Carelessness in purchasing electronics can cost Russia defenses
In the Russian army, more than half of all weapons and military equipment are stuffed with imported ECB. Starting with computers in the systems of automated command and control of strategic and tactical forces, the Uran-9 robotic systems, and ending with the Su-30CM and Iskander OTRK fighters.
The total volume of foreign ECB in the production of samples of domestic weapons and special equipment is 70%. According to According to JSC Concern Radioelectronic Technologies (KRET), it will take from two to five years to replace more than 3,5 thousand elements of imported EKB, but about 7-8% of them are not reproducible.
Consequently, completely overcome the dependence on imported electronics in the defense industry will not succeed. In other words, the use of foreign ECB for critical applications, unfortunately, will take place for a long time.
In this regard, special attention should be paid to the security guarantees of the use of e-filling imported.
According to experts, in addition to military-technical dependence, imported electronics can conceal a lot of other “surprises” that Russian military leaders are not even aware of.
In particular, according to foreign studies, without the knowledge of the customer, a hardware trojan can be introduced into each chip, which, at the command of its "owner", is able to perform a variety of unauthorized actions: change operating modes, transfer any internal (secret) information through external channels, change electrical modes the operation of the chip up to its destruction or failure by an external signal of the attacker. The command can come at a certain time or on a certain external signal.
For the first time, the fact of introducing such a trojan into a microchip was documented in a “dashing 90-e” by Sergei Skorobogatov, an employee of a security group in a computer laboratory at the University of Cambridge, a Moscow university graduate who found work at a US university. This microcircuit was advertised by both the developer and the US Department of Defense as absolutely safe, with multi-level protection. Therefore, it was widely used for many years in military systems (submarines, aircraft, precision weapon).
In September 2007, Israel attacked a suspicious nuclear facility located in Syria. Shortly before the Israeli raid begins aviation ultra-modern radars of the Syrian army, which were used in the air defense system, failed. After this incident, computer security experts sounded the alarm: in their opinion, the backdoor (an algorithm defect that is intentionally built into it by the developer and allows unauthorized access to data or remote control of the operating system as a whole) caused by such chips radars still at the production stage.
At the Pentagon, they took this possibility quite seriously many years ago. Indeed, in this case we are talking about the emergence of a new type of weapon - a scientific-technical, or cyber-weapon, which allows not only to "win", but also to "survive" the attacking side. After all, it is quite obvious that the use of types of “classical” weapons and such “exotic” weapons as biological, climatic, seismic, psychological, neural, etc., on Earth today will be nothing but a rather sophisticated “suicide method” .
The issue of ensuring technological security was classified in the USA and NATO countries among the state tasks with the highest priority of importance. The headache in ensuring the safety of the supply channels for ECB for critical systems was assigned to the Pentagon.
In the structure of the US Department of Defense, as a result, a number of special units were created to ensure the safety of supply chains for microcircuits in the interests of the defense department, NASA and NATO member countries. The most well-known of the open sources such an "anti-Trojan" division is the special division of the US Department of Defense - JFAC (Integrated Federal Center for the Reliability of Microchips).
It is worth noting that in the matter of security control in microelectronics of the USA ahead of the rest. At the end of 2017, the US Department of Defense had 23 certified factories at its disposal, which ultimately allowed Americans to place their manufacturing orders with subsequent certified delivery of chips manufactured using twenty different technologies.
In the Russian defense ministry, the issue of security monitoring of purchased chips is more than negligent.
Despite the fact that the structure of the Ministry of Defense of the Russian Federation, there are a number of special units whose main functions are similar to those of their American counterparts: 18 Central Research Institute of the Ministry of Defense, 46 Central Research Institute of the Ministry of Defense, branch of the Central Scientific Research Institute of the Ministry of Defense (formerly 22 Central Research Institute) production is not even discussed.
In a country that buys more than 70 percent of all electronics for the defense industry from the USA, China and other countries, the security infrastructure of supply chains is completely absent: from the development of a set of regulatory and technical documentation to the creation of competence centers.
In the issue of control of the imported ECB sometimes it comes to the point of absurdity. So, according to the technical assignment for conducting incoming inspection and certification tests of the electronic component base of foreign production designed for Iskander OTRK (!), The main criteria for testing were insulation resistance and a range of operating temperatures. Speech about the analysis of the topology and the search for undocumented elements does not even go.
However, in the media, there are more and more reports of the identification of Trojans in the chips. Recently it became known that Chinese military intelligence installed spy microchips on motherboards that were supplied for equipment of American companies. They were used for espionage and remote access to computer memory.
Isn't it time for the heads of competent departments and ministries, instead of lowering billions of dollars in mindless import substitution, to finally appreciate and realize the harsh reality (already known from American experience) and take the necessary measures to neutralize the threat of cyber weapon use by laying software and hardware trojans in the import ECB?
Information