Injection of counterfeit electronics into the market is only a subset of vulnerabilities that exist in the global IC supply chain. Other types of attacks include trojans built into the circuitry, piracy of intellectual property, and reverse engineering. Modern ICs are exceptionally complex devices, consisting of upwards of billions of transistors, miles of micron-scale interconnecting wires, advanced packaging configurations, and multisystem integration into chips sized on the order of a U.S. quarter. These ICs are designed, manufactured, and assembled by an equivalently complicated, globally distributed supply chain. A semiconductor company can have more than 16,000 suppliers spread around the world.10 While globalization has drastically reduced industry costs by tapping inexpensive labor markets and economies of scale, it has simultaneously opened many windows of opportunity for attackers to maliciously modify hardware without the knowledge of ODMs (original device manufacturers) or their customers.
Why is this important?
As the enterprises move towards the “cloud” or the “on-premise” solutions, we need to be aware of such a situation. Hardware, especially for sensitive data like healthcare, requires a careful vetting of the source. The intelligence and the defence communities have developed rigorous checks, and I believe we should use the same for the healthcare.