services discovered one particular back door in hardware built by Chinese subcontractors for Supermicro of San Jose, California, one of the world’s biggest suppliers of motherboards.

Bloomberg reports:

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs.

Let that sink in: the U.S. Department of Defense uses Chinese computer components because they are NOT manufactured in the United States of America. U.S. counterintelligence found one back door. We have no idea how many more back doors are out here.

The level of technological skill required for this sort of “seeding” attack is impressive, according to Bloomberg. This isn’t like planting a microphone in a flower pot:

To actually accomplish a seeding attack would mean developing  deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location — a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle.

“Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.” But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army.

It’s been obvious for years that the United States needs to bring high-tech manufacturing onshore for national security reasons — whatever the economic consequences. The Pentagon procurement system favors the bottom line of an oligopoly of defense contractors. Chinese hardware is cheaper and the globalized supply chain has been a bonanza for the defense industry. The Pentagon’s hardware requirements, moreover, are a tiny fraction of the American market. Building chip foundries in the U.S. for national security reasons will cost a lot more.

This recalls J.P. Morgan’s quip about buying a yacht: If you have to ask how how much it costs, you can’t afford it. China manufactures 90% of the computers used in the United States. U.S. companies like Cisco manufacture virtually all of their telecommunications equipment in China. There’s no way to stop China from embedding secret points of access in hardware, except to produce it here.

Dr. Henry Kressel and I argued two years ago in a Wall Street Journal op-ed that the United States had no choice but to shift the production of sensitive electronics goods onshore:

Washington should also enforce strict U.S. content rules for sensitive defense technology. Many of the Pentagon’s military systems depend on imported components. That’s a concern on security grounds alone. Procurement rules should be changed to require that critical components be manufactured in the U.S.

That will cost a bundle. It will create American jobs, to be sure, but at a considerable price to the taxpayers. A 25% tariff isn’t enough to force the supply-chain for high-tech electronics onshore. We require an infinitely high tariff for defense electronics: No foreign components, period.

Securing our computation and communications systems isn’t optional. That will be expensive, but it’s only a painful, expensive, first step. As the Bloomberg story observed, China’s hardware hackers made a unicorn jump over a rainbow. What should worry us is not the information that Chinese military intelligence might have garnered, but China’s level of technical proficiency. With four times our numbers of STEM undergraduates and twice the number of STEM PhDs, China is gaining on our technological edge. In the cited WSJ op-ed, Dr. Kressel and I argued that the U.S. needed a crash program to rebuild STEM skills. The Hudson Institute’s Dr. Arthur Herman made a similar point in a recent Forbes column, and I agree with every word he wrote.

We tend to forget that beating the Russians in the Cold War wasn’t easy. We were losing the Cold War during the 1970s. Russian surface-to-air-missiles decimated Israel’s American-built air force during the 1973 war, and Russia was convinced that it had a technological edge that would enable it to win any conventional war in the world. The tide began to turn exactly 50 years ago when the U.S. installed look-down radar in F-15s. By 1982, Israel demonstrated the power of American (as well as some Israeli) avionics when it destroyed most of the Syrian air force. But that required a revolution in technology, including the invention of CMOS chip manufacturing at RCA Labs in 1976.

Back then, America spent double what it does now on federal R&D and major corporations maintained their own research labs — Bell, RCA, GE, IBM, Hughes and many others. We had the only top-rate universities in the world for physics and computer science and we drew in the world’s top talent. It’s tougher today. We can win this one, but it won’t be cheap or easy. It will require a national mobilization on the scale of the Eisenhower response to Sputnik, the Kennedy moonshot or the Reagan SDI. Failing that, China will win, just as Russia almost won before Ronald Reagan took office.