A company that manufactures critical infrastructure components is designing a hardware assurance program to mitigate supply chain risks, such as counterfeit chips and hardware Trojans. Which of the following strategies provides the most comprehensive hardware assurance throughout the product's life cycle?
Relying exclusively on purchasing components from authorized distributors and obtaining certificates of conformance.
Using statistical sampling to test a small percentage of chips from each batch for functional correctness.
Performing a single, thorough authenticity verification on all integrated circuits upon final product assembly.
Implementing authenticity and integrity checks at multiple stages, including component receiving, post-assembly, and during operational deployment.
A comprehensive hardware assurance program employs a defense-in-depth strategy, integrating checks throughout the product life cycle. Implementing authenticity and integrity verification at multiple stages-such as when components are received, after assembly, and even during runtime-provides the most robust protection. A single check at final assembly is insufficient, as it occurs too late to prevent the costly integration of compromised parts. While sourcing from authorized distributors is a critical practice, it should be part of a larger strategy and not the sole method of assurance, as supply chain vulnerabilities can still exist. Relying only on statistical sampling for functional tests is inadequate for detecting targeted malicious modifications like hardware Trojans, which may not affect normal functionality and can be missed by sampling.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to verify integrated chips during production?
Open an interactive chat with Bash
What methods are commonly used to confirm the authenticity of integrated chips?
Open an interactive chat with Bash
What are the potential risks if authenticity checks are skipped during production?