The potential trade war with China over its suspect phones is raising alarm about an even larger issue for cyber security. It’s not only Huawei that poses a threat, it’s pretty much any device made with computer chips manufactured overseas, which is just about all of them.
When it comes to the ‘latest’ and greatest’ computer chips needed for the new era of 5G and beyond, there’s only a couple of places on the planet that make them. “Well unfortunately, says Matthew Hicks, who teaches computer science at Virginia Tech. "One of those is Taiwan China and another, Samsung in Korea, also not a trusted nation.”
The U.S. got out of the chip making game years ago and has no plans to bring it back on shore. Hicks says the U.S. long ago was eclipsed by larger demand for the chips from the rest of the world and the U.S. "Since we don’t make up a large part of the market it’s not feasible even for the government to create its own trusted foundry (for chip manufacture.) So, now we have to outsource fabrication of chips, which means even if we design our systems in house, we have to have somebody else to build them for us.”
And that’s an opportunity for serious trust issues. Hicks recently published a paper that might hold a solution. It’s a way to detect what they call’ trojans’ those stealthy bits of spy wear that can leave no trace. And it may help, for a time, but cyber security has a short shelf life. As soon as you surmount one hurdle, there’s a new threat attacking from another direction, like a video game, ramping up the level of difficulty, but in this case, Hicks says, with a wry chuckle, “There’s no win. it’s just a continuum of where we ar right now.”
And that means job security for cyber experts for the foreseeable future. Even though the U.S. Cyber Security community is growing rapidly, it will have to keep growing to stay ahead of other nations doing the same. Hicks is training the next batch of cyber warriors to join the ranks for a battle, not of conventional weapons, but of wit, tenacity and creativity. “(The) Security community is a great community to be part of because nothing is ever secure. So, my hope is, I stay in front of what’s going on with China and the United states, in my lab, in terms of defenses and attacks.”
Hicks teaches the red team, blue team approach, where one side looks for weaknesses and the other, for patches, creating new ways to defend data. “I’m sure at a nation state level it’s very worrisome knowing that attackers are trying to hack your system, but from an academic standpoint, it’s great coming to work, doing the research and pushing the forefront of attacks and defense and knowing there will always be that back and forth.”