Supply chain threats demand industrywide approach to AI

All the sessions from Transform 2021 are available on-demand now. Watch now.

As the world becomes increasingly reliant on technology, organizations have to consider the growing threats to their supply chain. Goldman Sachs principal engineer Michael Mattioli and AMD CTO Mark Papermaster spoke about this issue at VentureBeat’s virtual Transform 2021 conference last week. They stressed that this is not a problem any single company can solve alone — changing the ecosystem will require industrywide collaboration.

The supply chain is “remarkably complex,” Mattioli said, as it goes all the way back to when the chip or board is designed. It’s then sent to the foundry to be manufactured, but depending on the type of component it is, it may pass through a series of manufacturers before it reaches an OEM like Dell, HP, or Lenovo; a reseller like CDW; or a retailer like Best Buy. After all this, it’s finally shipped to the end user. Along each step of the way, the piece is handled by different companies and modes of transport (ship, truck, etc). That leaves a lot of different points when someone malicious could sneak in a change or tamper with a step.

“People are motivated in a variety of different ways to do something malicious. It could be counterfeiting so that they could make money. It could be espionage so that they could steal data,” Mattioli said.

The idea that there may be a counterfeit, or tampered-with component, is a worrying one. Organizations don’t want to have a product that is performing less efficiently or is less capable than it should be. That can have an impact on how long the product lasts before breaking or how long it takes to complete jobs. The tampering is an even bigger concern since the device can no longer be trusted and may be stealing data or performing actions the user is not aware of.

Different companies have built different tools that can tackle their part of the supply chain, such as the fact that AMD has some technologies in place to detect whether chips have been tampered with or a counterfeit component being used. But at this time, there’s really nothing that can detect or deter supply chain threats end-to-end, Papermaster said. Even Apple and Amazon, despite their clout, do not have full control over their supply chains.

The big question, according to Papermaster, is “Are we doing enough as an industry? [Regarding] that web of the supply chain, how do we collaborate more?”

Working together

This is why industry collaboration is essential, Papermaster and Mattioli said. The only way companies are going to get a better grasp of the supply chain is through industrywide and ecosystem-wide participation and cooperation. Goldman Sachs and AMD recently joined the Trusted Computing Group and the Global Semiconductor Alliance to encourage industry collaboration. The relationship is a technical one to develop open standards, create interoperable technology, and share build processes in order to ensure nothing has been tampered with. It is also a business relationship, as these companies have to figure out how best to work together on a shared goal.

Artificial intelligence and machine learning can help tackle one of the technical challenges using a technique called fingerprinting, Mattioli said. This method uses the specific information about a piece of hardware — such as voltage, temperature, and frequency, which can be found with hardware performance counters — to create a unique profile of a product that can be tracked throughout its entire lifecycle. “If you did that, with all the components on the board, not only can you get a fingerprint of just that one component, but you can get a fingerprint of every other component and then the whole board itself and then the whole system itself,” Mattioli explained. It can be a powerful tool. If companies can agree on how to share the data that creates that fingerprint, authenticity can be confirmed at every step of the supply chain using AI.

Fingerprinting would also be useful for detecting counterfeit products since the technique doesn’t require visual inspection. Counterfeit products are sophisticated enough that they becoming increasingly difficult to visually identify as fake. In some cases, an X-ray would be needed to identify the component, but that is time-consuming process and not always available. Being able to use fingerprinting to check for counterfeiting “saves a lot of headache and frustration,” Mattioli said.

Papermaster noted that although AI and ML can be helpful tools, the success of technological security ultimately hinges on the cooperation between companies. “[It’s] an incredibly exciting area, and lots more innovation to come in this space, with the industry collaborating together and leveraging these AI techniques,” Papermaster said.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Leave a Comment