Will Cryptography Be Enough? The Hidden Danger – Most Computer Chips Imported

The topic was cryptography with Nathan Cummings, director of integration/application for HID Connect, talking this past Tuesday on the impact of new cryptography requirements on next generation physical access control systems. In juxtaposition, federal government and Homeland Security officials this week started beating the doom drum about the insecurity built into computer chips manufactured overseas, chips being used in business and security systems and even in high security government systems.

At the Smart Card Alliance-sponsored Smart Cards in Government Conference, Cummings touched on:

·        The complexities of cryptography and the baseline knowledge that all security professionals should have

·        Improvements required for physical security in relation to FIPS 201 implementations

·        The need for physical access control manufacturers to use the requirements developed for information security

The workshop in which Cummings talked was developed to provide physical access control system (PACS) vendors and end-users with an overview of the technologies and requirements that are driving next generation PACS designs.

Within the context of the U.S. government’s Trusted Foundry program, which encourages the building of American plants to make computer chips, red flags have recently been waved that the vast majority of chips in American use have been made outside of the U.S. The fear is that terrorists and other criminals will gain access to these offshore chip-making facilities and plant Trojan horses inside of them. It has been alleged that Israel – with U.S. help – inserted a Trojan horse in chips used by the Syrian Air Force; that the U.S. – with Canadian help -- rigged computer chips used to operate and protect a Russian gas pipeline installation; and that the U.S. National Security Agency – with the help of a Swiss cryptography firm – has so-called backdoor access into Iranian and Libyian state computers.

Should the U.S. move more aggressively to insist on the manufacturer in America of computer chips for critical uses? Email your thoughts to zaludreport@bnpmedia.com