We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
As the world becomes increasingly reliant on technology, organizations have to consider the growing threats to their supply chain. Goldman Sachs principal engineer Michael Mattioli and AMD CTO Mark Papermaster spoke about this issue at VentureBeat’s virtual Transform 2021 conference last week. They stressed that this is not a problem any single company can solve alone — changing the ecosystem will require industrywide collaboration.
The supply chain is “remarkably complex,” Mattioli said, as it goes all the way back to the design of the chip or board, which is then sent to the foundry to be manufactured. Depending on the type of component, it may pass through a series of manufacturers before it reaches an OEM like Dell, HP, or Lenovo; a reseller like CDW; or a retailer like Best Buy. After all this, it’s finally shipped to the end user. Along each step of the way, the piece is handled by different companies and modes of transport (ship, truck, etc). That leaves a lot of different points where a malicious actor could sneak in a change or tamper with a step.
“People are motivated in a variety of different ways to do something malicious. It could be counterfeiting so that they could make money. It could be espionage so that they could steal data,” Mattioli said.
The idea that there may be a counterfeit or tampered-with component is a worrying one. Organizations don’t want to have a product that is performing less efficiently or is less capable than it should be, which can have an impact on how long the product lasts before breaking or how long it takes to complete jobs. Even worse, such a device can no longer be trusted and may be stealing data or performing actions the user is not aware of.
Different companies have built tools to tackle their part of the supply chain, like AMD, which has some technologies in place to detect whether chips have been tampered with or a counterfeit component is being used. But at this time, there’s really nothing that can detect or deter supply chain threats end-to-end, Papermaster said. Even Apple and Amazon, despite their clout, do not have full control over their supply chains.
Papermaster said the big question is “Are we doing enough as an industry? [Regarding] that web of the supply chain, how do we collaborate more?”
The only way companies are going to get a better grasp of the supply chain is through industrywide and ecosystem-wide participation and cooperation, Papermaster and Mattioli reiterated. Goldman Sachs and AMD recently joined the Trusted Computing Group and the Global Semiconductor Alliance to encourage industry collaboration. The relationship is a technical one to develop open standards, create interoperable technology, and share build processes in order to ensure nothing has been tampered with. It is also a business relationship, as these companies have to figure out how best to work together on a shared goal.
Artificial intelligence and machine learning can help tackle one of the technical challenges using a technique called fingerprinting, Mattioli said. This method uses the specific information about a piece of hardware — such as voltage, temperature, and frequency, which can be found with hardware performance counters — to create a unique profile of a product that can be tracked throughout its entire lifecycle. “If you did that with all the components on the board, not only can you get a fingerprint of just that one component, but you can get a fingerprint of every other component and then the whole board itself and then the whole system itself,” Mattioli explained. If companies can agree on how to share the data that creates that fingerprint, authenticity can be confirmed at every step of the supply chain using AI.
Fingerprinting would also be useful for detecting counterfeit products since the technique doesn’t require visual inspection. Counterfeit products are sophisticated enough that they are becoming increasingly difficult to visually identify as fake. In some cases, an X-ray would be needed to identify the component, but that is a time-consuming process and not always available. Being able to use fingerprinting to check for counterfeiting “saves a lot of headache and frustration,” Mattioli said.
Papermaster noted that although AI and ML can be helpful tools, the success of technological security ultimately hinges on the cooperation between companies. “[It’s] an incredibly exciting area, and lots more innovation [is coming] in this space, with the industry collaborating together and leveraging these AI techniques,” Papermaster said.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.