The Government Semiconductor Chip Buying Problem
Author’s note: You can watch the video below
A few people have asked about the sources for this particular video. For this one, I drew from a variety of American presentations of how the military sources its semiconductors.
I briefly touched on it but I feel I did not give enough airtime to the government using Field Programmable Gate Arrays (FPGA) for their work. These versatile semiconductors can be reprogrammed for a desired function for a specific functionality after their manufacture. In a situation where small runs of specific chips are not possible, these are a Godsend.
Last year, AMD purchased Xilinx, a large maker of FPGAs, for $35 billion in an all-stock deal. Considering their growing importance in testing and government use - as well as AMD’s overpriced stock - I reckon it’s a pretty savvy buy.
I forgot to mention that I have a Twitter now. You can follow it if you want.
If you want to help support the work, consider checking out the Asianometry Patreon. Get access to videos long before they are released. I just uploaded a new video about Australia towing icebergs from Antarctica. Enjoyed making that one.
Let us talk briefly about making chips in America.
People keep talking about "securing America's chips" and "national security implications". I have been curious about what that actually meant. And why the economics and business dynamics of the industry have made sourcing chips for America's military so difficult.
In this video, I want to go over how the American military has kept their chips "clean", how that program has evolved over time, and the industry dynamics that make such a thing so challenging.
To be clear, this is not an exhaustive review, but a brief explainer. Well, if you can call 10+ minutes brief.
Chips and America
America has derived much of its technological and military advantages from having certain semiconductors. From Apollo program of the 1960s to today's sharpest military machines - F-22s and submarines alike. All use semiconductors in prolific amounts.
It has been an enduring American advantage and why the government has been protective of its semiconductor industry from almost the very beginning. The protectionism might ebb and flow in waves but it has never really went away.
But over time, American semiconductor fabs started to lose pace with the rest of the global market. Asian fabs began to gain share starting in the 1980s. There are a number of reasons for this.
One has to do with the lower costs of labor and such. American wages are higher than those in places like South Korea. It is a thing, but if it were the only thing then it would be a solvable problem. It is not and that is why hard things are hard.
Two, explicit national economic policy and state-level support in the form of subsidies or guarantees. South Korea, Japan, Singapore and Taiwan all made it a policy goal to catch up to American leadership in semiconductors.
Third, the consumer market is vastly larger than the government buying market. Uncle Sam buys a lot of chips, but nowhere near what the world buys - less than 1% share. The market is dictated by consumers now, not the government.
Fourth, the rise of the fabless semiconductor model has made it much easier and profitable for companies to outsource their manufacturing. Companies like Qualcomm, Broadcom, AMD, and Nvidia are shining examples of the fabless business model allowing for more focus and profit than the traditional integrated model. For a chip entrepreneur, the choice is obvious.
And lastly, it is just getting harder. This is not just an American manufacturing issue. In previous videos, I have profiled semiconductor industries in Singapore, China, Japan, and Malaysia.
Extremely well-funded, very competent, and highly motivated. Virtually all of them have found themselves struggling to get to the next level year after year. As a famous American once said, “Don’t hate the player, hate the game.” The game is insanely hard.
So I hope that I have established the issue of American semiconductor offshoring. Let us talk about the value of chips and the value of trust.
Chips and Trust
Chips have gotten fantastically complicated over time. A constant theme in my videos is that it takes a village to build a leading edge chip.
The M1 chip in my MacBook might have been designed in the United States, but the wafer it came from was fabbed by TSMC in Taiwan. The tools TSMC used to fab and test that wafer as well as assemble the subsequent chip were made in Taiwan, the Netherlands, Germany, China, and Japan.
This virtual United Nations is great for international togetherness and kumbaya. But it falls short of the military’s definition of trust in supply.
Let us focus on that word. Trust. What does trust mean?
It essentially means assuring that the chip does what it is supposed to do, and only that. Michael Wynne, the 21st Secretary of the Air Force, defined trust in 2004 as:
The confidence in one's ability to secure national security systems by assessing the integrity of the people and processes used to design, generate, manufacture, and distribute national security critical components
The idea centers around the "chain of custody". To make sure that the military knows where everything is at all times.
You are trying to avoid intentional or unintentional modifications of ICs. Outside knowledge coming in. While at the same time, protects them from being reverse engineered and having their functionality exposed. Inside knowledge getting out.
(Side note. Ironically enough, Wynne himself resigned from the Air Force after a number of bungled incidents. Including one where Taiwan ordered helicopter batteries but instead got nuclear weapons fuses. Happens to me all the time with my Amazon packages.)
The problem is that if the military wants to use the latest and greatest chips, then they need to be able to track that chip through the latest and greatest supply chains. Which is almost always ends up to be the latest and greatest mess.
Here is an example. A study of a single component for the Joint Strike Fighter found that the unnamed component changed hands 15 times before the final install. It went to Mexico, Costa Rica, Singapore, Taiwan, the Philippines, Japan, Korea, Taiwan, Israel, Europe and finally, China. That is just one component.
This is compounded by the fact that there are many potential threats all along the semiconductor manufacturing process. If we were to lay out the entire manufacturing value chain, we could identify a threat to each one of the steps within that chain.
The Government Semiconductor Chip Buying Problem
So let us see. You are the government and you want to buy good chips. You go to a vendor and ask them to make the chips for you.
For most situations, the government’s sheer size can attract companies and influence their production decisions. That is the point of the US General Services Administration, a government entity that funnels together the national government's collective buying power to lower costs.
The scale incentives companies to jump through the hoops they got to jump through. But as I demonstrated earlier, the consumer market is far bigger than even the American government. Companies would rather go for that sweet GPU or crypto-mining money.
The Department of Defense buys 1.9 billion chips a year per a 2016 DoD report. That sounds like a lot. But in 2020, Apple sold 200 million iPhones. They sold 81 million iPads and Macs during that same time period. 280 million A and M-series chips in a single year, or 15% of that 1.9 billion. Just one company. The consumer market is so much bigger than anything the GSA can bundle together.
The Department of Defense buys 1.9 billion chips a year per a 2016 DoD report. That sounds like a lot. But in 2020, Apple sold 200 million iPhones. Each iPhone has an M1 chip, memory chip, numerous radio chips, charging chip, and more. Apple easily sold over 1.9 billion chips in 2020 with just their iPhones. The consumer market is so much bigger than anything the GSA can bundle together.
The United States itself is less than 15% of the entire market. In a globalizing world, the USA's buying power is not as big a deal anymore.
Furthermore, chips are specialized things. A chip used by the Missile Defense Agency has little to do with chips used by the National Nuclear Security Administration. Things can be done to ameliorate that - I notice that the government asks for a lot of Field Programmable Gate Arrays or FPGAs, which allows for configuration after manufacture - but only so much can be done. Especially as they age and become obsolete.
With all the headache and issues relating to sourcing good semiconductors for the US military, the government decided way long ago that it needed a network of trusted suppliers and foundries to make its chips. Thus was born the Trusted Foundry program.
The Trusted Foundry Program
The Trusted Foundry program was established in 2004 to provide a defense industrial base of leading edge, trusted commercial suppliers for critical integrated circuits used in sensitive defense, weapons and intelligence machinery.
They first signed a 10-year contract with IBM to be the sole provider. Two fabs in East Fishkill, NY and Burlington, VT would handle these manufacturing jobs. The government got access to all of IBM's commercial libraries and IP at commercial pricing.
Then in 2014, GlobalFoundries announced that it would acquire the two IBM foundries under the trusted foundry contract. GlobalFoundries is majority owned by the Abu Dhabi Government. Abu Dhabi is not America.
The infamous Committee on Foreign Investment in the United States, CFIUS, reviewed the transaction and approved it in July 2015. I have mentioned CFIUS in videos about Broadcom and Tsinghua Unigroup. Check them out.
CFIUS gave its approval but obviously this was not the ideal solution. So in 2019 the foundries were again sold to Arizona-based, publicly traded ON Semiconductor. By then, GlobalFoundries had already left the leading edge - staying put at 12nm and not moving on to 7nm.
Nanometers aren't everything. Speciality processes have real value. And GF’s 12nm is quite good for most military use cases, even relatively advanced ones. I agree.
But the experience tells us that the sole-source trusted foundry approach is unsustainable. Nor is it fiscally practical especially at the leading edge. A 2017 estimate by the National Security Division in the Office of Management & Budget found that it would cost the American government $100-140 billion to bring all the fabrication facilities it needs in-house. That is 20% of the annual defense budget. And it would be just an initial investment.
The government wants to have access to better nodes and avoid situations like what happened with the IBM fabs. The next iteration of the Trusted Foundry program has to accommodate that.
Trusted Accreditation
Once it became clear that relying on a single trusted fab would not fix the problem, the Department of Defense through the Defense Microelectronics Activity (DMEA) began certifying commercial suppliers if they meet trusted standards.
Today, there are 78 suppliers with some form of certification across the semiconductor value chain from design to fabrication to packaging. I discussed one such foundry in my video profile of SkyWater Technologies. SkyWater's Minnesota fab is 1A accredited, and is the only such one controlled by American investors.
The program has been around for a while, but most of the larger microelectronics firms have passed on accreditation. Extra security, paperwork, custody tracking, and other specific requirements raise the costs of servicing the US Government.
Furthermore, the government's obsolescence requirements mean that their foundries have to keep making the same chip for far longer than they usually would. This is while the rest of the market is moving on to the next big thing. SkyWater for instance is still running with a 65nm process, first introduced by TSMC in 2005.
Back when GlobalFoundries owned the two fabs in the Trusted Foundry program, DoD revenue made up 2% of their overall revenue. It just did not make sense for GlobalFoundries to deal with all that for just 2%.
Now, there is a great build out of chip making facilities across the United States. TSMC in Arizona is the most prominent but Intel, GlobalFoundries, Samsung and more are getting into the fun.
Considering the new nationalist tone of the industry, it seems likely that these foundries, especially Intel, will at least play around with the process. But whether the same industry dynamics will start playing out later down the line, that is something to consider.
Conclusion
Of course this manufacturing stuff matters, and it is right for the government to do something about it. Hardware vulnerabilities like SPECTRE or MELTDOWN have gotten a lot of press and rightfully so.
Making sure that the government's custom made chips are secure is incredibly important. But there are many, many ways to compromise a chip. To close, I can give you a non-exhaustive list to keep you up at night.
One, the government still sources a lot of chips from traditional commercial sources. Latent vulnerabilities can be planted there. Anyone remember that Bloomberg SuperMicro story that got everyone so mad? Whether or not it actually happened, the risk exists.
Two. There has been little mainstream attention paid to potential compromises at the chip design stage. Today's chips have billions of transistors. Today's designers lean heavily on software to do their designs. Said software is subject to compromise.
And three. On-shore manufacturing is not the end-all, be-all. Geography presents less of a barrier than you think. Vulnerabilities can be inserted from abroad. Insiders can be turned to carry out specific activities.
Trusted Foundry is an interesting program that attempts to tackle a difficult problem. But as times change, it too will have to keep changing and expanding to keep up.