As the value of data increases, so have the rewards of tapping into that data.
In the past, most hacking was confined either to software, or in some cases the use of counterfeit chips. But as the Internet of Things and pervasive connectivity and computing become more widely adopted, the number of vulnerable points inside of systems, networks, software of all types and semiconductors themselves has skyrocketed.
There are many different approaches needed to solve this problem, ranging from secure zones within chips to authentication and secure gateways for communications. But all of them cost money, which makes it difficult in consumer applications, and some require additional resources such as extra circuitry, energy to monitor them, and compute power to ensure data remains intact. These are tradeoffs that can affect the overall functionality of a chip and the cost of developing it. And even then the general thinking among security experts is that any chip, any hub, and any gateway can be hacked with enough time and effort.
There are several key strategies to keep in mind with security. One is that it needs to be architected so that in the event of a breach of data, only that chip or device is compromised, instead of all devices that use that technology. The second is that security needs to be layered, with enough firewalls, secure areas and other features to make it extremely difficult to gain access to important data. This is essentially the equivalent of having many locked doors, rather than just one. And third, there needs to be a way of reporting when something has been breached so it can be shut down quickly.
Two areas that are particularly sensitive to breaches are military and medical markets, where the value of data is particularly high. A chip failure in such mission-critical environments can easily lead to losses in lives, failures in missions and massive destruction of property. As automobiles become increasingly connected, they are coming under intensive scrutiny for security, as well.
Another critical component of security is the supply chain, where counterfeit chips with extra circuits or back doors can be inserted. In the medical arena, counterfeit chips in a medical device may show up when the device or system experiences a failure. The failure may be relatively innocuous, such as gibberish on a display, or a failure in the data transmission link. At the other end of the spectrum are the catastrophic failures, such as a defibrillator misfiring or a pacemaker clocking erratically. Often the failure is just written off as random or age-related failed components.
In the military markets, this can result in massive destruction, and it's one that is particularly difficult to prevent because even the military relies on a global supply chain. That was pointed out in a 2014 report issued by the U.S. Senate Armed Services Committee, which after two years of investigation concluded the supply chain is dangerously vulnerable.