DARPA Chip Effort Pivots to Securing US Supply Chain
A three-year-old Defense Department electronics initiative is bearing fruit in the form of public-private partnerships in areas ranging from post-Moore’s Law chip architectures to the growing national security requirement of securing the microelectronics supply chain.
The Defense Advanced Research Projects Agency launched its Electronic Resurgence Initiative (ERI) in 2017 to help reboot a domestic chip industry that has been moving steadily offshore for decades. Supply chain vulnerabilities exposed by the pandemic have lent urgency to the DARPA effort as Moore’s Law runs out or steam. Program officials and chip industry executives foresee the emergence of a “5th generation of computing” based on current cloud infrastructure while combining AI, the Internet of Things (IoT) and 5G wireless networks to deliver big data.
“The U.S. microelectronics industry is at an inflection point,” Ellen Lord, undersecretary of defense for acquisition and sustainment, told the virtual ERI summit. After decades of offshoring of chip fabrication, packaging and testing capabilities, “How do we reverse this trend?”
The Defense Department is expanding its technology base efforts by implementing what Lord called a “step-by-step process for reconstituting the microelectronics supply chain,” focusing on various segments of the semiconductor ecosystem, including memory devices, logic, ICs and advanced packaging along with testing and assembly.
“While DoD does not drive the electronics market,” constituting only about 1 percent of demand, “we can drive significant R&D,” Lord said. ERI is advancing public-private partnerships that provide a framework for commercial innovation. The result, Lord added, would be “pathfinder projects” geared toward a renewal of U.S. chip manufacturing.
As trade frictions with China grow, ERI is placing greater focus on ensuring the pedigree of U.S. electronics supply chain. “We need to find a path to domestic sources,” said Lord.
While nurturing government-industry partnerships as part of an emerging next-generation U.S. industrial policy, this year’s DARPA summit also emphasized chip standards and processes for securing fabs, foundry services, devices and foundational microelectronics. In that vein, U.S. officials stressed new chips metrics like “quantifiable assurance” to secure dual-use devices that could end up in weapons or an IoT device.
“Our interests to protect both the confidentiality and the integrity of our supply chain are aligned with commercial interests, and we will continue to work across government and industry to develop and implement our quantitative assurance strategy based on zero trust,” said Nicole Petta, principal director of DoD’s microelectronics office.
The “zero trust” approach assumes no device is safe, and that all microelectronics components must be validated before deployment. The framework marks a philosophical departure from DoD’s “trusted foundry” approach instituted in the 1990s, largely because “perimeter defenses” failed to account for insider threats.
“ERI is foundational to that work,” Petta added.
DARPA has a long history of forging public-private technology partnerships, focusing on high-risk R&D, then attempting to field dual-use technologies to boost U.S. military capabilities while sustaining the U.S. industrial base. The ARPANET implementing the TCP/IP protocols is a prime example.
Ticking off a growing list of industry-university partnerships, Dev Palmer, deputy director of DARPA’s Microsystems Technology Office, noted, “Two heads are better than one.”
Among the microelectronics efforts is an ARM-led project in which the chip IP vendor is licensing its low-power processor technology to DoD contractors under a ERI program called N-Zero, for Near Zero Power RF and Sensor Operations. Palmer said ARM is providing 1,000 license seats to access its low-power technology to be used in unattended sensor designs.
Other ERI projects are focusing on reducing the increasing number of processor vulnerabilities. Microsoft is working with SRI International and Cambridge University on SSITH, or System Security Integration Through Hardware and Firmware. The effort has so far developed RISC-V-based FPGAs that are being incorporated into commercial designs.
DARPA’s Palmer said the goal is developing ASICs that can be embedded into servers, IoT devices and smartphones. The effort is also geared toward replacing security patches that address only software applications. SSITH would instead focus on “underlying hardware vulnerabilities at the source.”
Wireless chip makers such as Qualcomm are using similar on-chip security features in the next generation of components aimed at 5G wireless “small cells.”
Palmer said the SSITH partners have so far mitigated more than 70 percent of processor vulnerabilities, helping to reclaim crowded IC real estate currently reserved for security patches.
ERI is also placing greater emphasis on 5G wireless development, which is increasingly seen as strategic technology. Qualcomm is working with GlobalFoundries and the Air Force Research Laboratory to enable DoD use of commercial wireless technologies. The “quantifiably assured manufacturing” effort would validate tools used in designing wireless chips while demonstrating defenses against possible attacks.
Those assured manufacturing efforts represent another instance where DARPA is moving beyond DoD’s trusted foundry model—which not only remained vulnerable to insider threats but also have slowed DoD technology adoption. That’s because current trusted facilities can’t handle leading-edge processor technology.
Quantifying chip security risks would therefore expand Pentagon access to more advanced chip designs, Petta said.