They act like there's some remote control backdoor in passive components that are as simple as a resistor, as dumb as Jeff Goldblum uploading a virus into the alien computers from his Macbook.
1. US companies and German companies and Japanese companies bin parts all the time and sell remarked parts all the time. These are parts which are end runs or extended wafer runs, or overproduction that are relabeled. To the extent that the chinese are selling scrapped parts and thus stealing money from legitimate silicon companies, that's a major problem for the companies...not for the equipment/military.
2. The parts in question are not little trojan horses any more than any other legitimate devices are. To the extent the systems using them passed qualification/functional/thermal/electrical tests, it doesn't matter where they came from or what is stamped on them. There are legitimate substandard parts that may fail, and there are illegitimate functionally acceptable parts which may pass just fine. If the system testing cannot determine this at the black-box level, then it doesn't matter what the components were presented as or how they were marked.
In other words, yes the chicoms are capitalists selling parts to systems where the testing doesn't care. So what?
That is an economic pirating issue, not a functional security issue. If it is a functional issue, then that's a testing problem on the system acceptance side.
You both right, and very, very wrong.
You are correct in that there are no trojans, or secret backdoors. These are things like PROMS, transistors, capacitors, resistors and even obsolete 8 bit processors and assorted gates.
However, often these designs are very crude and poorly made copies, that can pass very basic functionality tests, but fail later on - far earlier than a ‘legitimate’ part. I’ve heard of brake pads that ‘looked’ like the real thing, but were compressed asphalt, paint and yak dung. It wasn’t until they were damp that one box of these brake pads started smelling really bad.
There are microprocessors that only have partially functional portions of the chip. Again, passing tests like continuity, gross functionality - but incapable of executing certain commands. Just enough to get past the incoming inspection screen.
It’s not unusual to buy a reel of chips, with the first 50 units being Bin fails for speed (work great on a 1 MHz tester, but fail at full operational speed), and the rest of the reel is literally “empty” packages with no die in them at all.
The threat is that when a device is “needed”, that is may fail unexpectedly - thus jeopardizing the life of the crew. This is a legitmate threat, and a serious one.
So we have nothing to worry about?
No automatic test can test every set of inputs on a modern microprocessor. It is very possible that a determined and patient enemy can imbed a back door or remote kill in enough systems to cripple an opponent’s ability to effectively respond to a threat.
There ya go again Sam, making and putting reason into a purely emotional debate... damn you sam, damn you to hell..... :)
The big issue(s) would be quality, escapism and latency. Any of the storage conditions or handling requirements could be violated and we may never know or may find out at the most inopportune time (that is what latency is all about). Intermittency and latency are the bane of quality when it comes to electronics. Of course manufacturing practices, process control, materials used, etc... all play into this as well. Of course I might not know much about that having been in the field doing QA work on microelectronics for the last 20 years.
There is no protection for IP in China - any company transferring any development or manufacturing there is asking for their IP to be ripped off and cheaply mass produced. By cheaply mass produced I mean both cheap in price and quality...
The black box might not care the first time you test it, but there are no guarantees with counterfeits after they escape your detection system. No detection system is 100% when it comes to defects testing...
I’m afraid you misunderstood what I was concerned about. It was not so much that certain parts might be used to compromise our systems. (Yes that can happen believe me I know how much “testing” tends to “miss”.)
What concerned me was an interruption of spare parts needed to wage war. If domestic industry can’t provide the parts in the quality and design required your talking about an interruption in a supply chain that poses a military threat.
“-—not a functional security issue”-—WRONG-—in spades. If one of my critical systems lets go in an unpredictable, untimely, catastrophic way I dam sure want to go eyeball-to-eyeball with the retrograde bleephole who made it AND the slimeball who sold it to me . If same bleephole is hiding in China, India Mexico etc he’s out of my reach. You go ahead and bench test all the stuff you can get your hands until you’re happy. But you’re not going to do, oh, say, a million cycle reliability test on your Heathkit Hobby Set. And my suppliers all know I got zero sense of humor. They’d better not sound like Mell Tillis ordering breakfast if something goes south. And we’re usually talking big bucks on both the hardware and consequences of failure side.
You want to test your way into quality assurance then YOU drive it.