Hardware Security in the U.S.-Indian Cyber Dialogue
Much like the Indo-U.S. strategic partnership, Indo-U.S. cyberengagement appears to have plateaued and could benefit from a tailored reset. Since the 2001 establishment of the Indo-U.S. Cyber Security Forum, India and the United States have sought to partner on various cyberissues of collective importance: cybersecurity, cybercrime, cyberforensics and cybersecurity norms, among others. Apart from a 2013 goal of supply-chain security, Indo-U.S. cybercooperation is largely software-based. This ignores a mutual, more incipient cyberhardware threat, which permeates broader defense issues. A failure to address the issue of hardware security could have a highly deleterious impact on India’s defense apparatus. The time is ripe for India and the United States to expand the Indo-U.S. cyberdialogue to include hardware security.
The weapon platforms that are critical to state security and deterrence—nuclear weapons, cruise and ballistic missiles, fighter jets and any number of other systems—are dependent on semiconductor integrated circuits, or chips, which make up the hardware of the system. The semiconductor supply chain has become increasingly globalized, and as John Villasenor at the Brookings Institution has noted, tampered or malicious chips, which operate as hidden ‘back doors’ for espionage or sabotage, have likely heavily contaminated the global supply chain. Malicious hardware can be inserted into a chip after the design phase but before it is manufactured and placed in a product, thus making it challenging to detect. Should a malicious chip be placed in a critical weapon system, that platform could cease to operate.
At present, while India does design its own semiconductor chips, it lacks the capacity to manufacture its semiconductors domestically. As the East West Center notes, most of India’s integrated circuit design work is done for various multinational corporations, who transfer the design for manufacturing elsewhere, often to locations such as Shenzhen, China. So long as India’s chips are manufactured externally, India risks placing compromised circuits in their indigenous weapons systems, thus exposing them to potential sabotage or espionage. India needs a secure supply of ‘trusted’ semiconductors for its domestically produced systems.
Last October, the former Union Minister for Communications and Information Technology, Kapil Sibal announced at the Observer Research Foundation (ORF) and Federation of Indian Chambers of Commerce and Industry (FICCI), India Conference on Cyber Security and Cyber Governance, that imported computer hardware posed a serious security threat to India. The Indian government had decided to invest in manufacturing semiconductor chips. Four months later, on February 14, former Prime Minister Manmohan Singh, sanctioned the construction of two semiconductor wafer plants, or ‘fabs’, in cooperation with two different business consortiums. Construction is expected to begin in September.
While India has announced the creation of two ‘fabs’, it is unclear what leverage the Indian Ministry of Defense (MoD) will have manufacturing ‘trusted’ chips for its critical defense systems. If the U.S. model sheds any light on potential defense microelectronic trajectories in these two semiconductor plants, it might prove to be very little.
Like U.S. semiconductor plants, India’s proposed semiconductor plants will be run by private enterprises; and the requirements of commercial semiconductor development do not necessarily overlap with those for Defense.
In the U.S., total government consumption of domestic semiconductors was below .5 percent in 2000 (one can expect it to be lower today), providing the government, and more notably the U.S. Department of Defense (DoD) with little leverage to directly influence the commercial semiconductor marketplace. Furthermore, given the extensive time it takes to field new weapons platforms, from research and development (R&D), to production, testing, and finally fielding, the semiconductors underlying those weapons systems tend to lag at least two generations behind commercial state of the art integrated circuits. Finally, the semiconductors that meet DoD requirements are often unique from commercial products, requiring reliability, robustness, and at times radiation hardening to perform in highly contested or extra-atmospheric environments. Despite these constraints, the U.S. has developed a program to help ensure that ‘trusted’ chips underlie their critical weapon systems.