Trust, but verify. Ronald Reagan said it in 1987 to characterize US-Soviet relations, and the Pentagon is saying it in 2007 to characterize its relationship with foreign-made microchips. Given the past year’s adventures in dog food, toys and toothpaste, it’s hard to fault them for their caution. A year shy of its 50th birthday, the Defense Advanced Research Projects Agency has launched the Trust in Integrated Circuits program, the goal of which is a microchip verification process. It’s basically a Pentagon Good Housekeeping Seal of Approval. A chip bearing the Trusted imprimatur will be guaranteed free of malicious content.
DARPA just issued a press release listing contract awards for the program [PDF] and some more details about what those contracts specify. Cliff notes after the jump.
It's not just offshoring that worries the Defense Department. Because the Pentagon now only makes up one percent of the global chip market, it no enjoys leverage over anyone's chipmaking techniques or policies, even that of US-based manufacturers.
It’s too expensive to build your own fab. Even the Defense Department can’t afford $3 billion every few years as state-of-the art manufacturing plants slouch toward obsolescence. NSA has a Trusted Foundries program, but as Victoria Stavridou-Coleman (former director of Intel's trust and manageability labs) told me, it “blesses a process and not a product.”
The problem is that chips are so complicated at this point that testing them, either physically or logically, is pretty much impossible. The Pentagon wants tests for hardware Trojans, back doors and kill switches (just three in its extensive database of fever dreams), and the testing needs to be nondestructive.
The project consists of three one-year phases, each phase more difficult than the previous. The Phase 1 contracts have been awarded (sorted here by almighty dollar).
| Award | Contract | Role |
| $11,941,368 | Raytheon | Hardware and Software |
| $4,521,299 | Luna Innovations | Field Programmable Gate Arrays |
| $4,484,286 | University of Southern Calif. Information Sciences Institute | Government Test Article Team |
| $2,347,760 | ISI/XRadia | X Ray Analysis |
| $940,217 | Johns Hopkins University Applied Physics Laboratory | Government Metrics Team |
| $600,000 | MIT Lincoln Labs | Government Red Team Leader |
