The Covid-19 pandemic exposed significant deficiencies in supply chain logistics, with essentially no corner of consumerism spared. Among them, the global semiconductor chip shortage – which lasted over three years and caused significant follow-on economic, safety, and other impacts – has prompted regulatory, innovation, and technological responses to increase the resiliency and security of this small but mighty component critical to digital transformation.
Chips are used in everything from cellphones to computers, cars to sensors controlling critical infrastructure like dams and water systems. The 2020 – 2023 shortage can be attributed to a simultaneous increase in demand and decrease in supply. Pandemic stay-at-home orders that resulted in remote work and schooling caused a huge demand for computers, iPads, and other electronic devices, while also limiting production at chip manufacturing sites that were closed or operating with minimal staff. U.S. trade restrictions with China, enacted in September 2020, limited Chinese chip imports. The shortage was intensified by severe weather and fires that delayed production worldwide and a shortage of neon caused by the Russian invasion of Ukraine, a major supplier of the gas used in chip production. The surge in cryptocurrency also increased demand due to the computing power required.
“The silicon supply chain evolved to be efficient, but that also made it somewhat
brittle,” said Dominic Rizzo, CEO and founder of device integrity management company zeroRISC. The Biden Administration’s CHIPS and Science Act of 2022 is intended to reverse these trends, with $52 billion in government subsidies intended to bring chip manufacturing back to the U.S. These government subsidies prompted almost $50 billion in private company investment. By increasing domestic chip production, the thought is that U.S. resilience will improve – both with increased domestic supply chain control and decreased threat of infiltration by foreign adversaries. The possibility of a Chinese invasion of Taiwan increases this concern. Yet even with this investment, U.S. market share is only expected to grow to 14%.
While the chip supply chain largely normalized in 2023, ramifications remain, with CNBC reporting in June that Elon Musk ordered Nvidia to divert thousands of chips from publicly traded Tesla to privately-held X (formerly known as Twitter) and xAI.
Compounding the chip shortage is the issue of chip security. Andreas Kuehlmann is CEO of cybersecurity company Cycuity, which deploys its product Radix to provide security assurance for chips. “There has been a big wakeup call with the realization that chips can be attacked remotely,” Kuehlmann said. “Previously, attention was on software vulnerabilities, but chips expand the potential attack surface. “A bad actor could attack a chip, extract the encryption key, and could read everything passing through that chip while the end user believes it’s all secure,” Kuehlmann added. Threats from foreign adversaries expose chips as a key component that can threaten U.S. national security, economic resilience, and critical infrastructure.
zeroRISC has also developed a technology solution to the chip security concern. Born out of OpenTitan, described by Google as “the first open-source silicon root of trust project,” zeroRISC develops guidelines to help others leverage open-source silicon chip design that are intended to increase transparency and therefore, security and trust of devices. OpenTitan is managed by lowRISC, an independent, non-profit consortium of technology companies that includes Google, Nuvoton, Seagate Federal, and Western Digital.
zeroRISC’s open-source solution provides transparency – and therefore, security – by preventing threats hidden in the chips. “Open source reduces the leap of faith necessary to have trust in something. It’s difficult to check without being able to see the code,” Rizzo said. “Transparency through open source means there’s nowhere to hide.”
As the global reliance on semiconductor chips continues to expand, addressing both supply chain vulnerabilities and security risks remains paramount. Initiatives like the CHIPS and Science Act and private innovation are critical steps toward enhancing the resilience and integrity of this essential technology. By fostering transparency through open source designs and bolstering domestic production capabilities, the industry can mitigate future disruptions and safeguard against emerging threats, thereby securing a robust and secure digital infrastructure for the future.