Zero Trust-Like Approach Needed for Microelectronics Industry, Former DOD Official Says

A former Defense Department official is recommending the U.S. take an approach to shoring up the microelectronics supply chain akin to the zero-trust model for cybersecurity rather than overemphasize onshoring and subsidizing as a silver bullets. 

As a global chip shortage rages, lawmakers are grappling with how to ensure not only that Americans are able to buy products like cars and smartphones, but also how DOD and the intelligence community can be sure the technologies they rely on are available and safe to use. 

While it’s unlikely that a solution capable of handling a 13.2% year over year demand growth will materialize overnight, the crisis is attracting attention from the highest levels of the federal government. Two of the most prominent efforts in this area are an executive order President Joe Biden signed in February mandating supply chain reviews and in the Creating Helpful Invectives to Produce Semiconductors, or CHIPS, for America Act. The Senate-passed U.S. Innovation and Competition Act includes the more than $50 billion in funding needed to realize the CHIPS Act. 

Lending an added sense of urgency to the semiconductor issue is competition with China, which is investing heavily in microelectronics. But during a hearing before the House Permanent Select Committee on Intelligence’s Strategic Technologies and Advanced Research subcommittee, a former deputy undersecretary of defense for research and engineering cautioned lawmakers against depending on the creation of trusted onshore foundries and the limitation of actors in the supply chain to only those who can be trusted as a solution. 

“Such a perspective is not only naive but also dangerous,” Lisa Porter, who also previously served as the first director of the Intelligence Advanced Research Projects Activity, during her opening remarks at the Tuesday hearing. 

Porter argued that this kind of approach actually makes the U.S. less secure, because it draws a false equivalency between onshoring and security—not to mention, closing the U.S. off from the rest of the global microelectronics enterprise isn’t feasible. Instead, she argued, the U.S. should replicate the zero-trust cybersecurity philosophy—which generally means taking a never-trust, always-verify approach and is being adopted across the federal government—for microelectronics. 

“If you think you're going to build something onshore and therefore make it safe just because it's onshore with a nice barrier to entry, you're already creating a vulnerability,” Porter said, raising the Edward Snowden case as an example of where this thinking fails. “So, however the [intelligence community] decides it wants to ensure it has, you know, an access to capability, it needs to do the trade-in risk properly and it needs to understand every time it tries to drive to zero risk, what it does is create a huge opportunity cost, and what I mean by that is it walls itself off from access to the state-of-the-art chips that are being developed.”

The reality is the U.S. is never going to be able to control the entire semiconductor supply chain, Porter said. Instead, it's better off working to help set international standards to hold the global industry accountable regardless of where a company is located. 

Porter also expressed opposition to the kind of investment of taxpayer dollars to create a subsidy environment, though she did caveat later that she supports research and development investments, including some of the initiatives called for in the CHIPS Act. But ultimately, the supply side is not what’s driving the industry, according to Porter, it’s demand from companies like Apple and Qualcomm. 

“Any attempts by the US government to influence this complex market should focus on the incentives of the demand signals driving the market, for example through standards, and extreme caution should be exercised before any subsidies are provided to the supply side,” Porter said. “The government by its very nature is ill suited to pick winners and losers in the market, any subsidy targeting a specific part of such a complex value chain, or even worse, specific companies within the chain, will weaken the competitive forces of a free market that correct for poor performance, and poor alignment with the market demand.”