Skip the navigation

Ira Winkler: Press falls short in reporting on chip hack

When researchers uncovered a back door in a MILSPEC chip, the reports all seemed to imply that it was no big deal

By Ira Winkler
June 14, 2012 08:48 AM ET

Computerworld - I'm a writer, not a reporter, but like many consumers of news reporting, I sometimes think reporters take the easy way out. They report on someone saying or doing something controversial, then they find one person who will say that what that person said or did was wrong. End of story, so to speak.

This follows the "there are two sides to every story" theory of news reporting; once you've reported the point and counterpoint, there's nothing else to say, right?

But truth and reality -- those things that reporters presumably should be trying to reveal -- are often more complicated than that. And I often see how inadequate this approach can be when I'm reading about something that I know a good deal about.

Case in point: Researchers from the University of Cambridge revealed that there were back doors in military-grade chips and suggested that China was behind their installation. In story after story in the computer press, I read that information, followed by quotes from the Errata Security blog of Robert David Graham, who argued that there was no evidence China was involved and that it was unlikely that there was any malicious intent behind the installation of the back door. And that was all; no quotes from any other experts.

That bothers me, because I know they could have found plenty of people with solid credentials to refute what Graham had to say. They could have asked anyone familiar with national cybersecurity matters, people like former White House adviser Richard Clarke and former top cyber cop for the FBI, Shawn Henry. Both have been vocal about the cyber-espionage threat that the U.S. and U.S. companies face from China and other nation-states.

And it especially bothers me because this is the computer press we're talking about. When a vulnerability like the one described by the Cambridge researchers is downplayed in the computer press, there can be repercussions. Security managers in major companies know firsthand that they are being breached by China on an ongoing basis. They ask for budgetary resources to deal with such threats. Then along comes a story about researchers verifying that chips from China do indeed have a major vulnerability. To me, that should be the story. No one is disputing that the vulnerability exists. It was uncovered by researchers with very limited resources. That suggests that, even if China didn't install the back door, a nation-state, backed by tremendous resources, certainly could have found this vulnerability before now and could be exploiting it. But the news stories do not make that point; instead, they quote someone who says, in effect, this is nothing to take seriously; we've seen it all before; it's no big deal.

Our Commenting Policies