èƵ

UK is right to worry that tech takeovers may let hackers in

Electronic chips made abroad can be altered to allow foreign powers to disrupt critical infrastructure. Nations are right to fret about it, says Paul Marks
An altered computer chip
Altered computer chips can act as hardware viruses to let hackers into machines
Krisztian Bocsi/Bloomberg via Getty

Should the UK continue to allow overseas buyers to take control of its technology firms? It’s a burning question at a time when commercial products like computer chips increasingly underpin critical national infrastructure in defence, energy and health.

In a globalised economy, cross-border business acquisitions have become routine. But the of some of them have prompted the UK government to launch a review.

Amid a backdrop of wider worries of state-sponsored cyberattacks, the government’s litany of concerns includes a nagging suspicion that foreign high tech acquisitions might offer malicious forces abroad “greater opportunity to undertake disruptive or destructive actions”.

One possible route is created because technology companies increasingly outsource the manufacturing of computer chips abroad. That’s a point in the supply chain that could be exploited, especially after a takeover backed by a foreign power with malign intentions.

Hardware viruses

In , electronics engineers and chemists have shown over the past decade that computer chip design blueprints, and the , can be adjusted to modify a chip that may then find its way into national infrastructure.

People have also shown that s can allow such modifications, malicious or otherwise, to bypass not only the computer’s operating system but also security measures such as antivirus software, too.

These modifications, known as killswitches or hardware trojans, are effectively computer viruses with physical, rather than virtual form. But they are so diminutive – only a few transistors amongst billions on a chip need be changed – that they are hard to detect.

So a seemingly authentic microchip could at a time of a saboteur’s choosing switch off life-critical systems in vital infrastructure, like an intensive care unit or the brakes across a fleet of cars. Or it could leak cryptographic keys to enable access to specific email accounts, say. Or quietly siphon off corporate intellectual property data.

Backers or hackers?

That last point takes us to another of the UK review’s main worries, that foreign ownership might make industrial espionage easier. The problem is that some countries acquiring British technology companies continue to hack other UK companies and steal their intellectual property.

Under suspicion, in the main, is China, which, while a major acquirer of Western tech firms, also maintains a standing army of advanced hackers, operating under the aegis of the People’s Liberation Army. At least one PLA division, Unit 61398, appears to be tasked with the online theft of draft patents, blueprints and confidential data from Western companies.

While the UK ponders the issue, the US government is acting: its Committee on Foreign Investment in the United States scrutinises such deals and recently blocked a Chinese acquisition of American chipmaker Lattice Semiconductor on national security grounds.

It’s time the UK and other Western nations wised up to the risks that present.

Topics: Computer crime / Hacking / Technology / United Kingdom