[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
[H.A.S.C. No. 114-63]
ASSESSING DOD'S ASSURED ACCESS
TO MICROELECTRONICS IN SUPPORT OF U.S. NATIONAL SECURITY REQUIREMENTS
__________
HEARING
BEFORE THE
SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS
OF THE
COMMITTEE ON ARMED SERVICES
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
FIRST SESSION
__________
HEARING HELD
OCTOBER 28, 2015
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS
VICKY HARTZLER, Missouri, Chairwoman
JEFF MILLER, Florida JACKIE SPEIER, California
K. MICHAEL CONAWAY, Texas JIM COOPER, Tennessee
JOSEPH J. HECK, Nevada HENRY C. ``HANK'' JOHNSON, Jr.,
AUSTIN SCOTT, Georgia Georgia
MARTHA McSALLY, Arizona GWEN GRAHAM, Florida
Heath Bope, Professional Staff Member
Mike Amato, Professional Staff Member
Mike Casey, Professional Staff Member
Spencer Johnson, Counsel
Lindsay Kavanaugh, Professional Staff Member
Abigail Gage, Clerk
C O N T E N T S
----------
Page
STATEMENTS PRESENTED BY MEMBERS OF CONGRESS
Hartzler, Hon. Vicky, a Representative from Missouri, Chairwoman,
Subcommittee on Oversight and Investigations................... 1
Speier, Hon. Jackie, a Representative from California, Ranking
Member, Subcommittee on Oversight and Investigations........... 2
WITNESSES
Baldwin, Kristen, Principal Deputy Assistant Secretary of Defense
for Systems Engineering........................................ 7
Gudger, Andre, Acting Deputy Assistant Secretary of Defense for
Manufacturing and Industrial Base Policy....................... 6
Hamilton, Brett, Chief Engineer for Trusted Microelectronics,
Naval Surface Warfare Center Crane Division.................... 9
Mak, Marie, Director, Acquisition and Sourcing Management Team,
Government Accountability Office............................... 4
APPENDIX
Prepared Statements:
Gudger, Andre, joint with Kristen Baldwin and Brett Hamilton. 39
Hartzler, Hon. Vicky......................................... 27
Mak, Marie................................................... 29
Documents Submitted for the Record:
[There were no Documents submitted.]
Witness Responses to Questions Asked During the Hearing:
[There were no Questions submitted during the hearing.]
Questions Submitted by Members Post Hearing:
Mrs. Hartzler................................................ 57
Mr. Hunter................................................... 62
Mr. Wilson................................................... 60
ASSESSING DOD'S ASSURED ACCESS TO MICROELECTRONICS IN SUPPORT OF U.S.
NATIONAL SECURITY REQUIREMENTS
----------
House of Representatives,
Committee on Armed Services,
Subcommittee on Oversight and Investigations,
Washington, DC, Wednesday, October 28, 2015.
The subcommittee met, pursuant to call, at 3:46 p.m., in
room 2118, Rayburn House Office Building, Hon. Vicky Hartzler
(chairwoman of the subcommittee) presiding.
OPENING STATEMENT OF HON. VICKY HARTZLER, A REPRESENTATIVE FROM
MISSOURI, CHAIRWOMAN, SUBCOMMITTEE ON OVERSIGHT AND
INVESTIGATIONS
Mrs. Hartzler. Welcome, everyone. Thank you so much for
your patience and for coming today and for being here.
The Department of Defense is highly reliant on acquiring
customized and commercial off-the-shelf computers,
communications equipment, integrated circuits, application
software, and other information communications technology to
maintain its crucial advantage over our adversaries, and in
support of partner nations and allies around the world.
The Department strives to develop cutting-edge technology
that provides superior capabilities to the warfighter to
fulfill critical mission operations. In order to achieve that
goal, the Department is dependent in part on its ability to
incorporate rapidly evolving leading-edge microelectronic
devices into its defense systems, including technologies for
which there is little or no commercial demand.
More concerning, and with increasing frequency, commercial
business trends are forcing the Department and its commercial
supplier base to rely on foreign-owned companies to produce
some of the most advanced technology solutions.
Although the globalization of the semiconductor industry
has increased the pace of technological innovation, it also
raises national security concerns for the United States. The
functionality of the Department's mission-critical systems and
networks extensively leverages commercial, globally sourced
microelectronics. However, this consequently provides state and
non-state adversaries an opportunity to corrupt our supply
chain.
At one end are counterfeit microelectronics, which can have
detrimental performance impacts on our systems, all the way to
systems specifically designed to introduce malicious code into
the supply chain and otherwise gain illicit access to the
Department's military systems and networks.
In 2003, the Defense Science Board Task Force on High
Performance Microchip Supply concluded that the Department had,
and I quote, ``no overall vision of its future microelectronics
components needs and how to deal with them. Technology and
supply problems are addressed as they arise. An overall vision
would enable the Department to develop approaches to meeting
its needs before each individual supply source becomes an
emergency,'' unquote.
Not until 6 years later, in 2009, and in response to
legislation contained in the fiscal year 2009 National Defense
Authorization Act, did the Department develop a strategy to
address the issue of assured access to secure and reliable
microelectronics. But even today the implementation and
successful execution of that strategy is questionable, and the
uncertainty of the Department's ability to maintain military
superiority in critical leading-edge microelectronics
technology is in doubt by many on this committee.
Recently, the Committee on Foreign Investment in the United
States approved the acquisition of IBM's [International
Business Machines] microelectronics foundry, the Department's
sole source U.S.-based supplier for leading-edge
microelectronics, by a foreign-owned company. Now that the IBM
is no longer available as a guaranteed source for the
Department's needs for trusted microelectronics, the Department
is facing potentially alarming vulnerabilities as a consequence
of relying on a sole source supplier for leading-edge
microelectronics for the past 10 years.
The risk to the Department increases dramatically with the
loss of IBM's Trusted Foundry and will be further exacerbated
as long as no clear solution exists for how the Department
plans to mitigate this challenge. Together, we must solve the
challenges confronting the Department's assured access to
trusted microelectronics in a long-term, sustainable,
efficient, and most important, affordable fashion.
Today at this hearing we hope to learn more about the risks
and issues confronting the Department in acquiring secure,
trusted leading-edge microelectronics. And we hope to
understand more about the Department's strategy and any course
corrections needed to address these issues.
But before I introduce the witnesses, I turn to the
Oversight Investigation Subcommittee ranking member for her
opening remarks, anything she would like to make.
[The prepared statement of Mrs. Hartzler can be found in
the Appendix on page 27.]
STATEMENT OF HON. JACKIE SPEIER, A REPRESENTATIVE FROM
CALIFORNIA, RANKING MEMBER, SUBCOMMITTEE ON OVERSIGHT AND
INVESTIGATIONS
Ms. Speier. Thank you, Madam Chair.
I would like all of us to imagine the following frightening
scenario: Hostilities in the South China Sea are at their peak,
the U.S. Navy has formed a blockade around disputed islands,
and alarms sound on the bridge of one of our ships. There are
aircraft approaching our blockade when suddenly all the
monitors on the bridge go dark.
Why is this happening? Well, in our hypothetical story,
because the semiconductor manufacturers who created parts for
the ship's radar system was based in China, and 5 years earlier
the Chinese Army had placed a kill switch in our radar. We have
just lost the war without ever firing a shot.
This is a stark example, but it is entirely possible. As
our reliance on microelectronics grows and the world's
production of these components continues its overwhelming shift
to Asia, the risk grows right alongside it.
We must be acutely aware that production of these
components overseas is a critical vulnerability for the United
States. It allows our adversaries an opportunity to corrupt
critical infrastructure and introduce malicious code, greatly
increases the loss of intellectual property, and it could cut
off our access to critical technologies or disrupt supply.
We know that our adversaries are committed in their effort
to counter, copy, or kill our weapons and target our
technological edge. We should not make it easy for them. We
should also be doing everything we can to harness the
innovative power of technology companies right here in the
United States so that we can pull ourselves back ahead of the
curve on this issue.
As the microelectronics production migrates to Asia, we
should be investing in the work of capable entrepreneurs and
researchers, like those in Silicon Valley, to ensure they
develop future technologies that will give us assured access to
alternative trusted sources of leading-edge components.
Hardware is an especially critical part of this puzzle.
Compared with software, hardware vulnerabilities are harder to
detect, more destructive, and harder to repair.
Integrated circuits in microelectronics are used in
everything from cruise missiles to drones and classified
computer systems. Building a kill switch into a computer chip
could mean embedding as few as 1,000 transistors hidden
throughout the hundreds of millions that are already in the
original design. It could shut down a radar system, steer a
missile off course, or cause an airplane engine to fail
catastrophically.
The steps we have already taken, such as establishing the
Trusted Defense System Strategy, the Trusted Access Program,
and the Trusted Foundry Program, are critical. But we must do
more. We have to figure out a way to stay ahead of this threat
and provide the Department of Defense and the intelligence
community with a stable domestic supply chain while maintaining
a leading edge on microelectronic devices that have no
commercial demand.
We must also do more to collaborate with the private sector
and develop innovative ways around this problem. Technology
innovators throughout my district push the envelope of what is
possible every day. But as we all know too well, pushing the
envelope inside the halls of the Pentagon often takes time, too
much time.
I look forward to hearing from our witnesses and their
analyses of future technological developments and the current
progress towards ensuring access to trusted mission-critical
microelectronics.
And I would like to thank Mrs. Hartzler for holding this
hearing today, and I yield back.
Mrs. Hartzler. Thank you, Ranking Member Speier.
Our witnesses with us today are Ms. Marie Mak from the
Government Accountability Office [GAO]. And she is the Director
of the Acquisition and Sourcing Management Team for GAO. Mr.
Andre Gudger from the Office of the Secretary of Defense. He is
the Acting Deputy Assistant Secretary of Defense for
Manufacturing and Industrial Based Policy. Ms. Kristen Baldwin,
also from the Office of the Secretary of Defense. And she is
the Principal Deputy Assistant Secretary of Defense for Systems
Engineering. And Mr. Brett Hamilton, a government
representative of the United States Navy. He is the Chief
Engineer for Trusted Microelectronics in the Flight Systems
Division of the Global Deterrence and Defense Department at the
Crane Division of the Naval Surface Warfare Center located in
Crane, Indiana.
So thank you all for being with us today. And we will now
begin with our opening statements.
So, Ms. Mak, we will begin with you as soon as you are
ready to proceed. Thank you.
STATEMENT OF MARIE MAK, DIRECTOR, ACQUISITION AND SOURCING
MANAGEMENT TEAM, GOVERNMENT ACCOUNTABILITY OFFICE
Ms. Mak. Thank you. Good afternoon, Chairwoman Hartzler,
Ranking Member Speier, and members of the subcommittee. Thank
you for inviting me here today to discuss GAO's work on DOD's
[Department of Defense's] effort to provide access to trusted
leading-edge microelectronics.
DOD's ability to provide superior capabilities to the
warfighter is dependent in part on its ability to incorporate
rapidly evolving leading-edge microelectronic devices into its
defense systems while balancing national security concerns.
However, market trends have created challenges for DOD.
Increasing capital costs to make and produce these devices can
be several billion dollars annually. This has resulted in
increased specialization and consolidation by industry.
Once dominated by domestic sources, microelectronics
manufacturing is now largely conducted outside the U.S.,
primarily in Asia, and largely focused on high-volume
production and short life cycles driven by demand for customer
electronics. In contrast, DOD requirements for microelectronics
tend to be low volume, with unique requirements, that generally
are needed for very long periods because weapon systems are
often sustained over decades.
My statement today largely leverages off of our April 2015
sensitive but unclassified report on this topic. The two areas
that I would like to highlight today are, first, the
implementation of the Trusted Supplier Program, and, second,
the extent the Trusted Supplier Program provides for DOD's
current and future access to leading-edge trusted
microelectronics.
DOD developed the Trusted Supplier Program as part of its
overall Trusted Defense System Strategy. This strategy focuses
on assessing DOD programs for their vulnerabilities and
developing policies for requiring trust, meaning all the people
and processes used to design, manufacture, and distribute
national security critical components must be assessed for
integrity. In 2006, DOD began expanding the number of trusted
suppliers through an accreditation process, but only one had
the capabilities to provide leading-edge technologies that meet
their needs.
Despite DOD's efforts to expand the number of trusted
suppliers, it did not address alternative sources for leading-
edge microelectronics. It largely focused on two elements of
risk: integrity, keeping malicious content out, and
confidentiality, keeping critical information from getting out.
However, the strategy did not address the risk of relying on a
single supplier, leading to DOD's dependence on it for over a
decade. As a result, DOD is currently in a situation where,
potentially, there are no good answers to address the ``what
now?'' question.
And that brings me to my second point: DOD's current and
future access to leading-edge trusted microelectronics. Over 10
years ago, a Defense Science Board Task Force stated that the
pace of these technologies being manufactured offshore was
alarming due to its strategic significance to the U.S. economy
and DOD's ability to maintain a technological advantage, and
concluded at that point that urgent action was needed.
DOD sought to mitigate this risk by awarding a contract to
the only U.S.-owned corporation that could meet DOD's needs for
trusted leading-edge microelectronics. Yet relying on this
single supplier all this time created uncertainty regarding
current and future access and its capabilities. In July 2015,
the single provider transferred its microelectronics
fabrication business to a U.S.-based foreign-owned entity,
resulting in increased uncertainties about DOD's access.
Our work this past year found that in the short term, DOD
has no alternatives to the leading-edge microelectronics. As a
result, there are risks for the DOD programs that use these
technologies.
For the longer term, we reviewed various options, including
ongoing research and the possibility of a government-owned
fabrication facility, the details of which are sensitive and
therefore cannot be discussed in this forum. However, I would
be happy to discuss them at a later time at your convenience.
But the bottom line is that not only is the U.S. reliant on
a single provider, it now faces the unknown risk of relying on
one that is foreign owned. DOD is in a position where it faces
some very difficult and complex decisions with potentially
significant costs and national security implications.
Microelectronics is just the latest of several defense
industrial base issues. Other examples include rare earth
materials, specialty metals, and counterfeit parts. We need an
industrial base strategy that is much more proactive and less
reactive.
Chairwoman Hartzler, Ranking Member Speier, members of the
subcommittee, this completes my prepared statement. I would be
pleased to respond to any questions that you may have at this
time.
[The prepared statement of Ms. Mak can be found in the
Appendix on page 29.]
Mrs. Hartzler. Thank you, Ms. Mak. That was very
informative.
So, Mr. Gudger, you are now recognized for your opening
statement.
STATEMENT OF ANDRE GUDGER, ACTING DEPUTY ASSISTANT SECRETARY OF
DEFENSE FOR MANUFACTURING AND INDUSTRIAL BASE POLICY
Mr. Gudger. Thank you. Madam Chairwoman Hartzler, Ranking
Member Speier, and distinguished members of the subcommittee,
my name is Andre Gudger. I am the Acting Deputy Assistant
Secretary for Defense for Manufacturing and Industrial Base
Policy, and I appreciate the opportunity to testify today. I am
joined here to my left with Ms. Kristen Baldwin, Principal
Deputy Assistant Secretary of Defense for Systems Engineering,
and to her left, Mr. Brett Hamilton, Naval Surface Warfare
Center Crane.
The role of the Office of Manufacturing and Industrial Base
Policy is to advise the Secretary of Defense on all matters
related to the defense industrial base. My office assesses
proposed mergers, acquisitions, and foreign investment
involving defense-related companies. Additionally, we assess
the entire defense industrial base, make recommendations to the
Secretary about its health, and then, when necessary, utilize
DOD authorities to advance, sustain, shape, and support the
industrial base.
In particular, the global semiconductor industry is a key
growth sector in the global economy. The U.S. semiconductor
industry dominates 50 percent of the global market share.
However, as technology and demand have advanced, it has driven
the dynamics of this industry in a way that presents distinct
challenges for DOD.
The Department relies on innovation and commercialization
of the U.S. semiconductor industry to maintain a healthy
industrial supply for its systems. The escalating costs of
investment for innovation in this industry is the single
biggest factor facing U.S. suppliers wrestling with the
decision to either join forces with other cash-rich entities
making the necessary billion-dollar investment or simply quit
the costly manufacturing business altogether.
The DOD is less than 1 percent market share and has minimal
influence over the semiconductor industry. The Department
considers the dwindling number of domestic microelectronics
manufacturers as a significant risk and may affect the most
advanced microelectronics for the defense systems and platforms
that must remain technology superior to our adversaries who are
gaining traction through global industry players.
In July of 2015, GlobalFoundries purchased IBM's U.S.-based
Trusted Foundry, creating concerns associated with the
Department's reliance on a sole source and single-qualified
IBM-based technology component. These components are designed
specifically for and used in many of DOD's major defense
acquisition programs.
DOD, the intelligence community, and the Department of
Energy assessed how the loss of access to IBM's Trusted Foundry
would disrupt their current and future national security
programs. For the DOD, the total cost of loss assessed would be
greater than a billion dollars. And given the research,
redesign, prototyping, requalification tests, reproduction
costs required to replace the required Trusted Foundry
components, it is unknown. Operationally, the consequences of
interrupting the national security programs that use these
components are incalculable.
Based on this assessment, the Department determined that
the top priority is continuity of supply for these unique
trusted products over the short- and mid-term. Concurrently, my
office coordinated with other DOD elements, including the
Defense Microelectronic Activity and the Defense Security
Service, to ensure GlobalFoundries could obtain the appropriate
accreditations to be a DOD trusted supplier post this
transaction. The Department continues to work closely with
GlobalFoundries as a source for the U.S.-based defense
microelectronics.
The Department continually conducts vigorous analysis of
global markets to ensure the U.S. industrial base remains
vibrant, competitive, and supporting all of DOD's needs. The
Department's conducting a microelectronics industrial base
study. The study goal is to lay a foundation for a dynamic
partnership with key microelectronic industry players. A team
of government experts interviewed, conducted site visits at
several selected microelectronic companies, exchanging views
with the Department on how we could pursue business models that
would be consistent with industry.
The study both made assessments of industry current
capabilities, it summarized the voice of industry, and it is
making recommendations on how the Department can engage the
microelectronics marketplace not just today, but beyond. At the
study's conclusion, the team will recommend strategies to the
Department's requirements while addressing sustainable
commercial strategy for the future.
Additionally, the Department is taking steps to proactively
identify our current and future critical suppliers in fragile
sectors, like that of the microelectronics industry. The
Department is deploying business intelligence tools utilizing
big data principles to leverage the latest technologies and
analysis techniques. This will allow DOD to engage proactively
in the future to ensure that we have access to commercially
driven technologies that maintain the military advantage on the
battlefield.
I would like to thank the committee for allowing me to
speak today. As you can see, the Department is focused on
addressing the challenges that are stemming from domestic and
global microelectronics industry trends as DOD expands its
Trusted Defense System Strategy. I look forward to answering
any questions that you may have. Thank you.
[The joint prepared statement of Mr. Gudger, Ms. Baldwin,
and Mr. Hamilton can be found in the Appendix on page 39.]
Mrs. Hartzler. Thank you.
Ms. Baldwin, you are now recognized for your opening
statement.
STATEMENT OF KRISTEN BALDWIN, PRINCIPAL DEPUTY ASSISTANT
SECRETARY OF DEFENSE FOR SYSTEMS ENGINEERING
Ms. Baldwin. Madam Chairwoman Hartzler, Ranking Member
Speier, members of the committee, I am pleased to come before
you today to testify about the Department of Defense's assured
access to microelectronics.
For a number of years the Department has been on a path to
implement a Trusted Defense System Strategy. Codified in policy
in 2012, this strategy manages risks to our systems from
foreign intelligence collection, supply chain exploitation, and
battlefield loss.
DOD acquisition programs conduct program protection
planning activities throughout the life cycle to mitigate
opportunities for adversaries to sabotage or subvert mission-
critical system functions, system designs, and critical
components of our systems.
Critical components may be comprised of software, firmware,
or hardware, whether specifically designed for DOD or
commercially sourced. The protection of critical components is
addressed through secure engineering designs and architectures,
supply chain risk management practices, software and hardware
assurance activities, and antitamper techniques.
Program protection planning gives special attention to
application specific integrated circuits, or ASICs. For ASICs
that are custom designed, custom manufactured, or tailored for
specific DOD military use, DOD requires they be procured from a
trusted supplier accredited by the Defense Microelectronics
Activity, or DMEA. DMEA manages the Trusted Supplier Program.
DMEA accredits suppliers as trusted in the areas of
integrated circuit design, aggregation, brokerage, mask
manufacturing, foundry, post-processing, packaging and
assembly, and test services. These services cover a broad range
of technologies and are intended to support both new and legacy
applications, both classified and unclassified.
There are currently 72 DMEA-accredited suppliers covering
153 services, including 22 suppliers that can provide full-
service trusted foundry capabilities. One of these full-service
trusted foundries is the GlobalFoundries trusted foundry.
In addition to trust, this trusted foundry provides the
U.S. government guaranteed access to leading-edge trusted
microelectronic services. For these leading-edge, state-of-the-
art microelectronics technology needs, the Department is
concerned not only with trust and protection of our designs,
but also the ability to compete for access to these
technologies with commercial customers who command high-volume
production requirements in comparison with typical low-volume
needs of the Department. The trusted foundry has served DOD and
interagency needs since 2003.
Another important aspect of program protection is hardware
and software assurance or the evaluation of our
microelectronics components and our software to ensure they
function as intended and have not been altered. Last year the
Department established a Joint Federated Assurance Center,
federating expertise, tools, and methods to support acquisition
program hardware and software assurance needs. The Naval
Surface Warfare Center at Crane serves as the chair of this
federation, the Hardware Assurance Technical Working Group. In
this role, Crane leads coordination of the core hardware
assurance laboratories across the Army, Navy, Air Force, and
NSA [National Security Agency].
Looking ahead, the Department must seek options that enable
both trust and access to needed microelectronics capability
from the commercial marketplace. Research is ongoing at the
Defense Advanced Research Projects Agency, the Intelligence
Advanced Research Project Agency, and also in our military
departments, to advance technologies such as improved hardware
and software assurance tools for analyzing provenance and
functionality; embedded sensors that can uniquely identify and
track a device and whether any tampering has occurred; new
microelectronics design techniques to enable transfer of
production from one foundry to another, mitigating risk from
losing access to a particular supplier; and the ability to
disaggregate chip designs and manufacture subcomponents in
different locations.
Demonstration and transition of technologies such as these
will augment the enduring foundations of program protection
planning, supply chain risk management, systems security
engineering, our DMEA, and the network of certified trusted
microelectronics suppliers, and the federation of tools and
expertise to evaluate hardware and software that are central to
the Department's Trusted Systems Strategy.
Thank you very much.
[The joint prepared statement of Ms. Baldwin, Mr. Gudger,
and Mr. Hamilton can be found in the Appendix on page 39.]
Mrs. Hartzler. Thank you, Ms. Baldwin.
And now last but certainly not least, Mr. Hamilton, very
excited to see your show-and-tell that you brought as well.
STATEMENT OF BRETT HAMILTON, CHIEF ENGINEER FOR TRUSTED
MICROELECTRONICS, NAVAL SURFACE WARFARE CENTER CRANE DIVISION
Mr. Hamilton. Thank you, Madam Chairwoman Hartzler, Ranking
Member Speier, members of the committee. I appreciate the
opportunity to come before you today to testify about our
efforts related to microelectronics assurance.
So microelectronics hardware provides the root of trust for
many DOD [and] intelligence community systems. It is absolutely
critical that this hardware be both trustworthy and reliable to
perform as designed when needed. This is a critical national
issue as trustworthy microelectronics hardware is also
prevalent in many vital areas of the global economy, such as
energy, transportation, banking, and commerce industries.
The Joint Federated Assurance Center laboratories, referred
to as JFAC, have a long history of assuring microelectronics
integrity, including support of the Navy Strategic Systems
Program and NSA's cryptographic systems. These government
laboratories are unique in the expertise and the capability
that address the malicious threat and have experience in
safeguarding sensitive information relating to uncovered
threats and vulnerabilities, specialized analysis techniques,
and details of systems use.
In order to better quantify the system risk, continued
technical reconnaissance is needed to enable a more proactive
stance in identifying potential vulnerabilities. Threats
assessments can be greatly assisted by taking advantage of the
capabilities of other government agencies, such as law
enforcement and the intelligence community. The JFAC is
exploring information-sharing opportunities with the
intelligence, counterintelligence, and law enforcement
communities to provide additional insight into the amount of
risk associated with particular microelectronics components.
For example, the Air Force Office of Special Investigation
has made available select microelectronic components obtained
through investigative liaison efforts for forensic analysis.
The counterintelligence perspective enables a more thorough
assessment of the threat.
Microelectronics technology driven by the commercial sector
is advancing at a very rapid pace. It is therefore critical
that our JFAC labs establish technical capability in the area
of emerging technology. For example, Naval Surface Warfare
Center Crane has utilized Naval Innovative Science and
Engineering R&D [research and development] opportunities and
Naval Sea Systems Command capital improvement program to
greatly enhance its microelectronics trust verification
capabilities over the past few years.
These capability enhancements also support the Navy's
traditional failure analysis and high reliability
microelectronics missions which require similar expertise and
equipment. The capability is currently supporting the Navy's
JFAC hardware assurance pilot program and several other
programs of record in the area of trusted assurance, including
extensive work with the Strategic Systems Program and
Integrated Warfare Systems.
Access to design information is very important to the
ability to cost effectively perform independent verification of
microelectronic components. If these files and other design
information are delivered to the government as one of the
deliverables in a contract, the time and cost to verify these
components can be minimized. The term ``acquire to verify'' has
been coined to promote this idea.
JFAC members are compiling lessons learned from current and
recent design efforts to generate a general design guide that
will include best practices to support independent verification
for trust assurance.
It is also critical to establish and maintain relationships
with microelectronic manufacturers. This is particularly
important in the case of commercial parts where the design
information is held by these manufacturers. A few such
relationships have been fostered by DOD organizations, and they
have proven to be very beneficial to trust verification
efforts.
Not only is the semiconductor manufacturing environment
evolving, but so is the threat. There is a growing concern
pertaining to unauthorized remanufactured parts, often referred
to as clones, which not only pose a potential malicious threat,
but also reliability concerns, as very poor quality has been
observed in these parts.
Finally, there has been an alarming increase in the number
of academic publications discussing the implementation of
hardware Trojans. Therefore, we must stay vigilant and evolve
our approach to ensure trust in such a dynamic environment.
Thank you. And I welcome your questions.
[The joint prepared statement of Mr. Hamilton, Mr. Gudger,
and Ms. Baldwin can be found in the Appendix on page 39.]
Mrs. Hartzler. Thank you, Mr. Hamilton.
I would just start with you. You brought some examples
there. Do you want to share a little bit about those, why you
brought them, and what the implications to our hearing today?
Mr. Hamilton. Okay. The first example that I will pass up
for you to examine is a traditional microcircuit, where we
actually opened up the lid so you can see what is inside. So
that particular part was from an actual counterfeit
investigation that we did.
So that particular part is about a 15-year-old design. It
was designed in 250 nanometers. So that is the actual size of
the transistors in there. State of the art now is 10 nanometer.
So that particular part there has probably around a million
transistors in it. The current record for the most transistors
in a commercial part is a Xilinx FPGA [field programmable gate
array], which has 20 billion transistors.
So Ranking Member Speier mentioned 1,000 transistors in a
device. So think about trying to find 1,000 transistors out of
20 billion if someone wanted to do something bad to a part like
that. So it is a technical challenge, but there is work going
on to try to address this through technical means.
The second board is just a representation of a circuit
board. And there was some mention of interest in 3D ICs [three-
dimensional integrated circuits] and die stacking. So in this
particular case, these are the individual integrated circuits
on the board.
In die stacking, those individual dies are stacked on each
other into one package, and it greatly enhances the density. We
have been seeing these in our laboratory, especially in flash
memory and devices like that for the commercial sector where
they want to pack as much memory as they can into your digital
camera and things like that. But this technology is starting to
show up in a much broader spectrum to increase performance and
help scale the technology.
Mrs. Hartzler. What can you do maliciously with one
transistor?
Mr. Hamilton. With one transistor, you could make something
fail possibly, and denial of service. That is the simplest kind
of tack. So the hidden kill switch gets a lot of attention. To
do something to that level, you would have to have a lot of
information about the design. If you don't know much about the
design and you just wanted to do something to cause random
problems, intermittent failures, then a single transistor
failing could potentially take that integrated circuit down.
Mrs. Hartzler. Wow. Okay. What is next?
Mr. Hamilton. So here is another integrated circuit. And
this is an example of one without the lid opened up, and it is
what is called a ball grid array. So you see the back, those
little bitty solder balls?
Mrs. Hartzler. Yes.
Mr. Hamilton. That is placed onto the printed circuit
board, and then the whole thing is heated up, and they all just
make contact at one time.
That particular part, I don't remember exactly how many
solder balls that has. I would say probably around 80 or 90.
But there are parts now that have 1,000 of those solder balls
on there. The complexity of these microelectronics is amazing.
Mrs. Hartzler. Really is. Next?
Mr. Hamilton. So the last example is just another circuit
board, a little bit newer version. Some of the parts there have
the different kinds of bonding package. That particular part
also has a fan on it. A lot of our focus has traditionally been
on the very critical parts. One thing important is that we have
to look at this as a system approach, and every part in the
system is critical to a certain degree. Otherwise it wouldn't
be in the system.
Mrs. Hartzler. So we only have one foundry in our country
that puts this together, right, the foundry that IBM had--that
is now sold?
Mr. Hamilton. So the foundry makes the integrated circuits.
They make the chips.
Mrs. Hartzler. Okay. Gotcha. Actually puts it together.
So as co-chairman of the Joint Federated Assurance Center,
what challenges and risks do you assess may affect DOD's access
to assured and secure microelectronics in the future?
Mr. Hamilton. Well, that is a tough question. I think to a
certain degree the purpose of JFAC is going to be to perform an
independent verification of the microelectronics no matter what
the source. So a lot of the parts that enter the DOD today
aren't from the IBM Trusted Foundry. They are COTS [commercial
off-the-shelf] parts. If you look in the Navy systems, we buy
racks and racks of circuit boards that are used in the systems.
So the challenge is to come up with tools and techniques
that can be used broadly across this. And that is where the
working with the other communities of interest is important to
help us better focus where we need to apply our limited
resources to do these deep technical assessments.
Mrs. Hartzler. Do you feel confident now that there are
systems in place to be able to do an in-depth analysis of that?
Mr. Hamilton. There are systems in place to do it on a
limited basis. We actually, for some of our customers and
sponsors, we have been doing this work for years. To try to
spread it to the bigger DOD is a challenge because we just use
so many microelectronics.
And I like to say we can't really test our way out of this
problem. We can't test and screen the hundreds of thousands of
microelectronics that we use in DOD. So we have to be very
smart and selective where we look and understand the threat and
realize that really what we are doing is a threat assessment.
We are always going to have a threat, no matter what the
source. So the question is, how do we rank the threat and where
do we put our resources where we think the threats are the
highest or do things in the supply chain, other activities, to
help reduce that threat.
Mrs. Hartzler. Great. I have more questions, but I will
come back to that and turn to Ranking Member Speier for her
questions.
Ms. Speier. Thank you, Madam Chair.
What is driving the decline in the United States of the
microelectronics industry and its migration to Asia?
Mr. Gudger. Well, there are several factors. One is the
cost. As the commercial markets are driving to newer, more
state-of-the art needs, particularly in the consumer
electronics and the mobile markets, it is a costly thing to
update a fab [fabrication facility]. It is north of a billion
dollars. Most fabs cost somewhere between $5 to $10 billion to
update to a state-of-the-art space that they need to be
competitive globally.
So there are very few companies across the globe that can
make that kind of investment and get the kind of yields they
need in order to maintain a profitable business. And so you see
a decline in new entrants because the barrier is so high and
you see an exit of current entrants because it is better to
partner with sources globally to compete, not just
domestically.
Ms. Speier. Any other comments?
Ms. Baldwin. The United States is overall a net exporter of
semiconductors. And so we need to understand that there are
leading-edge capabilities and those foundries can take great
investment to maintain and to operate. But largely, and with
many of the capabilities that the Department of Defense
systems, the U.S. Government systems use, as Brett mentioned,
multiple types of microelectronics technologies are used in our
systems. And so there is a spectrum of capabilities and
production capabilities still in the United States.
And so you need to distinguish the cost of the major fabs
that have gone from--over the past 10 years the number of
leading-edge foundries has drawn down from then about 10 major
foundries to now we have about 4. And in comparison, we have
got multiple capabilities of domestic manufacturing at other
state-of-the-practice nodes and other technology types.
Ms. Speier. Well, if we believe that this is a national
security risk, which I think we could certainly make the
argument that it could be, isn't it in our best interest to
maintain a foundry or supplier here and do whatever is
necessary to make sure that their bottom line is reasonably
successful so that the manufacturing continues to be done
locally?
Ms. Baldwin. We do agree that there is a long-term need for
a trusted supplier, a network of trusted suppliers, just like
we have established. And we are taking action to make sure that
we maintain that access.
Ms. Speier. So what are the actions you are taking? We have
one foundry that has now been sold to a non-U.S. company and it
is unclear whether or not they are going to keep manufacturing
here. What are you doing to make sure that that does not get
exported?
Mr. Gudger. Well, just a couple points of clarity. There
are more than one foundry in the United States, and there are
more than one trusted supplier in the United States. There are
over a dozen trusted suppliers in the DOD network.
Yes, it is in the U.S. interest to maintain as much of the
current and legacy capability in the United States as possible.
But we are also looking to make investments in the future where
technology is driving which gives us a different view. And so
trust network as we know it today may look much different as we
design for security throughout all of our major weapon systems
and how we bring a consistent way of approaching
microelectronics and future technologies and innovation into
those major weapon systems.
So there is a lot of programs that I use out of my office,
particularly the Defense Production Act, Title III, that we
have used, and we have funded many chip technology programs and
made the investment, along with industry, to develop and
maintain the capacity. We have used our Industrial Base
Sustainment Fund to fund companies to keep design skills and
engineering tradecraft moving forward. And so we will continue
to look at those both as a part of the short-term, mid-term,
and long-term strategy for the United States.
Ms. Speier. You know there is a lot of companies that have
offshored a lot of money that they would like to repatriate.
And I would think this would be a great opportunity to allow
companies who are so inclined to repatriate their money if it
were to go to manufacturing of microelectronics, because we
could make the case that it is a national security issue.
Ms. Mak, do you have any thoughts on that or any other
incentives we can create for companies?
Ms. Mak. I think, like you said earlier, why it was going
offshore, there are so many other countries that have
industrial base strategies that include more strategic
investments, that encourage critical industries and innovation,
where here in the defense industrial base it is much more
reactive instead of proactive. So if there is more thought in
terms of why do we wait until it is a potential crisis before
we actually start coming up with alternatives, then that
applied in this particular case with microelectronics.
As to what DOD could do in this particular case, we tend to
rely on the market to be able to figure out the best strategy.
DOD has so little influence on the market when it comes to
microelectronics, so this may not have been their best
strategy.
I think part of the issue was when we talked about leading-
edge microelectronics, there wasn't a sense of urgency when
Defense Science Board first brought it up. IBM has been
renewing the contract. It has been always there. DOD was
addressing the risk because IBM was there. And if earlier steps
had been taken to address some of the alternatives that they
are considering now, we may not be in the same situation,
especially when it comes to cost, because now you have all the
cost that has to be addressed as soon as possible versus spread
out over time.
Ms. Speier. All right. Madam Chair, I yield back.
Mrs. Hartzler. Thank you.
Mr. Scott from Georgia.
Mr. Scott. Thank you, Madam Chair.
And you will have to forgive me. This is certainly an area
that is outside of my area of expertise by a long shot.
But GlobalFoundries was owned by IBM and they sold them. Do
I understand that correctly?
Mr. Gudger. No. IBM sold part of its microelectronics
business to GlobalFoundries.
Mr. Scott. To GlobalFoundries. Okay. All right. And
GlobalFoundries has factories in many countries, Singapore
and----
Mr. Gudger. And Germany and in the State of New York.
Mr. Scott. And then the U.S. companies that we have left I
would assume would be Intel. Who would the others be that are--
--
Mr. Gudger. Yeah. There is other very good U.S.----
Mr. Scott. Micron.
Mr. Gudger. Micron. We have had Freescale, Photronix.
Cypress is here in the room. And there is others. I don't want
to single out any one because there is so many suppliers in
this area.
Mr. Scott. Okay. But you do have a tremendous number of
suppliers, it is just that we don't have that many who are
trusted suppliers. Is that where the problem is coming in?
Ms. Baldwin. So right. If I can just categorize. The
leading-edge suppliers, that was the role that the IBM and now
GlobalFoundries foundry was fulfilling. Our trusted supplier
network, if I can just refer to my opening statement, we have
72 that are accredited trusted now suppliers. Twenty-two of
those can provide full-service foundry operations similar to
what the IBM Trusted Foundry was able to provide.
Mr. Scott. Okay. And so in many instances when we contract
with a private vendor to build a weapons system, for example,
we have DOD employees that are on-site at that manufacturer to
double-check and to look at quality control and make sure that
there are no problems there. Are we doing that with the
foundries as well, are we checking the chips once they come to
us? How do we do that with regard to--are we on-site, in other
words, at the foundries?
Ms. Baldwin. No. Great question. Part of this accreditation
that the Defense Microelectronics Activity does is works with
these companies that are interested in becoming trusted
suppliers and certifies that those companies are able to
process classified information as well as unclassified
information and that they possess the right checks and
balances, that they can provide an assured chain of custody,
that they have processes in place to ensure that there would be
no threats related to disruption of the supply, that they have
processes in place to prevent intentional or unintentional
modification of the designs during the manufacture or the
services that that supplier is providing, and that they protect
the design information from any reverse engineering or other
exploitation to prevent the loss of that U.S. technology.
And that is the process by which these suppliers that wish
to become accredited must go through, and the DMEA inspects
that capability.
Mr. Scott. And so for the suppliers who want to become
accredited, one of the challenges with doing business with the
government is that if you are a small business, it becomes such
a large percentage of your volume that if you ever lose the
contract it would effectively bankrupt you.
And so what is the average volume that we spend with one of
these suppliers? And do we do multiyear buys or is it something
where we just every 12 months we do a new contract?
Ms. Baldwin. Right. So when we accredit one of these
suppliers, these are suppliers that provide services on a
regular basis to broader than just the DOD. So we basically
give them sort of a seal of approval, if you will. And then
many of the suppliers actually see it as a competitive
advantage, you know, because they have been through this rigor,
and it actually can have the effect of potentially increasing
their future business space.
Mr. Scott. But it would take a billion dollars to build a
small foundry?
Ms. Baldwin. Correct. As you go down into the technology,
as you increase the technology, as you move down the Moore's
Law of these sizes of these microelectronics components that
Mr. Hamilton was describing, the cost to maintain those
foundries increases exponentially. So that leading-edge foundry
is the one where we were talking about, that is in the billions
of dollars to maintain and operate, because in order to be able
to produce the yield of microelectronics that are useable, you
have to have a certain amount of production that is running
through that foundry.
Mr. Scott. Sure.
Ms. Baldwin. It operates 24/7. And I would just say again
that the DOD and the U.S. Government orders for that don't rise
to that level. We have typically low-volume orders. Which is
why looking forward we need to find ways that we can--
technologies, new approaches to be able to make use of more
commercial sources, because that would allow us to protect our
designs and our IP [intellectual property] and ensure that the
microelectronics would perform as intended, but also enable us
a much broader set of options so we are not narrowly focused on
a sole source supplier, because we recognize that that is not a
good risk posture.
Mr. Hamilton. If I could just add one thing to that. So in
this recent Chip Scale magazine, there is a chart that plotted
the escalating design costs for custom ASICs manufactured at
state-of-the-art technology node, which is estimated to be over
$300 million for a 10-nanometer design. This makes COTS a very
appealing approach to program managers where performance is a
driver, especially given the performance exhibited in
commercial FPGAs, an industry that is pushing state of the art.
Basically the FPGA manufacturers are pushing state of the
art, and they are using these twenty-eight 14-nanometer nodes,
because they have enough volume that they can take the $300
million design cost. The problem is there aren't that many DOD
programs that can afford to put $300 million into a single
design. There are cases potentially where a common part could
be used across multiple programs and then you might be able to
do something like that more cost-effectively.
Mr. Scott. Thank you for being here. I have an appointment
in my office, so I will be missing the rest of the meeting. But
thank you for what you have done.
Mrs. Hartzler. Thank you, Mr. Scott.
Ms. Graham from Florida.
Ms. Graham. Thank you, Ms. Chairman. I appreciate it very
much.
And thank you for you all being here today. I really
appreciate it.
This is kind of scary. So I have a question. Really what I
would like to know, I mean, how reliant are we on these
microelectronics? What is our level of risk? It seems like
there aren't many systems that aren't exposed. And I have a
follow-up question after that one.
Ms. Baldwin. So we are very reliant on microelectronics,
and it is not only these ASIC chips that we have been talking
about, but multiple types of microelectronics components. Mr.
Hamilton just mentioned FPGAs as an example.
I think a point that I would like to make is that it takes
a spectrum of risk-reduction measures. In some cases we would
want to restrict where we procure that item, from only a
trusted supplier. In some cases another option is to be able to
evaluate the component or the software that is contained in
that component, because in an FPGA [field programmable gate
array]--there are no FPGAs that are made onshore. The two major
FPGA companies are U.S. companies, but they fab offshore.
But when you take a look at what the risk is of an FPGA
device, that is largely in the software, because that is a
reprogrammable device, which means that regardless of where I
might manufacture that device, I can change the software. And
so if an adversary wanted to have an effect and could get
access to that software, which is all very difficult to do, but
it is a real opportunity, then the threat comes in making sure
that the software that is programmed on that device is assured.
And so then we want to bring to bear additional software
evaluation tools, and we are doing that as well.
We may also want to design our systems. I mentioned the
approach of system security engineering, because we realize
many of our systems do need to use commercial devices, and we
absolutely do, for reasons of cost and functionality. But we
are able to design our systems with architectures in a way that
we don't use those commercial components necessarily in sort of
the core or heartbeat of the system, that critical portion of
the system.
So the way that we approached, the way that we built this
trusted system design strategy, the methodology that our
programs go through and our engineers go through is to sort of
decompose the system and understand the functions of that
system, and then allow us to focus on what are the critical
components. And then for those critical components, select from
a menu of opportunities, risk-reduction opportunities, which
could be procure from a certain supplier, test it through
laboratories, and equipment and tools like we have assembled,
or architect the system in such a way that if that component is
a bad component, it will not have the overall effect to degrade
the operation of the performance of the system. So we could
have sensors on the system that would just shut that part of
the system down. So there is a menu of options that we have.
Ms. Graham. Thank you very much. That was a very thorough
answer, and I really appreciate it.
Ms. Mak, you mentioned the potential of possibly bringing
this within DOD. I don't want to violate any security, clearly,
in an unclassified hearing. But is that, based on what Ms.
Baldwin just said, is that something considering the private
sector's innovation or would we be able to compete, or is this
something that we are sort of tied to because of the need to
have that innovation that is available in the private sector?
Ms. Mak. I think the opportunities to compete are
definitely there, but let me make it clear, for the FPGAs that
have been discussed, those are offshore, those are commercial
uses, it is not in a trusted environment. When we are talking
about leading-edge technologies that are in mission-critical
defense systems, it has to be in a trusted environment, so that
means the offshore companies, it doesn't even qualify. So it is
going to take a lot of time and it is going to take a lot of
cost.
I mean, we have talked to several major defense
contractors, and their concerns were that even if there was a
supplier that could meet leading edge at this point, which is
not, except for IBM and now GlobalFoundries, if it could, it
would take them significant time, talking about years, and
significant cost, talking at least millions, to do redesign
work to be able to work with those suppliers, assuming that
they exist.
Ms. Graham. Okay. I am about out of time, so thank you very
much. I would just say that I think the conclusion is that we
just need to make sure that our public-private partnerships,
that the threat level is, whether it is in the supply chain or
just in general, keeping track of the threat assessment, and we
are focused on that on a regular basis.
I am sorry, Ms. Chairman, I will conclude with this. My son
is a computer engineer, so I understand the importance of the
microelectronics. And if we are not certain that our
microelectronics are secure, our system is not going to be
secure.
So thank you very much. I yield back what time I don't
have, Ms. Chairman.
Mrs. Hartzler. All right. That is okay. Well said. Maybe
your son can help solve this problem. So that is very good.
I wanted to go back to you, Ms. Baldwin, though. You
mentioned there were 72 trusted suppliers, and that may be
true, but not leading-edge suppliers. There was one, IBM, which
has been sold. And so how are you going to make up for that
shortfall?
Ms. Baldwin. So we have been work looking into this
situation obviously for some time now. And when you look at the
types of leading-edge technologies that the IBM foundry was
providing, it was over a series of technology nodes. They had a
series of products that we could acquire through that one
foundry. And there was no single provider that was available
domestically that could replace, no one single source that
could replace all of those product lines.
So finding number one is we knew we had to develop, we knew
we had to take a look at a menu of options. So we are in the
process of doing that right now. And we are in the process of,
as has been mentioned, reaching out to the industrial base and
really getting a sense of where they are going and taking all
that into account.
We also want to look at the future of the economics of the
situation, and we do not want--the last thing we want to do is
find ourselves in a similar situation of a sole source
supplier. I think long term, the types of solutions that we see
as being needed in this menu are we do need to have alternative
sources for critical components. We do need to have a
capability to evaluate microelectronics, because of this
threat, so the types of labs that we federated are a continuing
need. And we do think that there are technology opportunities
to maybe allow us to take a look at this problem from a
different standpoint.
Some of the technologies that are being invested in right
now by some of the performers that I mentioned before could
potentially allow us to utilize different manufacturing
sources, but still be able to protect our critical IP and our
critical intellectual property and the functionality of the
chip and provide that level of assurance just by the way--by
these manufacturing processes and design techniques.
Or these embedded sensors that we might be able to, if the
technology is demonstrated and can transition, can really
provide a chain of custody, so that we could potentially use a
commercial source but then have an ability to control the
critical design intellectual property domestically.
And so it is these types of technologies. And so I think in
summary, we see going forward that we must get out of this sole
source problem that we are in right now and we must create a
menu of options for the Department and its agency partners, and
that is exactly what we are studying and seeking to do.
Mrs. Hartzler. So this is happening right now, you are
doing this study. You say over time--I know Mr. Gudger, you
talked about doing a study that you are doing--but at this
point in time our only foundry has been purchased, correct, by
another--a leading-edge supplier. So we have all kinds of
defense assets and platforms that are being built today.
So how vulnerable and how big a problem is this right now,
because we don't have a solution today, even though we have all
kinds of platforms being manufactured?
Mr. Gudger. Today, on the short term, we are getting
essentially what we were getting prior to the acquisition. Part
of what we worked through the interagency process when we
evaluated this very complex transaction was its national
security implication and could the Federal agencies and major
weapon systems still have access to the critical technologies
that we needed. And on the short term, the answer was we were
able to come up with an agreement, a way to work through
getting the Department and getting its brother and sister
agencies the current access that they had by way of trust or
something very close to trust.
And that was part of the process in evaluating the
acquirer's ability to become a trusted partner and, quite
frankly, as Kristen said earlier, gain the halo effect to allow
them to do business with the Federal Government.
So we believe in the short term that we have addressed the
short-term need and issue and we can continue to get what we
need today and for the foreseeable next few years, but we are
working in real time on what the future will look like. And the
study is to address things beyond fiscal year 2017 and what the
menu of options will be.
Mrs. Hartzler. So your study looks for beyond 2017? But
until then, you feel comfortable at this point----
Mr. Gudger. Yes.
Mrs. Hartzler [continuing]. That we will be able to access
what we need.
You mentioned, Ms. Baldwin, an accreditation process, that
you are reaching out. So are you reaching out to these other
suppliers and talking to them about how they can become
accredited in defense-related work to become more trusted?
Ms. Baldwin. Yes. Actually we work pretty regularly with
industry associations, and several working groups have stood
up. And that allows us a vehicle to communicate. So the
existing trusted supplier network, we engage with regularly.
And there has grown an industry consortium or working group
through our National Defense Industrial Association, as an
example, which is an opportunity for the Department and our
agency partners and the services to meet with these industries.
Yes. Thank you.
Mrs. Hartzler. Ms. Mak, what are your thoughts on this
strategy that DOD has presented for moving forward to maintain
longer-term access to leading-edge microelectronics?
Ms. Mak. I agree with what Ms. Baldwin talked about in
terms of a menu of options. It is pretty much like a patchwork-
type approach, because what IBM offered was that wide spectrum
of options to meet their needs. There are definitely trusted
suppliers in the U.S., but they don't provide the leading edge.
Could they get there? Potentially. It is going to cost and it
is going to take time.
I would like to go back to the one question that you
mentioned earlier to clarify. With respect to the short term,
from our work we found that the agreements that they went
through, we are not convinced that they are going to be able to
provide continued access even for the next year unless there
are still discussions ongoing for that. So short term, it may
be a bigger issue than we are acknowledging here, I think.
Mrs. Hartzler. Okay. Thank you.
Ms. Speier.
Ms. Speier. Thank you, Madam Chair.
I would like to go back in time. IBM had a 10-year
contract, it had a sole source contract in a very rarefied
position. Are we basically saying we didn't have a contract
with them that was so ironclad that they would be required to
maintain that operation in terms of providing leading-edge
microelectronics as a component of that sole source contract?
And why wasn't it for 30 years or 40 years? Was this a contract
that was only for 10 years or was this a contract that was
renewed every year so they were in a position to sell it? And
they do business with us in lots of other areas, so why are we
tiptoeing around this?
Mr. Gudger. Well, I agree with you. I am in violent
agreement with you. Back up. So IBM's contract was a
competitive bid. What happened as a successful offerer, they
became the sole supplier because they were the successful
offerer on the competitive bid. It was for 10 years with 1-year
options. And IBM found themselves in a very difficult place
with this business, where they were losing a lot of money. I
think in the last balance sheet they stated they were going to
lose $750 million a year by maintaining the capability.
And so having a contract with the U.S. Government and then
forcing them to stay in business in something that they are
losing money in, it is a very difficult balance. We don't have
the tools and the authorities through the regulatory process,
whether it is antitrust or foreign investment, to make anyone
stay in business when they are losing money.
And so they searched aggressively and they worked with
GlobalFoundries to find a partner that they thought that they
would still continue to need to get access from that they could
have as a trusted supplier to them, not just to the Federal
Government. And so I think those things went into the reason
why IBM decided to exit the business and turn it over to
GlobalFoundries, because they maintain a state-of-the-art
facility not far from the ones that they--GlobalFoundries, that
is--not far from the ones that they acquired.
Ms. Speier. So when did they notify you that they were
going to sell off the business?
Mr. Gudger. I think the official notification happened in
the second quarter of the calendar year of this year, that the
official notification----
Ms. Speier. So when were you first aware? When did they
first tell you they were having trouble and that they needed
some workout?
Mr. Gudger. I am not sure on that answer. But the first
that I heard about it was when they made the official
announcement and filed with the interagency committee, is when
it became real.
Ms. Speier. Well, at some point, if it was a 10-year
contract, you would start negotiating a new contract in year 8,
right?
Mr. Gudger. They still had multiyears left on the contract
that they were maintaining. So it wasn't a year 8----
Ms. Speier. I am not following you. I thought you said that
it was a 10-year contract and at the end of the 10 years, they
chose not----
Mr. Gudger. No. We had just awarded the contract.
Ms. Speier. What?
Mr. Gudger. Yeah. We were about 2 years into it. And I will
let Kristen pick up on----
Ms. Speier. Wait a second. You are saying it was a 10-year
contract and they were 2 years into it, and now they are not
going to comply with the contract?
Ms. Baldwin. It was a 10-year multi--it was an option
year--it was a 10-year contract that was awarded with 10
option--it was a 1-year contract with 10 option years.
Ms. Speier. Oh, that is really smart, isn't it?
Ms. Baldwin. There was--right.
Ms. Speier. So you are saying that for something as
important for our national security as leading-edge
microelectronics, we were awarding a 1-year contract with
options to renegotiate? So we were setting ourselves up----
Ms. Baldwin. Right.
Ms. Speier [continuing]. In a very bad negotiating
position.
Ms. Baldwin. That was what the offerer was willing to
negotiate with the Department of Defense and that they were
the--we did run a full and open competition, and they were the
sole offerer.
Ms. Speier. I thought you said there were two.
Mr. Gudger. No.
Ms. Speier. And that one went out of business or one----
Mr. Gudger. I didn't say that.
Ms. Baldwin. No.
Ms. Speier. All right. So this foundry, this building still
exists, right?
Mr. Gudger. Yes.
Ms. Speier. Because it cost so much money to create. This
billion dollar facility exists?
Mr. Gudger. Yes. Essentially, though, the two facilities
that GlobalFoundries had acquired through this process still
exist today and they still produce the products that the U.S.
Government needs. It is just owned by a different company,
GlobalFoundries. Many of the same processes, the same people
are there. They acquired the assets from IBM.
Ms. Speier. All right. I yield back.
Mrs. Hartzler. Thank you.
And we are taking votes, so you have the last question.
Ms. Graham. No. Thank you. I have no questions.
Mrs. Hartzler. So we very much appreciate you being here.
This has been very enlightening, very concerning at the same
time, but certainly raises the issue of how we need to address
this for our national security. And I appreciate your efforts,
all of you, to help in this endeavor as we move forward. So
thank you so much for being here.
And this will conclude our hearing.
[Whereupon, at 4:56 p.m., the subcommittee was adjourned.]
=======================================================================
A P P E N D I X
October 28, 2015
=======================================================================
=======================================================================
PREPARED STATEMENTS SUBMITTED FOR THE RECORD
October 28, 2015
=======================================================================
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
=======================================================================
QUESTIONS SUBMITTED BY MEMBERS POST HEARING
October 28, 2015
=======================================================================
QUESTIONS SUBMITTED BY MRS. HARTZLER
Mrs. Hartzler. You mentioned in your oral statement that DOD's
Trusted Defense Systems Strategy did not address the risk of relying on
a sole source provider. What more could DOD have done to prevent this
situation?
Ms. Mak. DOD has been aware of the risk of using a sole source
supplier for about a decade, but did not begin to take actions to
assess and address this risk until late last year when IBM announced
the proposed transfer of its microelectronics fabrication facilities to
GlobalFoundries. Had DOD taken actions earlier, investments in
alternative suppliers may have reduced the risk programs now face due
to potential gaps in availability for specific technologies.
Mrs. Hartzler. What are your thoughts on the strategy DOD has
presented for moving forward to maintain longer-term access to leading-
edge microelectronics?
Ms. Mak. GAO is in the process of reviewing DOD's strategy as part
of our ongoing work and will report our findings in mid-2016.
Mrs. Hartzler. For DOD programs, is the purchase of all of the
integrated circuits needed for a given technology, otherwise known as
making lifetime buys, a possible alternative if access to former IBM
leading-edge technologies is no longer available?
Ms. Mak. Because the response involves sensitive or proprietary
information, it is provided in a separate document marked ``For
Official Use Only//Proprietary Information Involved'' and must be
protected from disclosure. (Document in Committee Possession.)
Mrs. Hartzler. What commitments has GlobalFoundries provided to the
U.S. Government regarding access to the trusted leading-edge
microelectronics formerly provided by IBM, including the status of the
contract between the U.S. Government and GlobalFoundries?
Ms. Mak. Because the response involves sensitive or proprietary
information, it is provided in a separate document marked ``For
Official Use Only//Proprietary Information Involved'' and must be
protected from disclosure. (Document in Committee Possession.)
Mrs. Hartzler. Are other trusted suppliers able to provide
technologies similar to the IBM technologies now provided through
GlobalFoundries?
Ms. Mak. As GAO noted in its report GAO-15-422RSU, as of August
2014, in addition to IBM, there were 63 other trusted suppliers,
including 15 with fabrication capabilities. These other suppliers do
not have the leading-edge capabilities of IBM/GlobalFoundries (below 90
nanometers), but provide access to a range of mature technologies.
Mrs. Hartzler. What will it take for other trusted suppliers to be
able to provide leading-edge microelectronics needed by DOD?
Ms. Mak. Because the response involves sensitive or proprietary
information, it is provided in a separate document marked ``For
Official Use Only//Proprietary Information Involved'' and must be
protected from disclosure. (Document in Committee Possession.)
Mrs. Hartzler. For DOD programs, are there any near-term (within 3
years) alternatives for the former IBM technologies?
Ms. Mak. Because the response involves sensitive or proprietary
information, it is provided in a separate document marked ``For
Official Use Only//Proprietary Information Involved'' and must be
protected from disclosure. (Document in Committee Possession.)
Mrs. Hartzler. Are Field Programmable Gate Arrays (FPGAs) a
possible alternative to the trusted microelectronics formerly provided
by IBM?
Ms. Mak. Because the response involves sensitive or proprietary
information, it is provided in a separate document marked ``For
Official Use Only//Proprietary Information Involved'' and must be
protected from disclosure. (Document in Committee Possession.)
Mrs. Hartzler. Is there anything DOD or the U.S. Government can do
to incentivize the microelectronics industry to locate or maintain
manufacturing on-shore in the U.S.?
Mr. Gudger and Ms. Baldwin. The microelectronics industry is very
capital intensive. DOD endorses public-private manufacturing
partnerships that produce new and advanced manufacturing techniques and
ecosystems on-shore in the U.S. DOD supports initiatives like the
President's manufacturing institutes where DOD is investing hundreds of
millions of dollars to incentivize and grow on-shore microelectronics
manufacturing.
DOD is concurrently working to remove barriers to commercial
technology utilization in areas such as the microelectronics industry
by seeking out novel and flexible acquisition authorities and practices
that will allow microelectronics manufacturers to have speedier, less
encumbered contracting with the Department.
Mrs. Hartzler. Given GAO's assessment that access to leading-edge
technology for DOD is uncertain, are there any actions that DOD is
undertaking to communicate to DOD components, programs, and contractors
regarding actions they should be taking to mitigate any potential risk?
Mr. Gudger and Ms. Baldwin. The DOD meets regularly with industry
associations and companies to promote the integrity of microelectronics
and the supply chain that provides them. For example, the DOD
participates in the National Defense Industrial Association (NDIA)
Trusted Systems Steering Group, which represents the Defense
Microelectronics Activity (DMEA)-accredited Trusted Suppliers, NDIA
Systems Engineering Division, and the space community's Mission
Assurance Improvement Working Group.
Mrs. Hartzler. Is the Department considering lifetime buys or other
near-term mitigation strategies, given the uncertainty of access? Is
there an indication of the cost of these possible actions?
Mr. Gudger and Ms. Baldwin. In a memorandum dated November 13,
2015, the Assistant Secretary of Defense for Acquisition asked the DOD
Component Acquisition Executives, National Reconnaissance Office, and
National Security Agency to adjust Fiscal Year (FY) 2018 through FY
2020 budgets to accommodate Life Time Buys (LTBs) of at-risk Trusted
microelectronic products and avoid costly program disruptions. DOD
acquisition programs are considering the use of LTBs of at-risk Trusted
microelectronic products, as well as other options, to address the risk
of loss of access to Trusted microelectronic technologies. This
analysis is done on a case-by-case basis, and includes the cost-benefit
of LTBs of production-ready application-specific integrated circuit
(ASIC) designs versus the redevelopment of ASICs using alternate design
and foundry technologies and any components using those ASICs. In many
cases, dollars are programmed in future years for these ASICs.
In addition, the DOD is in the process of expanding DMEA's
capabilities to fabricate ASICs.
Mrs. Hartzler. What is the status of DOD access to former IBM
technologies, and how long is that access expected?
Mr. Gudger and Ms. Baldwin. DOD has uninterrupted access to all
pertinent IBM technologies that were commercially available prior to
the transaction. The contract with IBM was novated to GlobalFoundries
U.S. 2, LLC (GF2) to prevent any interruption in access. According to
the existing contract and other methods, the access to former IBM
technologies is assured through June 2017 with an option to extend. DOD
is currently negotiating a new multi-year manufacturing contract which
will assure longer-term supply of former IBM technologies.
Mrs. Hartzler. Will DOD maintain any government purpose rights to
IBM leading-edge technology semiconductors after the year 2017? If
possible, how could that arrangement be implemented?
Mr. Gudger and Ms. Baldwin. DOD's access to IBM leading-edge
technology will continue beyond 2017, provided a new manufacturing
contract is executed with GlobalFoundries U.S. 2, LLC (GF2). To assure
long-term supply, DOD is working with GF2 to transfer the intellectual
property for certain technologies to DMEA and/or to alternate
foundries.
Mrs. Hartzler. What is the potential effect to DOD programs in
terms of cost, schedule or performance if current access to trusted
leading-edge technologies is lost?
Mr. Gudger and Ms. Baldwin. A recent survey of USG customers using
the National Security Agency Trusted Access Program Office contract
revealed that 139 programs were using the GlobalFoundries U.S. 2, LLC
(GF2) Trusted Foundry, and 120 (86%) of them required Trusted services.
Therefore, the total cost and schedule effect from losing access to
Trusted microelectronics would be significant; roughly estimated in
$100s of millions.
Mrs. Hartzler. What actions has DOD taken or is planning to take to
mitigate the near-term risk of loss of access to former IBM
technologies?
Mr. Gudger and Ms. Baldwin. DOD has taken prudent steps to assure
access to all pertinent IBM technologies that were commercially
available prior to the transaction. The contract with IBM was novated
to GlobalFoundries U.S. 2, LLC (GF2) to prevent any interruption in
access. According to the existing contract, the access to former IBM
technologies is assured through June 2017 with an option to extend. DOD
is currently negotiating a new multi-year manufacturing contract which
will assure longer term of supply of former IBM technologies.
The Department is considering its near- and long-term Trusted
Foundry options and alternatives to address supply chain risks and
preserve state-of-the-art microelectronics access and trust. Recent and
ongoing studies are providing the basis for budget proposals and future
investments, which are currently being evaluated by Department
leadership.
In addition, the Department has formed a federation of technical
experts and laboratory capabilities. The Joint Federated Assurance
Center (JFAC) supports programs throughout their life cycle by
providing microelectronics expertise, capabilities, guidance and best
practices for mitigating risks associated with preserving access and
trust.
Mrs. Hartzler. What assurances, if any, does the Department have
from GlobalFoundries that they will remain a Trusted Supplier?
Mr. Gudger and Ms. Baldwin. DMEA has granted an interim Trusted
Supplier accreditation for facilities acquired from IBM. According to
the existing contract, the former IBM foundries are required to remain
a Trusted Supplier until March 31, 2016. DOD is currently negotiating a
new multi-year manufacturing contract with GlobalFoundries U.S. 2, LLC
(GF2) to remain a Trusted Supplier.
Mrs. Hartzler. Were DOD's national security concerns adequately
addressed in the CFIUS process?
Mr. Gudger and Ms. Baldwin. DOD is a member of an interagency
process and can present any national security concerns it deems
important regarding a transaction to the Committee that may cause
concern.
Mrs. Hartzler. Is DOD monitoring China's efforts to acquire U.S.
semiconductor companies (including GlobalFoundries), and what steps is
DOD taking to ensure the security of the U.S. semiconductor industrial
base?
Mr. Gudger and Ms. Baldwin. DOD actively identifies and tracks
foreign acquisitions of U.S. companies. This includes tracking the
Chinese government's public initiatives to develop a self-sufficient
domestic semiconductor industry and its plan to encourage foreign
acquisitions as part of its strategy. If needed, DOD could utilize its
membership on CFIUS to evaluate a Chinese acquisition of a U.S.
semiconductor company for national security concerns. DOD has seen and
is monitoring public reports regarding China's interest in
GlobalFoundries. Furthermore, DOD has regular engagements with
GlobalFoundries U.S. 2, LLC (GF2), as a Trusted Supplier, and has
discussed these public reports. As a cleared defense contractor, GF2 is
required to report to DOD any potential foreign acquisition of its
cleared facilities.
Mrs. Hartzler. Are there industrial base options for unique
technologies that IBM supplied as a sole-source?
Mr. Gudger and Ms. Baldwin. The microelectronics industrial base,
while undergoing rapid consolidation, continues to maintain
capabilities across the spectrum of DOD requirements. In specific
instances where IBM supplied unique, sole-sourced technologies, the
industrial base possesses capabilities that can be cultivated to fill
technology gaps or develop different solutions to address the need.
Mrs. Hartzler. Is there anything DOD or the U.S. Government can do
to incentivize the microelectronics industry to locate or maintain
manufacturing on-shore in the U.S.?
Ms. Baldwin. The microelectronics industry is very capital
intensive. DOD endorses public-private manufacturing partnerships that
produce new and advanced manufacturing techniques and ecosystems on-
shore in the U.S. DOD supports initiatives like the President's
manufacturing institutes where DOD is investing hundreds of millions of
dollars to incentivize and grow on-shore microelectronics
manufacturing.
DOD is concurrently working to remove barriers to commercial
technology utilization in areas such as the microelectronics industry
by seeking out novel and flexible acquisition authorities and practices
that will allow microelectronics manufacturers to have speedier, less
encumbered contracting with the Department.
Mrs. Hartzler. Is there anything DOD or the U.S. Government can do
to incentivize the microelectronics industry to locate or maintain
manufacturing on-shore in the U.S.?
Mr. Hamilton. I defer this answer to the Office of the
Undersecretary of Defense for Acquisition, Technology and Logistics.
Mrs. Hartzler. Is the Joint Federated Assurance Center sufficiently
resourced to handle current and the predicted future workloads, with
sufficient and timely throughput, in assessing the security and
authenticity of various microelectronics that will be used for DOD
applications?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
Mrs. Hartzler. Given GAO's assessment that access to leading-edge
technology for DOD is uncertain, are there any actions that DOD is
undertaking to communicate to DOD components, programs, and contractors
regarding actions they should be taking to mitigate any potential risk?
Mr. Hamilton. I defer this answer to the Office of the
Undersecretary of Defense for Acquisition, Technology and Logistics.
Mrs. Hartzler. Is the Department considering lifetime buys or other
near-term mitigation strategies, given the uncertainty of access? Is
there an indication of the cost of these possible actions?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
Mrs. Hartzler. What is the status of DOD access to former IBM
technologies, and how long is that access expected?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
Mrs. Hartzler. Will DOD maintain any government purpose rights to
IBM leading-edge technology semiconductors after the year 2017? If
possible, how could that arrangement be implemented?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
Mrs. Hartzler. What is the potential effect to DOD programs in
terms of cost, schedule or performance if current access to trusted
leading-edge technologies is lost?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
Mrs. Hartzler. What actions has DOD taken or is planning to take to
mitigate the near-term risk of loss of access to former IBM
technologies?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
Mrs. Hartzler. What assurances, if any, does the Department have
from GlobalFoundries that they will remain a Trusted Supplier?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
Mrs. Hartzler. Were DOD's national security concerns adequately
addressed in the CFIUS process?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
Mrs. Hartzler. Is DOD monitoring China's efforts to acquire U.S.
semiconductor companies (including GlobalFoundries), and what steps is
DOD taking to ensure the security of the U.S. semiconductor industrial
base?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
Mrs. Hartzler. Are there industrial base options for unique
technologies that IBM supplied as a sole-source?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
______
QUESTIONS SUBMITTED BY MR. WILSON
Mr. Wilson. Please tell me what your office is planning to do in
the immediate term to harden the defense industrial base as it relates
to the USG's need for microelectronics and semiconductors. Are there
targeted investments that are being considered for FY16, or as part of
the upcoming budget request?
Mr. Gudger. DOD has a growing concern that the United States'
technological superiority over potential adversaries is being
threatened today in a way that we have not seen for decades. DOD
recognizes that microelectronics and semiconductors are at the center
of the threat with the remarkable leveling of the state of technology
in the world, where commercial technologies with military applications
such as advanced computing technologies, microelectronics,
sophisticated sensors, and many advanced materials, are now widely
available. The Deputy Assistant Secretary of Defense (DASD) for
Manufacturing and Industrial Base Policy (MIBP), in conjunction with
high priority Department initiatives, is working toward achieving
dominant capabilities through innovation and technical excellence
within the Department and specifically in the industrial base.
For the integrated circuit, the fundamental building block of
microelectronics, DOD is furthering its strength derived from the long-
standing link between the high-tech community and the United States
Government (USG) using Manufacturing Innovation Institutes in areas
like flexible hybrid electronics and integrated photonics.
DOD is partnering with a consortium of 96 companies, 41
universities, 14 state and local government organizations, and 11
laboratories and non-profits--to establish a new Manufacturing
Innovation Institute focused on flexible hybrid electronics. This is an
emerging technology that takes advanced flexible materials for circuits
with thinned silicon chips to ultimately produce the next generation of
electronic products. DOD's $75 Million investment over five years in
``Flexible Hybrid Electronics'' will be matched by $96 Million private
``FlexTech Alliance'' funding. Partner organizations include industrial
base players across the technology spectrum that differentiate using
the world's most sophisticated technology, not the least of which is
microelectronics capabilities.
The Department stood up and is growing its Defense Innovation Unit
Experimental (DIUx) specifically to scout for new technology and build
a bridge to Silicon Valley. DIUx brings together the cutting-edge
represented by the Silicon Valley tech industry and helps to foster the
necessary open avenue between DOD and Silicon Valley.
Mr. Wilson. The DOD seems to have been caught somewhat off guard by
the IBM divesture and Global Foundries purchase, despite the fact that
it had been rumored in the trade press for upwards of three years.
Current industry trade press suggests that Chinese controlled entities
may now be looking at purchasing a controlling share of Global
Foundries. Are you aware of these industry reports? How are you
planning for the impacts that this will cause? If a Chinese controlled
entity were to purchase some or all of Global Foundries, what affect
would that have on DOD plans for acquiring trusted microelectronics?
Mr. Gudger and Ms. Baldwin. DOD has seen and is monitoring public
reports regarding China's interest in GlobalFoundries. Furthermore, DOD
has regular engagements with GlobalFoundries U.S. 2, LLC (GF2), as a
Trusted Supplier, and has discussed these public reports. As a cleared
defense contractor, GF2 is required to report to DOD any potential
foreign acquisition of its cleared facilities.
Commercial sources of Trusted microelectronics remain in inherently
unpredictable and constitute a continued supply chain risk despite USG
investments. The Department is considering long-term Trusted Foundry
options and alternatives to address its supply chain risk and preserve
leading-edge microelectronics access and trust. Experts from across the
community contributed to the recommendations to ensure continued access
to advanced microelectronics while retaining the ability to employ them
in a trusted manner. A portfolio of innovative technology solutions and
business models is under review.
Mr. Wilson. What functionality might be lost by prematurely moving
to smaller design nodes and how does this impact the health of the
industrial base given the reality that large geometries exist
domestically and small geometries exist mostly overseas?
Mr. Gudger and Ms. Baldwin. Although there are significant upsides
to designing and manufacturing at smaller node sizes, the impact of
shifting between nodes varies by system. Smaller node sizes would
particularly benefit those systems that require high processing
efficiencies. Many consumer electronics are therefore aggressively
pushing towards more advanced nodes. Military systems that analyze
large data sets in real-time, such as radar and electronic warfare
systems, also depend on advances in technology node. More advanced
nodes also benefit systems requiring difficult computational tasks with
reduced size, weight, and power requirements, a critical metric for
tactical systems including unmanned aerial vehicles and soldier-borne
equipment.
The transition between nodes, however, could require that DOD
replicate or port functionalities designed for less advanced nodes in
order to apply them at more advanced nodes. In addition, jumping to
advanced nodes can potentially sacrifice analog performance in certain
systems. DOD will therefore need a suite of options, from smaller high-
performance nodes to less advanced nodes, to meet the needs of its
various systems.
DOD is investing in concepts that utilize existing onshore
fabrication facilities at less advanced nodes while providing advanced
capabilities. However, the volume of electronic components purchased by
DOD is very small. As a result, healthy foundries increasingly depend
less on DOD as a primary revenue source and more on global commercial
demand.
Mr. Wilson. What would the approximate cost (rough order of
magnitude) be of trying to establish domestic foundry capabilities for
integrated circuits in the 65 nm to 45 nm node size range, or to up gun
the capabilities for one of the other existing domestic foundries for
capacity in that range?
Mr. Gudger and Ms. Baldwin. The cost to establish such a facility
would be roughly $500 Million to $2 Billion, depending upon the
existing infrastructure.
Mr. Wilson. With respect to the program itself, it was indicated
that there are 72 partner companies within the trusted supplier
program. However, it is my understanding that there are only four
foundry companies in the program with others addressing other aspects
such as design and packaging. What are the impacts of the limited
number of foundry companies? Given the limited number, how might we use
these companies to mitigate the risk of further capability loss?
Ms. Baldwin. There are 72 Trusted Suppliers within the DOD Trusted
Supplier program that provide trusted services across the application-
specific integrated circuit (ASIC) supply chain. Fifty of those Trusted
Suppliers provide trusted design, aggregation, mask manufacturing,
post-processing, packaging/assembly and/or test services. Twenty two of
those Trusted Suppliers are Trusted Foundries, i.e., semiconductor
manufacturers. There are three domestic foundries, i.e.,
GlobalFoundries U.S. 2, LLC (GF2), Intel Corporation, and Samsung, that
produce state-of-the-art microelectronics, one of which is part of the
Trusted Supplier program, i.e., GF2. The DOD will continue to rely upon
the Trusted Supplier network, but is also considering additional
solutions and business models to mitigate the risk of sole sources of
supply, and further capability loss.
Mr. Wilson. How would you characterize the effectiveness of
DODI#5200.44 and the enforcement of Program Protection Plans for most
suppliers?
Ms. Baldwin. Since the publication of DOD Instruction (DODI)
5200.44, Protection of Mission Critical Functions to Achieve Trusted
Systems Networks (TSN), November 5, 2012, the Department has mandated
that program protection plans address the use of trusted
microelectronics design and manufacturing suppliers and practices for
ASICs that are DOD-unique. Risk to system trust is now managed
throughout the entire system life cycle beginning with design and
before the acquisition or integration of critical components into
covered systems. Programs are integrating robust systems engineering,
supply chain risk management, security, counter intelligence,
intelligence, cybersecurity, and software and hardware assurance. DMEA-
accredited Trusted Suppliers report seeing an increase in interest in
Trusted services from their customers since the implementation of DODI
5200.44.
Mr. Wilson. What is the approximate total annual Federal
expenditure on Trusted Supplier contracts (including the take-or-pay
contract)? What is the average cost of an integrated circuit within the
program and how does this compare to other integrated circuits bought
outside of the program?
Ms. Baldwin. The recent total annual outlays to contractors for
Trusted services is approximately $65 Million per year. The average
cost per integrated circuit has a very large standard deviation due to
the wide range of design sizes, manufacturing processes, and quantities
of parts being ordered. For example, a 3mm x 4mm chip could cost less
than $290 per good die in a dedicated prototype run using one process
to over $3300 per device in a multi-project wafer run using an advanced
process node.
Products obtained through these contracts are comparable in price
to what a similar volume commercial customer would pay if it contracted
directly with the same foundry for similar services.
Mr. Wilson. With respect to the program itself, it was indicated
that there are 72 partner companies within the trusted supplier
program. However, it is my understanding that there are only four
foundry companies in the program with others addressing other aspects
such as design and packaging. What are the impacts of the limited
number of foundry companies? Given the limited number, how might we use
these companies to mitigate the risk of further capability loss?
Mr. Hamilton. Respectfully defer to DOD for official department
response.
______
QUESTIONS SUBMITTED BY MR. HUNTER
Mr. Hunter. Recently, Under Secretary Frank Kendall and you
attended an event sponsored by Defense One, and during that event, he
highlighted how integrated micro-electronics were an area of particular
concern for the Department of Defense and how the Department was using
a number of tools to ensure a reliable supply of these components to
the Military Services and the Intelligence Community.
a. What industrial base tools--such as Committee on Foreign
Investment in the United States (CFIUS) reviews and the Defense
Production Act (title I and title III)--has your office deployed with
respect to micro-electronics, and what is the comparative effectiveness
of these tools to achieving the objective of a reliable supply of
micro-electronics?
Mr. Gudger. The Department maintains awareness and conducts
detailed analyses of domestic and global industry trends affecting its
available capabilities. As part of its mission to ensure the
maintenance of a healthy defense industrial base, including in
microelectronics, the Deputy Assistant Secretary of Defense (DASD) for
Manufacturing and Industrial Base Policy (MIBP) has a number of tools
and authorities at its disposal to support the advancement of new
enabling capabilities that aid in achieving a reliable microelectronics
supply. The authorities support the health of the defense industrial
base across the entire life cycle of DOD systems and consist of support
for the development of emerging technologies, maturation of those
technologies, manufacturing refinement, and effective sustainment:
The Department assesses proposed mergers, acquisitions,
and foreign investments involving defense-related companies and acts to
mitigate identified issues. DOD's participation in the interagency
merger and acquisition review processes is a tool that enables the
protection of DOD's interests when required. The Department works
cooperatively with the Department of Justice and the Federal Trade
Commission on antitrust reviews of mergers and acquisitions (Hart-
Scott-Rodino) and serves as a voting member on the Department of
Treasury-chaired CFIUS.
The Department is supporting the development of new areas
of the industrial base and cutting-edge manufacturing technologies
through initiatives such as the National Network for Manufacturing
Innovation. This emerging network of manufacturing institutes leverages
public-private partnerships to reduce barriers to rapid and efficient
development and commercialization of new manufacturing technologies.
This innovative approach can enable the DOD Trusted Defense Systems
Strategy by supporting flexible hybrid electronics and integrated
photonics manufacturing institutes, which deliver new manufacturing
capabilities in electronics.
MIBP oversees the DOD Manufacturing Technology program
which advances the development and application of advanced
manufacturing technologies and processes DOD-wide. MIBP, through its
Defense-wide Manufacturing Science and Technology program, helps to
coordinate the manufacturing technology efforts of the DOD Components,
which advances the DOD mission by reducing acquisition and support
costs as well as manufacturing and repair cycle times across the life
of DOD systems in a cost-constrained budget environment.
Defense Production Act (DPA) Title III, which Congress
reauthorized last year, gives MIBP the ability to use special economic
incentives to develop, maintain, modernize, and expand the productive
capacities of domestic sources for critical components, technologies,
and industrial resources essential for the execution of the national
security strategy of the U.S. In the field of microelectronics,
Congress has provided funds that have allowed the Department to improve
industry's ability to support the DOD's efforts to preserve and expand
supplies of defense critical microelectronics.
The Industrial Base Analysis and Sustainment (IBAS) fund
provides the means to support critical, unique capabilities of
companies in the defense industrial base with fragile business cases,
preserve critical skills for technological superiority, and maintain
reliable sources of strategic materials. In the microelectronics
sector, IBAS has provided critical investments in research and
development and qualification testing to develop Trusted technologies.
These technologies include focal plane arrays to meet advanced imaging
requirements for the space, ground and aviation sectors, as well as
radiation-hardened microelectronics, and a specialized integrated
circuit approach to ensure the preservation of strategic national
security systems, such as the Trident missile in high-threat
environments.
Mr. Hunter. During the course of the hearing before the
Subcommittee on Oversight and Investigation, multiple witnesses
discussed the relatively recent sale of IBM's micro-electronics
business to GlobalFoundries Inc. The owner of GlobalFoundries Inc. is
the Mubadala Development Company PJSC, a sovereign wealth fund of the
Government of Abu Dhabi.
a. Since this transaction must have undergone a CFIUS review, what
national defense risks to the Department of Defense and the
Intelligence Community were evaluated during this process?
b. What additional safeguards, if any, has the Department put in
place at these former IBM facilities to ensure that export-controlled
items, or the technology and manufacturing techniques that enables
their production, are handled in an appropriate and lawful manner?
Mr. Gudger. DOD is a member of CFIUS and can present any national
security concerns it deems important regarding a covered transaction to
the Committee. Due to the confidentiality requirements of CFIUS, the
Department cannot confirm whether the IBM sale to GlobalFoundries U.S.
2, LLC (GF2) was a covered transaction by CFIUS. Please contact
Treasury as the Chair for CFIUS regarding any questions regarding
CFIUS' reviews or decisions.
All the stringent security measures in place prior to the
transaction are still largely present, including Global Business
Solutions (GBS), a business unit of IBM, continuing to provide security
oversight. GBS was not part of the IBM sale to GF2 and remains under
the control of IBM. In addition, the facilities under control of GF2
currently have an interim facility clearance from the Defense Security
Service (DSS) and an interim Trusted Supplier accreditation from the
Defense Microelectronics Activity (DMEA), and are subject to all
associated security requirements. Due to the foreign ownership of
GlobalFoundries, DSS required additional security requirements to
address visitation, export controls, collaborative business endeavors,
etc. where there were any concerns.
Mr. Hunter. If I understand the testimony before the subcommittee
correctly, one compound risks confronting the Department of Defense in
the micro-electronics space is that (1) micro-electronics are part of
thousands of items that the Department of Defense buys, including many
commercial items, but (2) the volume of micro-electronics that the
Department of Defense buys is so small, relative to the commercial
market, that it has little influence on market dynamics. Said another
way, the ability of the Department to protect national security
equities for micro-electronics through normal procurement practices is
limited by the Department's market share.
a. Has your office identified this trend--(1) many important
defense uses for a particular material or component but (2) small
defense demand relative to commercial markets--occurring in other
industrial base sectors?
b. How does your office address this trend differently from those
industrial base sectors, such as binders and propellants for solid
rocket motors, where the Department of Defense is the primary driver of
demand and private investment?
Mr. Gudger. Yes. The Department identified several sectors where
defense-related demand is small compared to commercial demand, such as
ground supply and transportation subsystems (transmissions, diesel
engines, brakes, etc.); service sectors, such as medical,
transportation, and construction; and solid rocket motor propellant
components. However, the Department's purchase of these items does not
approach the scale that we see with microelectronics since
microelectronics are prevalent in almost all of the systems we buy.
Unlike the examples cited above, the microelectronics industry is
continuously evolving its technology, roughly every two years, thus
requiring billion dollar investments in research and development and in
new production facilities every couple of years. The rate of commercial
technology advancement and the significant investment necessary to
establish microelectronic production facilities creates barriers for
new firms to enter the market. Accordingly, it is the combination of
the Department's small market share, the rate of technology
advancement, and the significant investment necessary to establish
microelectronics production facilities that limit the Department's
ability to impact market dynamics for microelectronics.
There is no one right answer for addressing low market share trends
or DOD dominant market share trends. We address industrial base issues
associated with each industrial sector on a case-by-case basis
depending on many variables, to include market share, competitive
forces (numbers of domestic sources or foreign suppliers), mature or
emerging technology, and barriers to entering the market. The
Department has several options available for mitigating supply base
risks, including propellants or propellant ingredients, such as using a
reliable foreign source, establishing a domestic source, or investing
in research and development to develop a second source. The Department
used IBAS funding to help establish a domestic source for this
material. A current high-priority item for a low DOD market share issue
is hydroxyl-terminated polybutadiene (HTPB), where variability in the
product from the sole-source domestic supplier has caused issues for
many DOD missile systems. Various mitigation activities, including
research and development funding from the Defense Logistics Agency and
IBAS are helping to characterize the material more thoroughly, and also
to establish a reliable second source. An example of a material that
scores very high in terms of risk, but has been determined that no
action is required at this time is nitrocellulose (NC)--a material that
is in all DOD ammunition systems and for which there is a sole domestic
source. However, that source is a Government-Owned, Contractor-Operated
(GOCO) facility, and is therefore stable; no mitigation is necessary at
this time. A final example of a dominant DOD demand issue was the solid
rocket motor for the Advanced Medium Range Air-to-Air Missile where the
program office used a foreign source to mitigate the supply issue.
Mr. Hunter. During her opening statement, Ms. Marie Mak (Director,
Acquisition & Sourcing Management Team, U.S. Government Accountability
Office) made the following remarks with respect to micro-electronics
and industrial base policy more broadly:
``But the bottom line is that, not only is the U.S. reliant on a
single provider, it now faces the unknown risk of relying on one that
is foreign-owned. DOD is in a position where it faces some very
difficult and complex decisions with potentially significant costs and
national security implications.
``Microelectronics is just the latest of several defense industrial
base issues. Other examples include rare earth materials, specialty
metals, and counterfeit parts. We need an industrial base strategy that
is much more proactive and less reactive.''
a. Since the duties of the DASD-Manufacturing and Industrial Base
Policy include being the principal advisor to Under Secretary Kendall
on ensuring a reliable supply of critical materials like rare earths
and specialty metals (10 U.S.C. 139c(b)(16)), would you characterize
the national security drivers associated with rare earths as similar to
that of micro-electronics (small defense demand, minimal Department of
Defense market influence, outsized presence of foreign and Chinese
manufacturers, etc.)? If not, why not?
b. What steps is the Department of Defense taking to promote
domestic and/or allied nation production--not low technology readiness
level research projects and surveys--of rare earth materials to meet
defense requirements?
Mr. Gudger. There are similarities between microelectronics and
rare earth supply chains (small defense demand, minimal DOD market
influence, outsized presence of foreign and Chinese manufacturers,
etc.). There are also key differences. Microelectronics are
manufactured components which can be sabotaged or counterfeited
resulting in significant national security risks. Rare earths are raw,
semi-finished, or alloy products which go into manufactured items,
which substantially limits the ability to tamper or sabotage the
materials. DOD is reliant on thousands of different microelectronic
components, while rare earths consist of just 17 elements. DOD can
stockpile a handful of different forms of these rare earth elements to
mitigate the majority of its risk. Therefore, DOD's primary risk
mitigation for rare earths is stockpiling. Stockpiling is generally
ineffective for addressing microelectronic components because the
technology advances so rapidly, and stockpiled components become
obsolete before being used. Additionally, the cost of the multitude of
components required to be stockpiled would be too high. Consequently,
stockpiling of select critical microelectronics is considered by DOD
acquisition programs on a case-by-case basis, when necessary, carefully
considering its cost/benefit.
There is not a sustainable business case for developing rare earth
mining and production capabilities in the United States at this time
due to the current overcapacity in the market. Compared to domestic
commercial demand for rare earth materials, the Department's industrial
base requirements are very small. Accordingly, the current risk
mitigation effort being pursued by the Department is stockpiling. The
ongoing establishment of rare earth inventories will mitigate much of
the Department's risk for a relatively small investment.