Why Supply Chain Trust Is So Crucial to the Microelectronics Industry

By: | March 8, 2023

Zachary A. Collier, Ph.D., is an Assistant Professor of Management at Radford University. He is a Visiting Scholar at the Center for Hardware and Embedded Systems Security and Trust (CHEST). His consulting firm supports DMEA’s Trusted Access Program Office (TAPO). He can be reached at [email protected].

In much of the national conversation over supply chain challenges and possible solutions over the past year, the one factor that has often been overlooked has been the matter of trust.

The semiconductor supply chain itself has received a lot of the attention. The passage of the CHIPS and Science Act over the summer brought with it $52 billion in incentives and programs aimed at strengthening domestic semiconductor research and manufacturing.

Since then, several companies have announced new or expanded facilities here in the U.S. to the tune of an additional $200 billion in private investment. Along with the new legislation, recent export restrictions block the sale of advanced chips and chip-making equipment to China. Coupled with ongoing news about the chip shortage (or in some cases, a chip surplus), there is a growing awareness about the strategic importance of chips and the security of the global supply chains that produce them.

In response to this recognition, government managers are evaluating the applicability of existing practices to mitigate risk to microelectronics. One of these practices is known, paradoxically, as “zero trust.”

Originally, the concept of zero trust emerged from the IT security field, proposing that instead of trying to keep unauthorized users out of networks with firewalls, IT administrators should assume that adversaries are already within the security perimeter. This change in perspective means that all access requests should be granted on a per-use basis, that “least-privilege access” strategies, where users are given minimum levels of access or permissions, should be implemented. And all network activity should be logged.

The extension of zero trust to microelectronics means assuming that none of the components the government buys are safe, and so extensive testing, verification, and validation must be conducted before they can be used. This involves strategies for tracking the provenance of materials and components and attempting to detect security vulnerabilities.

While testing and traceability are certainly important for risk management, assuming that all of the components, and by extension your suppliers, in your supply chain are untrustworthy can be a costly and time-consuming strategy. This is the reason why supply chain trust is so important.

Supply chain trust has been found to increase sales volumes, lower operational costs, facilitate new business through word-of-mouth referrals, and spur innovations in both products and processes. Trust is related to faster decision making and higher team performance and profitability.

Supply chain trust is rooted in proven practices. Within the microelectronics community, trusted suppliers, such as those accredited by the Defense Microelectronics Activity’s (DMEA) Trusted Supplier Program, deliver value by providing assured access to secure components across three areas: integrity, availability, and confidentiality.

Without the need to test and validate each component, working with trusted suppliers is a proven way to access components with an assured chain of custody for the end product and the intellectual property within it.

Further, while zero trust strategies don’t necessarily address the problem of supply, an already trusted supplier can accommodate low-volume orders and facilitate assured access to “legacy” components past their commercial lifecycles.

With the wave of new investments and policy changes, this is a pivotal moment in the microelectronics industry. But “in with the new” doesn’t necessarily have to mean “out with the old”. Instead, industry and government should continue to leverage successful supply chain strategies that are already in place. Reliance on trusted suppliers remains an important and effective element of a comprehensive microelectronics assurance strategy. &

More from Risk & Insurance