Capstone Team Report -The Vicious Circle of Smart Grid Security
Kill Switch Report
1. To: Will Levi
From: Ryan Andersen
Re: Labeling “Kill Switches”
Date: July 15, 2015
Will:
You asked me to look into computer chip integrity and the possibility that “kill switches,”
or hardware built into microprocessors that allow a remote user to access a device without the
operator’s consent or knowledge, could present a national security concern and a liability for
individual consumers. The Department of Defense drafted a report on the topic in response to
Senate Report 113-85 and S. 1429, and identified issues like large volume of microprocessors it
uses and the difficulty in detecting kill switches as areas of ongoing vulnerability. The Department
devised several plans, however, to correct that vulnerability including the development of
hardware able to detect kill switches and other microprocessor defects. Dr. Phillip M. Adams also
wrote a memorandum on the issue, suggesting that the Consumer Products Safety Commission
could use its regulatory power to require microprocessor manufactures to so label their products if
they include a kill switch. It is unlikely, however, that such an action would fall within the
Consumer Product Safety Commission’s scope of authority.
You also asked me for recommendations for future actions. The Defense Department’s
report indicates that its complex supply chain, the volume of microprocessors it regularly acquires,
and the difficulty in detecting kill switches makes it somewhat vulnerable to an attack utilizing kill
switches. Therefore, such a scenario should be included in national security contingency plans. It
would also be prudent for the Department of Defense to coordinate with private entities to ensure
the safety of critical infrastructure as it works to minimize the vulnerability to kill switches and
regularly inform Congress of its progress in that direction.
Discussion
Kill switches pose a potential threat to both national and consumer security. Generally,
they are difficult if not impossible to detect before they are activated. California is currently the
only jurisdiction with law related to kill switches. That law requires smartphones to have a kill
switch in order to shut down a device in the event it is stolen in order to protect the owners’
personal information. Consumer rights groups argue that engineering back-door access to a device
2. could allow a hacker to use that same door to remotely shut down a device as well, thus allowing
cybercriminals another avenue of action.
This concern also applies to government agencies, particularly the Department of Defense.
Because the vast majority of microprocessors are manufactured in Taiwan and China, there is
concern that military or other critical components contain kill switches manufactured by the
Chinese for the purpose of sabotage. While some military equipment uses custom-built electronics,
the Department purchases a substantial amount of off-the-shelf equipment that could be
vulnerable. In 2003, the Department of Defense began reviewing its acquisition process and
developed protocols for future actions including protecting a domestic microprocessor
manufacturing base, working with the National Security Agency to fully identify related
vulnerabilities, and accrediting trusted providers. The Department is also developing hardware
able to detect a kill switch. The sheer volume of microprocessors the Department regularly
acquires, however, and the difficulty in detection makes the task of combating kill switches
problematic. The Department’s report states that conventional methods of detection “will not
uncover intentional and surreptitiously implanted flaws” within a microprocessor.
Recommendations
The difficulty in detection is one reason why labeling microprocessors if they contained
kill switches would be ineffective. Without means of verifying compliance, a statute requiring
manufactures to label their products would rely solely on manufacturers’ assertions that non-
labeled microprocessors did not contain kill switches. This creates a regulatory environment where
the regulators cannot verify compliance unless a kill switch is activated. Therefore, labeling could
not prevent any harm a kill switch might inflict; regulators’ only actions would be in reaction.
If, however, labeling microprocessors could be effective the Consumer Products Safety
Commission does not possess the regulatory power to force microprocessor manufacturers to label
kill switches. The Consumer Products Safety Commission derives its authority from 15 USCS §
2058. In order for something to fall within the Commission’s scope of authority, it must incur the
“risk of injury.” This is defined as “a risk of death, personal injury, or serious or frequent illness.”
While it is not inconceivable that a kill switch could, depending on the nature of the affected
device, cause physical actions to occur, remotely accessing and shutting down most computer
3. systems does not produce the risk of injury defined in 15 USCS § 2058. Therefore, the Consumer
Products Safety Commission does not likely possess the regulatory authority to force
manufacturers to label kill switches.
Despite these challenges, there are proactive measures that can be taken in response to kill
switches. Both consumers and the military should prepare for an event related to kill switches. One
promising development is the Department of Defense’s ongoing development of hardware that
will detect kill switches. The Department should be encouraged to share this technology with
critical infrastructure when it becomes available, and continue to update Congress as to its progress
on the issue.