Semiconductor integrated circuits, commonly known as computer chips, are the powerhouses that run virtually all electronic devices and computers, including everything from mobile devices and personal computers to aircraft flight controls and entire power grids. For these devices and systems to work, chips must be free from defects and malicious circuits.
Unfortunately, increased consumer demand sped up the globalization of chip manufacturing, with a large portion chips now manufactured overseas. This degree of globalization, and the fact that U.S. chip buyers like the U.S. Department of Defense (DoD) procure from this global pool, creates opportunities for “bad actors” to insert malicious circuits during the chip manufacturing process.
The vulnerabilities of outsourcing chip manufacturing present serious security risks for individuals, businesses, nonprofits and governments. This is logically a major concern for cybersecurity departments. To combat this type of threat, cybersecurity professionals must gain expertise in chip and computer hardware design. Coursework in Florida Institute of Technology’s online Master of Business Administration (MBA) in Cybersecurity program examines computer science and security as applied to information technology (IT), providing students with the knowledge of hardware-based risk assessment needed to excel in the cybersecurity field.
Cybercrimes Involving Hardware Attacks
Virtually anyone can create malicious software, or “malware”, at any time via software development, modification and programming. However, only someone with the knowledge and access to alter semiconductor circuits during the manufacturing process can create malicious hardware in the form of computer chips.
Introducing malicious changes during the actual manufacturing process is often ineffective, as these changes may compromise the chip to the extent that it doesn’t pass quality inspections. For that reason, most malicious changes occur during the design phase — the process wherein engineers map out areas of the chip to perform certain tasks. Once introduced, malicious hardware can remain dormant for months or even years before employment in an attack.
Cybercriminals can trigger attacks in a variety of ways, often through accessing an existing “trap door” or “back door,” or by installing such access points during manufacturing. Criminals may program attacks to trigger in response to an event, such as a particular calendar date, or a location, such as a GPS position. Alternatively, attackers can hide a trigger within external data and send it when they are ready to attack.
Overt attacks can cause a device or system to completely fail and shut down or to run with obvious impairment. Covert attacks may give the appearance that the device or system is continuing to operate normally while carrying out malicious actions in the background or introducing corruption into data. Covert attacks might also open the door for the deployment of malicious software at a later date.
Software and Hardware Cybersecurity Solutions to Chip Vulnerabilities
Many chip manufacturers have nonexistent or insufficient security measures in place and generally fail to view this threat as meaningful. Therefore, the first hurdle to preventing hardware attacks is awareness and an accurate assessment of the real and significant threat of these types of attacks. If malicious hardware shuts down cell phones, it’s an inconvenience, but if it overrides the GPS coordinates of planes in flight or brings down defense systems, it could cause a tragic disaster.
One solution to preserving the integrity of chips is changing the design process itself to compartmentalize and limit access to those with direct involvement in each particular phase of design and implementation. This could lead to changes within manufacturing companies as well as how they use outsourcing and third-party vendors.
Developing more robust testing processes that can detect malicious changes in chips before installation in products and systems could also help prevent hardware attacks. Current testing protocols can reveal accidental flaws, but they may fail to detect carefully constructed and hidden deliberate flaws. As a safeguard, developing methods to thwart or neutralize an attack once it’s launched can prevent malicious chips from causing significant damage. Defense processes built into the chip would monitor the chip’s behavior and quarantine any portion of the chip that isn’t behaving normally.
How Can You Prepare for a Career in Hardware Cybersecurity?
Cybersecurity is a broad field that encompasses those who install, configure and maintain secure networks; those who develop software and other products to enhance security; and those who design and engineer hardware. Along with rapid growth in information security and cybersecurity analysis jobs, the emerging awareness of hardware’s vulnerability to cybercrime has the potential to create opportunities for hardware-related positions, such as computer hardware engineers.
Computer hardware engineers design, develop and test equipment such as computer chips and circuit boards. Information technology (IT) professionals who aspire to roles that combine computer engineering, business and cybersecurity may choose to pursue a specialized degree in the interdisciplinary field, such as the online MBA in Cybersecurity from Florida Tech. This program focuses on the intersection of business management, IT and cybersecurity, providing students with in-depth knowledge and training on how to recognize, evaluate and mitigate a variety of potential threats in the business environment.
Learn more about Florida Tech’s online MBA in Cybersecurity program.
