Opinions
2024.09.23 14:46 GMT+8

The hidden threats in our electronic supply chain

Updated 2024.09.23 14:46 GMT+8
Basel Halak

A communication device on the ground as Lebanese forces prepare to destroy it in a controlled explosion, in southern Lebanon between the villages of Burj al Muluk and Klayaa, September 19, 2024. /CFP

Editor's note: Basel Halak, a special commentator on current affairs for CGTN, is associate professor of Secure Electronics at the University of Southampton, UK. The article reflects the author's opinions and not necessarily the views of CGTN. 

Recent incidents in Lebanon involving pagers have highlighted alarming security vulnerabilities in the electronic supply chain. These are not just ordinary communication devices – the scale and precision of certain malfunctions suggest something far more deliberate. Devices like this don't just explode with such intensity and coordination on their own.

Why is the hardware supply chain vulnerable to security threats?

The relentless drive for more sophisticated and affordable electronic products has led to unprecedented levels of outsourcing in the hardware supply chain. This outsourcing is essential to manage the complexity of development and design processes while maintaining a short time-to-market.

Take, for example, the A17 Pro semiconductor chip that powers the iPhone 15 Pro. It exceeds 16 billion transistors – more than double the Earth's population. Other modern phone companies like Samsung also produce systems with similar degrees of complexity.

To keep up with this rapid pace, electronics designers have adopted three main approaches: automation, reuse, and abstraction.

Automation involves streamlining as many design tasks as possible. This has led to the emergence of hardware description languages like VHDL and SystemVerilog, and Electronic Design Automation (EDA) tools such as Cadence, Synopsys, and Vivado. These tools significantly speed up design time and reduce human error.

Reuse means incorporating standard design blocks so that designers don't need to reinvent the wheel each time they build a new product. This accelerates the design process and ensures reliability through proven components.

Abstraction allows the design process of an integrated circuit to be split into multiple stages – behavioral, functional and physical levels. This specialization enhances the efficiency and effectiveness of the entire process.

While these approaches have led to incredible advancements, they've also resulted in a remarkable increase in outsourcing within the electronics supply chain. Outsourcing isn't limited to reusing intellectual properties (IPs); it also includes sourcing design tools, engineering skills, and even the entire fabrication process. As a result, the production of electronic systems has become a multinational, distributed business where no single company or country has full control.

This evolution in the supply chain structure has brought about serious challenges. There's a rising level of intellectual property piracy, where design secrets and proprietary technologies are stolen. Counterfeiting has become a significant issue, involving unauthorized production, alteration or misrepresentation of semiconductor components.

Additionally, new forms of attacks like hardware Trojans – malicious components inserted into systems to sabotage functionality – have emerged. These threats compromise the integrity of electronic devices and can lead to widespread security breaches.

A wireless communication device in the hand of a Hezbollah member, the battery of which was removed after a wireless communication device exploded during a funeral, Beirut, Lebanon, September 18, 2024. /Xinhua

How can we protect ourselves?

To mitigate these risks, engineers need to treat security as an integral part of the design process – not as an afterthought. Overlooking security in electronic product development puts many systems at risk, leading to financial losses, damage to reputation and, in extreme cases, physical harm.

Building effective defense mechanisms requires understanding the types of attacks that can occur, identifying attackers' goals, and assessing their capabilities. However, devising appropriate countermeasures is challenging because systems don't always recognize they're under attack. Often, attacks are new, so their symptoms are unknown, or the system attributes anomalies to reliability issues. Therefore, detecting unusual behaviors in electronic systems is a crucial defense technique.

Our team at the University of Southampton is working diligently to keep up with the ever-changing landscape of security threats by developing adaptive countermeasures that leverage artificial intelligence technology. Additionally, cybersecurity education and continuous professional development are essential for all design engineers, both hardware and software.

Risk assessment is a crucial step in developing robust defense mechanisms, including understanding attackers' motivations and resources. All our computing devices are consistently at risk of being probed or attacked to steal sensitive information or to collect data for commercial purposes. In fact, recent reports estimate that home network devices face an average of 10 attacks every 24 hours.

However, these attacks don't require substantial resources and can be easily defended against by adopting simple practices: using strong passwords, enabling two-factor authentication, regularly updating software and being cautious with personal data.

More serious security attacks, such as those exploding devices recently witnessed in the Middle East, are very unlikely to target the typical mobile phone user. These attacks are costly and require long-term planning. Unless there's significant gain, attackers are unlikely to invest the effort.

In sum, while security vulnerabilities in the electronic supply chain pose significant challenges, understanding the risks and taking proactive measures can go a long way in protecting ourselves. By making security a priority from the design stage and staying informed about potential threats, we can help safeguard our devices and data in this interconnected world.

Stay vigilant, stay informed and remember: Security starts with you.

(If you want to contribute and have specific expertise, please contact us at opinions@cgtn.com. Follow @thouse_opinions on X, formerly Twitter, to discover the latest commentaries in the CGTN Opinion Section.)

Copyright © 

RELATED STORIES