[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]




 
                         [H.A.S.C. No. 114-63]

                     ASSESSING DOD'S ASSURED ACCESS

 TO MICROELECTRONICS IN SUPPORT OF U.S. NATIONAL SECURITY REQUIREMENTS

                               __________

                                HEARING

                               BEFORE THE

              SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS

                                 OF THE

                      COMMITTEE ON ARMED SERVICES

                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             FIRST SESSION

                               __________

                              HEARING HELD

                            OCTOBER 28, 2015
                            

                                     
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]   

                                     
  


              SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS

                  VICKY HARTZLER, Missouri, Chairwoman

JEFF MILLER, Florida                 JACKIE SPEIER, California
K. MICHAEL CONAWAY, Texas            JIM COOPER, Tennessee
JOSEPH J. HECK, Nevada               HENRY C. ``HANK'' JOHNSON, Jr., 
AUSTIN SCOTT, Georgia                    Georgia
MARTHA McSALLY, Arizona              GWEN GRAHAM, Florida
                 Heath Bope, Professional Staff Member
                 Mike Amato, Professional Staff Member
                 Mike Casey, Professional Staff Member
                        Spencer Johnson, Counsel
              Lindsay Kavanaugh, Professional Staff Member
                          Abigail Gage, Clerk
                          
                          
                          
                          
                          
                            C O N T E N T S

                              ----------                              
                                                                   Page

              STATEMENTS PRESENTED BY MEMBERS OF CONGRESS

Hartzler, Hon. Vicky, a Representative from Missouri, Chairwoman, 
  Subcommittee on Oversight and Investigations...................     1
Speier, Hon. Jackie, a Representative from California, Ranking 
  Member, Subcommittee on Oversight and Investigations...........     2

                               WITNESSES

Baldwin, Kristen, Principal Deputy Assistant Secretary of Defense 
  for Systems Engineering........................................     7
Gudger, Andre, Acting Deputy Assistant Secretary of Defense for 
  Manufacturing and Industrial Base Policy.......................     6
Hamilton, Brett, Chief Engineer for Trusted Microelectronics, 
  Naval Surface Warfare Center Crane Division....................     9
Mak, Marie, Director, Acquisition and Sourcing Management Team, 
  Government Accountability Office...............................     4

                                APPENDIX

Prepared Statements:

    Gudger, Andre, joint with Kristen Baldwin and Brett Hamilton.    39
    Hartzler, Hon. Vicky.........................................    27
    Mak, Marie...................................................    29

Documents Submitted for the Record:

    [There were no Documents submitted.]

Witness Responses to Questions Asked During the Hearing:

    [There were no Questions submitted during the hearing.]

Questions Submitted by Members Post Hearing:

    Mrs. Hartzler................................................    57
    Mr. Hunter...................................................    62
    Mr. Wilson...................................................    60
    
    
    
 ASSESSING DOD'S ASSURED ACCESS TO MICROELECTRONICS IN SUPPORT OF U.S. 
                     NATIONAL SECURITY REQUIREMENTS

                              ----------                              

                  House of Representatives,
                       Committee on Armed Services,
              Subcommittee on Oversight and Investigations,
                       Washington, DC, Wednesday, October 28, 2015.
    The subcommittee met, pursuant to call, at 3:46 p.m., in 
room 2118, Rayburn House Office Building, Hon. Vicky Hartzler 
(chairwoman of the subcommittee) presiding.

OPENING STATEMENT OF HON. VICKY HARTZLER, A REPRESENTATIVE FROM 
      MISSOURI, CHAIRWOMAN, SUBCOMMITTEE ON OVERSIGHT AND 
                         INVESTIGATIONS

    Mrs. Hartzler. Welcome, everyone. Thank you so much for 
your patience and for coming today and for being here.
    The Department of Defense is highly reliant on acquiring 
customized and commercial off-the-shelf computers, 
communications equipment, integrated circuits, application 
software, and other information communications technology to 
maintain its crucial advantage over our adversaries, and in 
support of partner nations and allies around the world.
    The Department strives to develop cutting-edge technology 
that provides superior capabilities to the warfighter to 
fulfill critical mission operations. In order to achieve that 
goal, the Department is dependent in part on its ability to 
incorporate rapidly evolving leading-edge microelectronic 
devices into its defense systems, including technologies for 
which there is little or no commercial demand.
    More concerning, and with increasing frequency, commercial 
business trends are forcing the Department and its commercial 
supplier base to rely on foreign-owned companies to produce 
some of the most advanced technology solutions.
    Although the globalization of the semiconductor industry 
has increased the pace of technological innovation, it also 
raises national security concerns for the United States. The 
functionality of the Department's mission-critical systems and 
networks extensively leverages commercial, globally sourced 
microelectronics. However, this consequently provides state and 
non-state adversaries an opportunity to corrupt our supply 
chain.
    At one end are counterfeit microelectronics, which can have 
detrimental performance impacts on our systems, all the way to 
systems specifically designed to introduce malicious code into 
the supply chain and otherwise gain illicit access to the 
Department's military systems and networks.
    In 2003, the Defense Science Board Task Force on High 
Performance Microchip Supply concluded that the Department had, 
and I quote, ``no overall vision of its future microelectronics 
components needs and how to deal with them. Technology and 
supply problems are addressed as they arise. An overall vision 
would enable the Department to develop approaches to meeting 
its needs before each individual supply source becomes an 
emergency,'' unquote.
    Not until 6 years later, in 2009, and in response to 
legislation contained in the fiscal year 2009 National Defense 
Authorization Act, did the Department develop a strategy to 
address the issue of assured access to secure and reliable 
microelectronics. But even today the implementation and 
successful execution of that strategy is questionable, and the 
uncertainty of the Department's ability to maintain military 
superiority in critical leading-edge microelectronics 
technology is in doubt by many on this committee.
    Recently, the Committee on Foreign Investment in the United 
States approved the acquisition of IBM's [International 
Business Machines] microelectronics foundry, the Department's 
sole source U.S.-based supplier for leading-edge 
microelectronics, by a foreign-owned company. Now that the IBM 
is no longer available as a guaranteed source for the 
Department's needs for trusted microelectronics, the Department 
is facing potentially alarming vulnerabilities as a consequence 
of relying on a sole source supplier for leading-edge 
microelectronics for the past 10 years.
    The risk to the Department increases dramatically with the 
loss of IBM's Trusted Foundry and will be further exacerbated 
as long as no clear solution exists for how the Department 
plans to mitigate this challenge. Together, we must solve the 
challenges confronting the Department's assured access to 
trusted microelectronics in a long-term, sustainable, 
efficient, and most important, affordable fashion.
    Today at this hearing we hope to learn more about the risks 
and issues confronting the Department in acquiring secure, 
trusted leading-edge microelectronics. And we hope to 
understand more about the Department's strategy and any course 
corrections needed to address these issues.
    But before I introduce the witnesses, I turn to the 
Oversight Investigation Subcommittee ranking member for her 
opening remarks, anything she would like to make.
    [The prepared statement of Mrs. Hartzler can be found in 
the Appendix on page 27.]

    STATEMENT OF HON. JACKIE SPEIER, A REPRESENTATIVE FROM 
   CALIFORNIA, RANKING MEMBER, SUBCOMMITTEE ON OVERSIGHT AND 
                         INVESTIGATIONS

    Ms. Speier. Thank you, Madam Chair.
    I would like all of us to imagine the following frightening 
scenario: Hostilities in the South China Sea are at their peak, 
the U.S. Navy has formed a blockade around disputed islands, 
and alarms sound on the bridge of one of our ships. There are 
aircraft approaching our blockade when suddenly all the 
monitors on the bridge go dark.
    Why is this happening? Well, in our hypothetical story, 
because the semiconductor manufacturers who created parts for 
the ship's radar system was based in China, and 5 years earlier 
the Chinese Army had placed a kill switch in our radar. We have 
just lost the war without ever firing a shot.
    This is a stark example, but it is entirely possible. As 
our reliance on microelectronics grows and the world's 
production of these components continues its overwhelming shift 
to Asia, the risk grows right alongside it.
    We must be acutely aware that production of these 
components overseas is a critical vulnerability for the United 
States. It allows our adversaries an opportunity to corrupt 
critical infrastructure and introduce malicious code, greatly 
increases the loss of intellectual property, and it could cut 
off our access to critical technologies or disrupt supply.
    We know that our adversaries are committed in their effort 
to counter, copy, or kill our weapons and target our 
technological edge. We should not make it easy for them. We 
should also be doing everything we can to harness the 
innovative power of technology companies right here in the 
United States so that we can pull ourselves back ahead of the 
curve on this issue.
    As the microelectronics production migrates to Asia, we 
should be investing in the work of capable entrepreneurs and 
researchers, like those in Silicon Valley, to ensure they 
develop future technologies that will give us assured access to 
alternative trusted sources of leading-edge components.
    Hardware is an especially critical part of this puzzle. 
Compared with software, hardware vulnerabilities are harder to 
detect, more destructive, and harder to repair.
    Integrated circuits in microelectronics are used in 
everything from cruise missiles to drones and classified 
computer systems. Building a kill switch into a computer chip 
could mean embedding as few as 1,000 transistors hidden 
throughout the hundreds of millions that are already in the 
original design. It could shut down a radar system, steer a 
missile off course, or cause an airplane engine to fail 
catastrophically.
    The steps we have already taken, such as establishing the 
Trusted Defense System Strategy, the Trusted Access Program, 
and the Trusted Foundry Program, are critical. But we must do 
more. We have to figure out a way to stay ahead of this threat 
and provide the Department of Defense and the intelligence 
community with a stable domestic supply chain while maintaining 
a leading edge on microelectronic devices that have no 
commercial demand.
    We must also do more to collaborate with the private sector 
and develop innovative ways around this problem. Technology 
innovators throughout my district push the envelope of what is 
possible every day. But as we all know too well, pushing the 
envelope inside the halls of the Pentagon often takes time, too 
much time.
    I look forward to hearing from our witnesses and their 
analyses of future technological developments and the current 
progress towards ensuring access to trusted mission-critical 
microelectronics.
    And I would like to thank Mrs. Hartzler for holding this 
hearing today, and I yield back.
    Mrs. Hartzler. Thank you, Ranking Member Speier.
    Our witnesses with us today are Ms. Marie Mak from the 
Government Accountability Office [GAO]. And she is the Director 
of the Acquisition and Sourcing Management Team for GAO. Mr. 
Andre Gudger from the Office of the Secretary of Defense. He is 
the Acting Deputy Assistant Secretary of Defense for 
Manufacturing and Industrial Based Policy. Ms. Kristen Baldwin, 
also from the Office of the Secretary of Defense. And she is 
the Principal Deputy Assistant Secretary of Defense for Systems 
Engineering. And Mr. Brett Hamilton, a government 
representative of the United States Navy. He is the Chief 
Engineer for Trusted Microelectronics in the Flight Systems 
Division of the Global Deterrence and Defense Department at the 
Crane Division of the Naval Surface Warfare Center located in 
Crane, Indiana.
    So thank you all for being with us today. And we will now 
begin with our opening statements.
    So, Ms. Mak, we will begin with you as soon as you are 
ready to proceed. Thank you.

  STATEMENT OF MARIE MAK, DIRECTOR, ACQUISITION AND SOURCING 
       MANAGEMENT TEAM, GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. Mak. Thank you. Good afternoon, Chairwoman Hartzler, 
Ranking Member Speier, and members of the subcommittee. Thank 
you for inviting me here today to discuss GAO's work on DOD's 
[Department of Defense's] effort to provide access to trusted 
leading-edge microelectronics.
    DOD's ability to provide superior capabilities to the 
warfighter is dependent in part on its ability to incorporate 
rapidly evolving leading-edge microelectronic devices into its 
defense systems while balancing national security concerns. 
However, market trends have created challenges for DOD. 
Increasing capital costs to make and produce these devices can 
be several billion dollars annually. This has resulted in 
increased specialization and consolidation by industry.
    Once dominated by domestic sources, microelectronics 
manufacturing is now largely conducted outside the U.S., 
primarily in Asia, and largely focused on high-volume 
production and short life cycles driven by demand for customer 
electronics. In contrast, DOD requirements for microelectronics 
tend to be low volume, with unique requirements, that generally 
are needed for very long periods because weapon systems are 
often sustained over decades.
    My statement today largely leverages off of our April 2015 
sensitive but unclassified report on this topic. The two areas 
that I would like to highlight today are, first, the 
implementation of the Trusted Supplier Program, and, second, 
the extent the Trusted Supplier Program provides for DOD's 
current and future access to leading-edge trusted 
microelectronics.
    DOD developed the Trusted Supplier Program as part of its 
overall Trusted Defense System Strategy. This strategy focuses 
on assessing DOD programs for their vulnerabilities and 
developing policies for requiring trust, meaning all the people 
and processes used to design, manufacture, and distribute 
national security critical components must be assessed for 
integrity. In 2006, DOD began expanding the number of trusted 
suppliers through an accreditation process, but only one had 
the capabilities to provide leading-edge technologies that meet 
their needs.
    Despite DOD's efforts to expand the number of trusted 
suppliers, it did not address alternative sources for leading-
edge microelectronics. It largely focused on two elements of 
risk: integrity, keeping malicious content out, and 
confidentiality, keeping critical information from getting out. 
However, the strategy did not address the risk of relying on a 
single supplier, leading to DOD's dependence on it for over a 
decade. As a result, DOD is currently in a situation where, 
potentially, there are no good answers to address the ``what 
now?'' question.
    And that brings me to my second point: DOD's current and 
future access to leading-edge trusted microelectronics. Over 10 
years ago, a Defense Science Board Task Force stated that the 
pace of these technologies being manufactured offshore was 
alarming due to its strategic significance to the U.S. economy 
and DOD's ability to maintain a technological advantage, and 
concluded at that point that urgent action was needed.
    DOD sought to mitigate this risk by awarding a contract to 
the only U.S.-owned corporation that could meet DOD's needs for 
trusted leading-edge microelectronics. Yet relying on this 
single supplier all this time created uncertainty regarding 
current and future access and its capabilities. In July 2015, 
the single provider transferred its microelectronics 
fabrication business to a U.S.-based foreign-owned entity, 
resulting in increased uncertainties about DOD's access.
    Our work this past year found that in the short term, DOD 
has no alternatives to the leading-edge microelectronics. As a 
result, there are risks for the DOD programs that use these 
technologies.
    For the longer term, we reviewed various options, including 
ongoing research and the possibility of a government-owned 
fabrication facility, the details of which are sensitive and 
therefore cannot be discussed in this forum. However, I would 
be happy to discuss them at a later time at your convenience.
    But the bottom line is that not only is the U.S. reliant on 
a single provider, it now faces the unknown risk of relying on 
one that is foreign owned. DOD is in a position where it faces 
some very difficult and complex decisions with potentially 
significant costs and national security implications.
    Microelectronics is just the latest of several defense 
industrial base issues. Other examples include rare earth 
materials, specialty metals, and counterfeit parts. We need an 
industrial base strategy that is much more proactive and less 
reactive.
    Chairwoman Hartzler, Ranking Member Speier, members of the 
subcommittee, this completes my prepared statement. I would be 
pleased to respond to any questions that you may have at this 
time.
    [The prepared statement of Ms. Mak can be found in the 
Appendix on page 29.]
    Mrs. Hartzler. Thank you, Ms. Mak. That was very 
informative.
    So, Mr. Gudger, you are now recognized for your opening 
statement.

STATEMENT OF ANDRE GUDGER, ACTING DEPUTY ASSISTANT SECRETARY OF 
      DEFENSE FOR MANUFACTURING AND INDUSTRIAL BASE POLICY

    Mr. Gudger. Thank you. Madam Chairwoman Hartzler, Ranking 
Member Speier, and distinguished members of the subcommittee, 
my name is Andre Gudger. I am the Acting Deputy Assistant 
Secretary for Defense for Manufacturing and Industrial Base 
Policy, and I appreciate the opportunity to testify today. I am 
joined here to my left with Ms. Kristen Baldwin, Principal 
Deputy Assistant Secretary of Defense for Systems Engineering, 
and to her left, Mr. Brett Hamilton, Naval Surface Warfare 
Center Crane.
    The role of the Office of Manufacturing and Industrial Base 
Policy is to advise the Secretary of Defense on all matters 
related to the defense industrial base. My office assesses 
proposed mergers, acquisitions, and foreign investment 
involving defense-related companies. Additionally, we assess 
the entire defense industrial base, make recommendations to the 
Secretary about its health, and then, when necessary, utilize 
DOD authorities to advance, sustain, shape, and support the 
industrial base.
    In particular, the global semiconductor industry is a key 
growth sector in the global economy. The U.S. semiconductor 
industry dominates 50 percent of the global market share. 
However, as technology and demand have advanced, it has driven 
the dynamics of this industry in a way that presents distinct 
challenges for DOD.
    The Department relies on innovation and commercialization 
of the U.S. semiconductor industry to maintain a healthy 
industrial supply for its systems. The escalating costs of 
investment for innovation in this industry is the single 
biggest factor facing U.S. suppliers wrestling with the 
decision to either join forces with other cash-rich entities 
making the necessary billion-dollar investment or simply quit 
the costly manufacturing business altogether.
    The DOD is less than 1 percent market share and has minimal 
influence over the semiconductor industry. The Department 
considers the dwindling number of domestic microelectronics 
manufacturers as a significant risk and may affect the most 
advanced microelectronics for the defense systems and platforms 
that must remain technology superior to our adversaries who are 
gaining traction through global industry players.
    In July of 2015, GlobalFoundries purchased IBM's U.S.-based 
Trusted Foundry, creating concerns associated with the 
Department's reliance on a sole source and single-qualified 
IBM-based technology component. These components are designed 
specifically for and used in many of DOD's major defense 
acquisition programs.
    DOD, the intelligence community, and the Department of 
Energy assessed how the loss of access to IBM's Trusted Foundry 
would disrupt their current and future national security 
programs. For the DOD, the total cost of loss assessed would be 
greater than a billion dollars. And given the research, 
redesign, prototyping, requalification tests, reproduction 
costs required to replace the required Trusted Foundry 
components, it is unknown. Operationally, the consequences of 
interrupting the national security programs that use these 
components are incalculable.
    Based on this assessment, the Department determined that 
the top priority is continuity of supply for these unique 
trusted products over the short- and mid-term. Concurrently, my 
office coordinated with other DOD elements, including the 
Defense Microelectronic Activity and the Defense Security 
Service, to ensure GlobalFoundries could obtain the appropriate 
accreditations to be a DOD trusted supplier post this 
transaction. The Department continues to work closely with 
GlobalFoundries as a source for the U.S.-based defense 
microelectronics.
    The Department continually conducts vigorous analysis of 
global markets to ensure the U.S. industrial base remains 
vibrant, competitive, and supporting all of DOD's needs. The 
Department's conducting a microelectronics industrial base 
study. The study goal is to lay a foundation for a dynamic 
partnership with key microelectronic industry players. A team 
of government experts interviewed, conducted site visits at 
several selected microelectronic companies, exchanging views 
with the Department on how we could pursue business models that 
would be consistent with industry.
    The study both made assessments of industry current 
capabilities, it summarized the voice of industry, and it is 
making recommendations on how the Department can engage the 
microelectronics marketplace not just today, but beyond. At the 
study's conclusion, the team will recommend strategies to the 
Department's requirements while addressing sustainable 
commercial strategy for the future.
    Additionally, the Department is taking steps to proactively 
identify our current and future critical suppliers in fragile 
sectors, like that of the microelectronics industry. The 
Department is deploying business intelligence tools utilizing 
big data principles to leverage the latest technologies and 
analysis techniques. This will allow DOD to engage proactively 
in the future to ensure that we have access to commercially 
driven technologies that maintain the military advantage on the 
battlefield.
    I would like to thank the committee for allowing me to 
speak today. As you can see, the Department is focused on 
addressing the challenges that are stemming from domestic and 
global microelectronics industry trends as DOD expands its 
Trusted Defense System Strategy. I look forward to answering 
any questions that you may have. Thank you.
    [The joint prepared statement of Mr. Gudger, Ms. Baldwin, 
and Mr. Hamilton can be found in the Appendix on page 39.]
    Mrs. Hartzler. Thank you.
    Ms. Baldwin, you are now recognized for your opening 
statement.

   STATEMENT OF KRISTEN BALDWIN, PRINCIPAL DEPUTY ASSISTANT 
          SECRETARY OF DEFENSE FOR SYSTEMS ENGINEERING

    Ms. Baldwin. Madam Chairwoman Hartzler, Ranking Member 
Speier, members of the committee, I am pleased to come before 
you today to testify about the Department of Defense's assured 
access to microelectronics.
    For a number of years the Department has been on a path to 
implement a Trusted Defense System Strategy. Codified in policy 
in 2012, this strategy manages risks to our systems from 
foreign intelligence collection, supply chain exploitation, and 
battlefield loss.
    DOD acquisition programs conduct program protection 
planning activities throughout the life cycle to mitigate 
opportunities for adversaries to sabotage or subvert mission-
critical system functions, system designs, and critical 
components of our systems.
    Critical components may be comprised of software, firmware, 
or hardware, whether specifically designed for DOD or 
commercially sourced. The protection of critical components is 
addressed through secure engineering designs and architectures, 
supply chain risk management practices, software and hardware 
assurance activities, and antitamper techniques.
    Program protection planning gives special attention to 
application specific integrated circuits, or ASICs. For ASICs 
that are custom designed, custom manufactured, or tailored for 
specific DOD military use, DOD requires they be procured from a 
trusted supplier accredited by the Defense Microelectronics 
Activity, or DMEA. DMEA manages the Trusted Supplier Program.
    DMEA accredits suppliers as trusted in the areas of 
integrated circuit design, aggregation, brokerage, mask 
manufacturing, foundry, post-processing, packaging and 
assembly, and test services. These services cover a broad range 
of technologies and are intended to support both new and legacy 
applications, both classified and unclassified.
    There are currently 72 DMEA-accredited suppliers covering 
153 services, including 22 suppliers that can provide full-
service trusted foundry capabilities. One of these full-service 
trusted foundries is the GlobalFoundries trusted foundry.
    In addition to trust, this trusted foundry provides the 
U.S. government guaranteed access to leading-edge trusted 
microelectronic services. For these leading-edge, state-of-the-
art microelectronics technology needs, the Department is 
concerned not only with trust and protection of our designs, 
but also the ability to compete for access to these 
technologies with commercial customers who command high-volume 
production requirements in comparison with typical low-volume 
needs of the Department. The trusted foundry has served DOD and 
interagency needs since 2003.
    Another important aspect of program protection is hardware 
and software assurance or the evaluation of our 
microelectronics components and our software to ensure they 
function as intended and have not been altered. Last year the 
Department established a Joint Federated Assurance Center, 
federating expertise, tools, and methods to support acquisition 
program hardware and software assurance needs. The Naval 
Surface Warfare Center at Crane serves as the chair of this 
federation, the Hardware Assurance Technical Working Group. In 
this role, Crane leads coordination of the core hardware 
assurance laboratories across the Army, Navy, Air Force, and 
NSA [National Security Agency].
    Looking ahead, the Department must seek options that enable 
both trust and access to needed microelectronics capability 
from the commercial marketplace. Research is ongoing at the 
Defense Advanced Research Projects Agency, the Intelligence 
Advanced Research Project Agency, and also in our military 
departments, to advance technologies such as improved hardware 
and software assurance tools for analyzing provenance and 
functionality; embedded sensors that can uniquely identify and 
track a device and whether any tampering has occurred; new 
microelectronics design techniques to enable transfer of 
production from one foundry to another, mitigating risk from 
losing access to a particular supplier; and the ability to 
disaggregate chip designs and manufacture subcomponents in 
different locations.
    Demonstration and transition of technologies such as these 
will augment the enduring foundations of program protection 
planning, supply chain risk management, systems security 
engineering, our DMEA, and the network of certified trusted 
microelectronics suppliers, and the federation of tools and 
expertise to evaluate hardware and software that are central to 
the Department's Trusted Systems Strategy.
    Thank you very much.
    [The joint prepared statement of Ms. Baldwin, Mr. Gudger, 
and Mr. Hamilton can be found in the Appendix on page 39.]
    Mrs. Hartzler. Thank you, Ms. Baldwin.
    And now last but certainly not least, Mr. Hamilton, very 
excited to see your show-and-tell that you brought as well.

    STATEMENT OF BRETT HAMILTON, CHIEF ENGINEER FOR TRUSTED 
 MICROELECTRONICS, NAVAL SURFACE WARFARE CENTER CRANE DIVISION

    Mr. Hamilton. Thank you, Madam Chairwoman Hartzler, Ranking 
Member Speier, members of the committee. I appreciate the 
opportunity to come before you today to testify about our 
efforts related to microelectronics assurance.
    So microelectronics hardware provides the root of trust for 
many DOD [and] intelligence community systems. It is absolutely 
critical that this hardware be both trustworthy and reliable to 
perform as designed when needed. This is a critical national 
issue as trustworthy microelectronics hardware is also 
prevalent in many vital areas of the global economy, such as 
energy, transportation, banking, and commerce industries.
    The Joint Federated Assurance Center laboratories, referred 
to as JFAC, have a long history of assuring microelectronics 
integrity, including support of the Navy Strategic Systems 
Program and NSA's cryptographic systems. These government 
laboratories are unique in the expertise and the capability 
that address the malicious threat and have experience in 
safeguarding sensitive information relating to uncovered 
threats and vulnerabilities, specialized analysis techniques, 
and details of systems use.
    In order to better quantify the system risk, continued 
technical reconnaissance is needed to enable a more proactive 
stance in identifying potential vulnerabilities. Threats 
assessments can be greatly assisted by taking advantage of the 
capabilities of other government agencies, such as law 
enforcement and the intelligence community. The JFAC is 
exploring information-sharing opportunities with the 
intelligence, counterintelligence, and law enforcement 
communities to provide additional insight into the amount of 
risk associated with particular microelectronics components.
    For example, the Air Force Office of Special Investigation 
has made available select microelectronic components obtained 
through investigative liaison efforts for forensic analysis. 
The counterintelligence perspective enables a more thorough 
assessment of the threat.
    Microelectronics technology driven by the commercial sector 
is advancing at a very rapid pace. It is therefore critical 
that our JFAC labs establish technical capability in the area 
of emerging technology. For example, Naval Surface Warfare 
Center Crane has utilized Naval Innovative Science and 
Engineering R&D [research and development] opportunities and 
Naval Sea Systems Command capital improvement program to 
greatly enhance its microelectronics trust verification 
capabilities over the past few years.
    These capability enhancements also support the Navy's 
traditional failure analysis and high reliability 
microelectronics missions which require similar expertise and 
equipment. The capability is currently supporting the Navy's 
JFAC hardware assurance pilot program and several other 
programs of record in the area of trusted assurance, including 
extensive work with the Strategic Systems Program and 
Integrated Warfare Systems.
    Access to design information is very important to the 
ability to cost effectively perform independent verification of 
microelectronic components. If these files and other design 
information are delivered to the government as one of the 
deliverables in a contract, the time and cost to verify these 
components can be minimized. The term ``acquire to verify'' has 
been coined to promote this idea.
    JFAC members are compiling lessons learned from current and 
recent design efforts to generate a general design guide that 
will include best practices to support independent verification 
for trust assurance.
    It is also critical to establish and maintain relationships 
with microelectronic manufacturers. This is particularly 
important in the case of commercial parts where the design 
information is held by these manufacturers. A few such 
relationships have been fostered by DOD organizations, and they 
have proven to be very beneficial to trust verification 
efforts.
    Not only is the semiconductor manufacturing environment 
evolving, but so is the threat. There is a growing concern 
pertaining to unauthorized remanufactured parts, often referred 
to as clones, which not only pose a potential malicious threat, 
but also reliability concerns, as very poor quality has been 
observed in these parts.
    Finally, there has been an alarming increase in the number 
of academic publications discussing the implementation of 
hardware Trojans. Therefore, we must stay vigilant and evolve 
our approach to ensure trust in such a dynamic environment.
    Thank you. And I welcome your questions.
    [The joint prepared statement of Mr. Hamilton, Mr. Gudger, 
and Ms. Baldwin can be found in the Appendix on page 39.]
    Mrs. Hartzler. Thank you, Mr. Hamilton.
    I would just start with you. You brought some examples 
there. Do you want to share a little bit about those, why you 
brought them, and what the implications to our hearing today?
    Mr. Hamilton. Okay. The first example that I will pass up 
for you to examine is a traditional microcircuit, where we 
actually opened up the lid so you can see what is inside. So 
that particular part was from an actual counterfeit 
investigation that we did.
    So that particular part is about a 15-year-old design. It 
was designed in 250 nanometers. So that is the actual size of 
the transistors in there. State of the art now is 10 nanometer. 
So that particular part there has probably around a million 
transistors in it. The current record for the most transistors 
in a commercial part is a Xilinx FPGA [field programmable gate 
array], which has 20 billion transistors.
    So Ranking Member Speier mentioned 1,000 transistors in a 
device. So think about trying to find 1,000 transistors out of 
20 billion if someone wanted to do something bad to a part like 
that. So it is a technical challenge, but there is work going 
on to try to address this through technical means.
    The second board is just a representation of a circuit 
board. And there was some mention of interest in 3D ICs [three-
dimensional integrated circuits] and die stacking. So in this 
particular case, these are the individual integrated circuits 
on the board.
    In die stacking, those individual dies are stacked on each 
other into one package, and it greatly enhances the density. We 
have been seeing these in our laboratory, especially in flash 
memory and devices like that for the commercial sector where 
they want to pack as much memory as they can into your digital 
camera and things like that. But this technology is starting to 
show up in a much broader spectrum to increase performance and 
help scale the technology.
    Mrs. Hartzler. What can you do maliciously with one 
transistor?
    Mr. Hamilton. With one transistor, you could make something 
fail possibly, and denial of service. That is the simplest kind 
of tack. So the hidden kill switch gets a lot of attention. To 
do something to that level, you would have to have a lot of 
information about the design. If you don't know much about the 
design and you just wanted to do something to cause random 
problems, intermittent failures, then a single transistor 
failing could potentially take that integrated circuit down.
    Mrs. Hartzler. Wow. Okay. What is next?
    Mr. Hamilton. So here is another integrated circuit. And 
this is an example of one without the lid opened up, and it is 
what is called a ball grid array. So you see the back, those 
little bitty solder balls?
    Mrs. Hartzler. Yes.
    Mr. Hamilton. That is placed onto the printed circuit 
board, and then the whole thing is heated up, and they all just 
make contact at one time.
    That particular part, I don't remember exactly how many 
solder balls that has. I would say probably around 80 or 90. 
But there are parts now that have 1,000 of those solder balls 
on there. The complexity of these microelectronics is amazing.
    Mrs. Hartzler. Really is. Next?
    Mr. Hamilton. So the last example is just another circuit 
board, a little bit newer version. Some of the parts there have 
the different kinds of bonding package. That particular part 
also has a fan on it. A lot of our focus has traditionally been 
on the very critical parts. One thing important is that we have 
to look at this as a system approach, and every part in the 
system is critical to a certain degree. Otherwise it wouldn't 
be in the system.
    Mrs. Hartzler. So we only have one foundry in our country 
that puts this together, right, the foundry that IBM had--that 
is now sold?
    Mr. Hamilton. So the foundry makes the integrated circuits. 
They make the chips.
    Mrs. Hartzler. Okay. Gotcha. Actually puts it together.
    So as co-chairman of the Joint Federated Assurance Center, 
what challenges and risks do you assess may affect DOD's access 
to assured and secure microelectronics in the future?
    Mr. Hamilton. Well, that is a tough question. I think to a 
certain degree the purpose of JFAC is going to be to perform an 
independent verification of the microelectronics no matter what 
the source. So a lot of the parts that enter the DOD today 
aren't from the IBM Trusted Foundry. They are COTS [commercial 
off-the-shelf] parts. If you look in the Navy systems, we buy 
racks and racks of circuit boards that are used in the systems.
    So the challenge is to come up with tools and techniques 
that can be used broadly across this. And that is where the 
working with the other communities of interest is important to 
help us better focus where we need to apply our limited 
resources to do these deep technical assessments.
    Mrs. Hartzler. Do you feel confident now that there are 
systems in place to be able to do an in-depth analysis of that?
    Mr. Hamilton. There are systems in place to do it on a 
limited basis. We actually, for some of our customers and 
sponsors, we have been doing this work for years. To try to 
spread it to the bigger DOD is a challenge because we just use 
so many microelectronics.
    And I like to say we can't really test our way out of this 
problem. We can't test and screen the hundreds of thousands of 
microelectronics that we use in DOD. So we have to be very 
smart and selective where we look and understand the threat and 
realize that really what we are doing is a threat assessment.
    We are always going to have a threat, no matter what the 
source. So the question is, how do we rank the threat and where 
do we put our resources where we think the threats are the 
highest or do things in the supply chain, other activities, to 
help reduce that threat.
    Mrs. Hartzler. Great. I have more questions, but I will 
come back to that and turn to Ranking Member Speier for her 
questions.
    Ms. Speier. Thank you, Madam Chair.
    What is driving the decline in the United States of the 
microelectronics industry and its migration to Asia?
    Mr. Gudger. Well, there are several factors. One is the 
cost. As the commercial markets are driving to newer, more 
state-of-the art needs, particularly in the consumer 
electronics and the mobile markets, it is a costly thing to 
update a fab [fabrication facility]. It is north of a billion 
dollars. Most fabs cost somewhere between $5 to $10 billion to 
update to a state-of-the-art space that they need to be 
competitive globally.
    So there are very few companies across the globe that can 
make that kind of investment and get the kind of yields they 
need in order to maintain a profitable business. And so you see 
a decline in new entrants because the barrier is so high and 
you see an exit of current entrants because it is better to 
partner with sources globally to compete, not just 
domestically.
    Ms. Speier. Any other comments?
    Ms. Baldwin. The United States is overall a net exporter of 
semiconductors. And so we need to understand that there are 
leading-edge capabilities and those foundries can take great 
investment to maintain and to operate. But largely, and with 
many of the capabilities that the Department of Defense 
systems, the U.S. Government systems use, as Brett mentioned, 
multiple types of microelectronics technologies are used in our 
systems. And so there is a spectrum of capabilities and 
production capabilities still in the United States.
    And so you need to distinguish the cost of the major fabs 
that have gone from--over the past 10 years the number of 
leading-edge foundries has drawn down from then about 10 major 
foundries to now we have about 4. And in comparison, we have 
got multiple capabilities of domestic manufacturing at other 
state-of-the-practice nodes and other technology types.
    Ms. Speier. Well, if we believe that this is a national 
security risk, which I think we could certainly make the 
argument that it could be, isn't it in our best interest to 
maintain a foundry or supplier here and do whatever is 
necessary to make sure that their bottom line is reasonably 
successful so that the manufacturing continues to be done 
locally?
    Ms. Baldwin. We do agree that there is a long-term need for 
a trusted supplier, a network of trusted suppliers, just like 
we have established. And we are taking action to make sure that 
we maintain that access.
    Ms. Speier. So what are the actions you are taking? We have 
one foundry that has now been sold to a non-U.S. company and it 
is unclear whether or not they are going to keep manufacturing 
here. What are you doing to make sure that that does not get 
exported?
    Mr. Gudger. Well, just a couple points of clarity. There 
are more than one foundry in the United States, and there are 
more than one trusted supplier in the United States. There are 
over a dozen trusted suppliers in the DOD network.
    Yes, it is in the U.S. interest to maintain as much of the 
current and legacy capability in the United States as possible. 
But we are also looking to make investments in the future where 
technology is driving which gives us a different view. And so 
trust network as we know it today may look much different as we 
design for security throughout all of our major weapon systems 
and how we bring a consistent way of approaching 
microelectronics and future technologies and innovation into 
those major weapon systems.
    So there is a lot of programs that I use out of my office, 
particularly the Defense Production Act, Title III, that we 
have used, and we have funded many chip technology programs and 
made the investment, along with industry, to develop and 
maintain the capacity. We have used our Industrial Base 
Sustainment Fund to fund companies to keep design skills and 
engineering tradecraft moving forward. And so we will continue 
to look at those both as a part of the short-term, mid-term, 
and long-term strategy for the United States.
    Ms. Speier. You know there is a lot of companies that have 
offshored a lot of money that they would like to repatriate. 
And I would think this would be a great opportunity to allow 
companies who are so inclined to repatriate their money if it 
were to go to manufacturing of microelectronics, because we 
could make the case that it is a national security issue.
    Ms. Mak, do you have any thoughts on that or any other 
incentives we can create for companies?
    Ms. Mak. I think, like you said earlier, why it was going 
offshore, there are so many other countries that have 
industrial base strategies that include more strategic 
investments, that encourage critical industries and innovation, 
where here in the defense industrial base it is much more 
reactive instead of proactive. So if there is more thought in 
terms of why do we wait until it is a potential crisis before 
we actually start coming up with alternatives, then that 
applied in this particular case with microelectronics.
    As to what DOD could do in this particular case, we tend to 
rely on the market to be able to figure out the best strategy. 
DOD has so little influence on the market when it comes to 
microelectronics, so this may not have been their best 
strategy.
    I think part of the issue was when we talked about leading-
edge microelectronics, there wasn't a sense of urgency when 
Defense Science Board first brought it up. IBM has been 
renewing the contract. It has been always there. DOD was 
addressing the risk because IBM was there. And if earlier steps 
had been taken to address some of the alternatives that they 
are considering now, we may not be in the same situation, 
especially when it comes to cost, because now you have all the 
cost that has to be addressed as soon as possible versus spread 
out over time.
    Ms. Speier. All right. Madam Chair, I yield back.
    Mrs. Hartzler. Thank you.
    Mr. Scott from Georgia.
    Mr. Scott. Thank you, Madam Chair.
    And you will have to forgive me. This is certainly an area 
that is outside of my area of expertise by a long shot.
    But GlobalFoundries was owned by IBM and they sold them. Do 
I understand that correctly?
    Mr. Gudger. No. IBM sold part of its microelectronics 
business to GlobalFoundries.
    Mr. Scott. To GlobalFoundries. Okay. All right. And 
GlobalFoundries has factories in many countries, Singapore 
and----
    Mr. Gudger. And Germany and in the State of New York.
    Mr. Scott. And then the U.S. companies that we have left I 
would assume would be Intel. Who would the others be that are--
--
    Mr. Gudger. Yeah. There is other very good U.S.----
    Mr. Scott. Micron.
    Mr. Gudger. Micron. We have had Freescale, Photronix. 
Cypress is here in the room. And there is others. I don't want 
to single out any one because there is so many suppliers in 
this area.
    Mr. Scott. Okay. But you do have a tremendous number of 
suppliers, it is just that we don't have that many who are 
trusted suppliers. Is that where the problem is coming in?
    Ms. Baldwin. So right. If I can just categorize. The 
leading-edge suppliers, that was the role that the IBM and now 
GlobalFoundries foundry was fulfilling. Our trusted supplier 
network, if I can just refer to my opening statement, we have 
72 that are accredited trusted now suppliers. Twenty-two of 
those can provide full-service foundry operations similar to 
what the IBM Trusted Foundry was able to provide.
    Mr. Scott. Okay. And so in many instances when we contract 
with a private vendor to build a weapons system, for example, 
we have DOD employees that are on-site at that manufacturer to 
double-check and to look at quality control and make sure that 
there are no problems there. Are we doing that with the 
foundries as well, are we checking the chips once they come to 
us? How do we do that with regard to--are we on-site, in other 
words, at the foundries?
    Ms. Baldwin. No. Great question. Part of this accreditation 
that the Defense Microelectronics Activity does is works with 
these companies that are interested in becoming trusted 
suppliers and certifies that those companies are able to 
process classified information as well as unclassified 
information and that they possess the right checks and 
balances, that they can provide an assured chain of custody, 
that they have processes in place to ensure that there would be 
no threats related to disruption of the supply, that they have 
processes in place to prevent intentional or unintentional 
modification of the designs during the manufacture or the 
services that that supplier is providing, and that they protect 
the design information from any reverse engineering or other 
exploitation to prevent the loss of that U.S. technology.
    And that is the process by which these suppliers that wish 
to become accredited must go through, and the DMEA inspects 
that capability.
    Mr. Scott. And so for the suppliers who want to become 
accredited, one of the challenges with doing business with the 
government is that if you are a small business, it becomes such 
a large percentage of your volume that if you ever lose the 
contract it would effectively bankrupt you.
    And so what is the average volume that we spend with one of 
these suppliers? And do we do multiyear buys or is it something 
where we just every 12 months we do a new contract?
    Ms. Baldwin. Right. So when we accredit one of these 
suppliers, these are suppliers that provide services on a 
regular basis to broader than just the DOD. So we basically 
give them sort of a seal of approval, if you will. And then 
many of the suppliers actually see it as a competitive 
advantage, you know, because they have been through this rigor, 
and it actually can have the effect of potentially increasing 
their future business space.
    Mr. Scott. But it would take a billion dollars to build a 
small foundry?
    Ms. Baldwin. Correct. As you go down into the technology, 
as you increase the technology, as you move down the Moore's 
Law of these sizes of these microelectronics components that 
Mr. Hamilton was describing, the cost to maintain those 
foundries increases exponentially. So that leading-edge foundry 
is the one where we were talking about, that is in the billions 
of dollars to maintain and operate, because in order to be able 
to produce the yield of microelectronics that are useable, you 
have to have a certain amount of production that is running 
through that foundry.
    Mr. Scott. Sure.
    Ms. Baldwin. It operates 24/7. And I would just say again 
that the DOD and the U.S. Government orders for that don't rise 
to that level. We have typically low-volume orders. Which is 
why looking forward we need to find ways that we can--
technologies, new approaches to be able to make use of more 
commercial sources, because that would allow us to protect our 
designs and our IP [intellectual property] and ensure that the 
microelectronics would perform as intended, but also enable us 
a much broader set of options so we are not narrowly focused on 
a sole source supplier, because we recognize that that is not a 
good risk posture.
    Mr. Hamilton. If I could just add one thing to that. So in 
this recent Chip Scale magazine, there is a chart that plotted 
the escalating design costs for custom ASICs manufactured at 
state-of-the-art technology node, which is estimated to be over 
$300 million for a 10-nanometer design. This makes COTS a very 
appealing approach to program managers where performance is a 
driver, especially given the performance exhibited in 
commercial FPGAs, an industry that is pushing state of the art.
    Basically the FPGA manufacturers are pushing state of the 
art, and they are using these twenty-eight 14-nanometer nodes, 
because they have enough volume that they can take the $300 
million design cost. The problem is there aren't that many DOD 
programs that can afford to put $300 million into a single 
design. There are cases potentially where a common part could 
be used across multiple programs and then you might be able to 
do something like that more cost-effectively.
    Mr. Scott. Thank you for being here. I have an appointment 
in my office, so I will be missing the rest of the meeting. But 
thank you for what you have done.
    Mrs. Hartzler. Thank you, Mr. Scott.
    Ms. Graham from Florida.
    Ms. Graham. Thank you, Ms. Chairman. I appreciate it very 
much.
    And thank you for you all being here today. I really 
appreciate it.
    This is kind of scary. So I have a question. Really what I 
would like to know, I mean, how reliant are we on these 
microelectronics? What is our level of risk? It seems like 
there aren't many systems that aren't exposed. And I have a 
follow-up question after that one.
    Ms. Baldwin. So we are very reliant on microelectronics, 
and it is not only these ASIC chips that we have been talking 
about, but multiple types of microelectronics components. Mr. 
Hamilton just mentioned FPGAs as an example.
    I think a point that I would like to make is that it takes 
a spectrum of risk-reduction measures. In some cases we would 
want to restrict where we procure that item, from only a 
trusted supplier. In some cases another option is to be able to 
evaluate the component or the software that is contained in 
that component, because in an FPGA [field programmable gate 
array]--there are no FPGAs that are made onshore. The two major 
FPGA companies are U.S. companies, but they fab offshore.
    But when you take a look at what the risk is of an FPGA 
device, that is largely in the software, because that is a 
reprogrammable device, which means that regardless of where I 
might manufacture that device, I can change the software. And 
so if an adversary wanted to have an effect and could get 
access to that software, which is all very difficult to do, but 
it is a real opportunity, then the threat comes in making sure 
that the software that is programmed on that device is assured. 
And so then we want to bring to bear additional software 
evaluation tools, and we are doing that as well.
    We may also want to design our systems. I mentioned the 
approach of system security engineering, because we realize 
many of our systems do need to use commercial devices, and we 
absolutely do, for reasons of cost and functionality. But we 
are able to design our systems with architectures in a way that 
we don't use those commercial components necessarily in sort of 
the core or heartbeat of the system, that critical portion of 
the system.
    So the way that we approached, the way that we built this 
trusted system design strategy, the methodology that our 
programs go through and our engineers go through is to sort of 
decompose the system and understand the functions of that 
system, and then allow us to focus on what are the critical 
components. And then for those critical components, select from 
a menu of opportunities, risk-reduction opportunities, which 
could be procure from a certain supplier, test it through 
laboratories, and equipment and tools like we have assembled, 
or architect the system in such a way that if that component is 
a bad component, it will not have the overall effect to degrade 
the operation of the performance of the system. So we could 
have sensors on the system that would just shut that part of 
the system down. So there is a menu of options that we have.
    Ms. Graham. Thank you very much. That was a very thorough 
answer, and I really appreciate it.
    Ms. Mak, you mentioned the potential of possibly bringing 
this within DOD. I don't want to violate any security, clearly, 
in an unclassified hearing. But is that, based on what Ms. 
Baldwin just said, is that something considering the private 
sector's innovation or would we be able to compete, or is this 
something that we are sort of tied to because of the need to 
have that innovation that is available in the private sector?
    Ms. Mak. I think the opportunities to compete are 
definitely there, but let me make it clear, for the FPGAs that 
have been discussed, those are offshore, those are commercial 
uses, it is not in a trusted environment. When we are talking 
about leading-edge technologies that are in mission-critical 
defense systems, it has to be in a trusted environment, so that 
means the offshore companies, it doesn't even qualify. So it is 
going to take a lot of time and it is going to take a lot of 
cost.
    I mean, we have talked to several major defense 
contractors, and their concerns were that even if there was a 
supplier that could meet leading edge at this point, which is 
not, except for IBM and now GlobalFoundries, if it could, it 
would take them significant time, talking about years, and 
significant cost, talking at least millions, to do redesign 
work to be able to work with those suppliers, assuming that 
they exist.
    Ms. Graham. Okay. I am about out of time, so thank you very 
much. I would just say that I think the conclusion is that we 
just need to make sure that our public-private partnerships, 
that the threat level is, whether it is in the supply chain or 
just in general, keeping track of the threat assessment, and we 
are focused on that on a regular basis.
    I am sorry, Ms. Chairman, I will conclude with this. My son 
is a computer engineer, so I understand the importance of the 
microelectronics. And if we are not certain that our 
microelectronics are secure, our system is not going to be 
secure.
    So thank you very much. I yield back what time I don't 
have, Ms. Chairman.
    Mrs. Hartzler. All right. That is okay. Well said. Maybe 
your son can help solve this problem. So that is very good.
    I wanted to go back to you, Ms. Baldwin, though. You 
mentioned there were 72 trusted suppliers, and that may be 
true, but not leading-edge suppliers. There was one, IBM, which 
has been sold. And so how are you going to make up for that 
shortfall?
    Ms. Baldwin. So we have been work looking into this 
situation obviously for some time now. And when you look at the 
types of leading-edge technologies that the IBM foundry was 
providing, it was over a series of technology nodes. They had a 
series of products that we could acquire through that one 
foundry. And there was no single provider that was available 
domestically that could replace, no one single source that 
could replace all of those product lines.
    So finding number one is we knew we had to develop, we knew 
we had to take a look at a menu of options. So we are in the 
process of doing that right now. And we are in the process of, 
as has been mentioned, reaching out to the industrial base and 
really getting a sense of where they are going and taking all 
that into account.
    We also want to look at the future of the economics of the 
situation, and we do not want--the last thing we want to do is 
find ourselves in a similar situation of a sole source 
supplier. I think long term, the types of solutions that we see 
as being needed in this menu are we do need to have alternative 
sources for critical components. We do need to have a 
capability to evaluate microelectronics, because of this 
threat, so the types of labs that we federated are a continuing 
need. And we do think that there are technology opportunities 
to maybe allow us to take a look at this problem from a 
different standpoint.
    Some of the technologies that are being invested in right 
now by some of the performers that I mentioned before could 
potentially allow us to utilize different manufacturing 
sources, but still be able to protect our critical IP and our 
critical intellectual property and the functionality of the 
chip and provide that level of assurance just by the way--by 
these manufacturing processes and design techniques.
    Or these embedded sensors that we might be able to, if the 
technology is demonstrated and can transition, can really 
provide a chain of custody, so that we could potentially use a 
commercial source but then have an ability to control the 
critical design intellectual property domestically.
    And so it is these types of technologies. And so I think in 
summary, we see going forward that we must get out of this sole 
source problem that we are in right now and we must create a 
menu of options for the Department and its agency partners, and 
that is exactly what we are studying and seeking to do.
    Mrs. Hartzler. So this is happening right now, you are 
doing this study. You say over time--I know Mr. Gudger, you 
talked about doing a study that you are doing--but at this 
point in time our only foundry has been purchased, correct, by 
another--a leading-edge supplier. So we have all kinds of 
defense assets and platforms that are being built today.
    So how vulnerable and how big a problem is this right now, 
because we don't have a solution today, even though we have all 
kinds of platforms being manufactured?
    Mr. Gudger. Today, on the short term, we are getting 
essentially what we were getting prior to the acquisition. Part 
of what we worked through the interagency process when we 
evaluated this very complex transaction was its national 
security implication and could the Federal agencies and major 
weapon systems still have access to the critical technologies 
that we needed. And on the short term, the answer was we were 
able to come up with an agreement, a way to work through 
getting the Department and getting its brother and sister 
agencies the current access that they had by way of trust or 
something very close to trust.
    And that was part of the process in evaluating the 
acquirer's ability to become a trusted partner and, quite 
frankly, as Kristen said earlier, gain the halo effect to allow 
them to do business with the Federal Government.
    So we believe in the short term that we have addressed the 
short-term need and issue and we can continue to get what we 
need today and for the foreseeable next few years, but we are 
working in real time on what the future will look like. And the 
study is to address things beyond fiscal year 2017 and what the 
menu of options will be.
    Mrs. Hartzler. So your study looks for beyond 2017? But 
until then, you feel comfortable at this point----
    Mr. Gudger. Yes.
    Mrs. Hartzler [continuing]. That we will be able to access 
what we need.
    You mentioned, Ms. Baldwin, an accreditation process, that 
you are reaching out. So are you reaching out to these other 
suppliers and talking to them about how they can become 
accredited in defense-related work to become more trusted?
    Ms. Baldwin. Yes. Actually we work pretty regularly with 
industry associations, and several working groups have stood 
up. And that allows us a vehicle to communicate. So the 
existing trusted supplier network, we engage with regularly. 
And there has grown an industry consortium or working group 
through our National Defense Industrial Association, as an 
example, which is an opportunity for the Department and our 
agency partners and the services to meet with these industries. 
Yes. Thank you.
    Mrs. Hartzler. Ms. Mak, what are your thoughts on this 
strategy that DOD has presented for moving forward to maintain 
longer-term access to leading-edge microelectronics?
    Ms. Mak. I agree with what Ms. Baldwin talked about in 
terms of a menu of options. It is pretty much like a patchwork-
type approach, because what IBM offered was that wide spectrum 
of options to meet their needs. There are definitely trusted 
suppliers in the U.S., but they don't provide the leading edge. 
Could they get there? Potentially. It is going to cost and it 
is going to take time.
    I would like to go back to the one question that you 
mentioned earlier to clarify. With respect to the short term, 
from our work we found that the agreements that they went 
through, we are not convinced that they are going to be able to 
provide continued access even for the next year unless there 
are still discussions ongoing for that. So short term, it may 
be a bigger issue than we are acknowledging here, I think.
    Mrs. Hartzler. Okay. Thank you.
    Ms. Speier.
    Ms. Speier. Thank you, Madam Chair.
    I would like to go back in time. IBM had a 10-year 
contract, it had a sole source contract in a very rarefied 
position. Are we basically saying we didn't have a contract 
with them that was so ironclad that they would be required to 
maintain that operation in terms of providing leading-edge 
microelectronics as a component of that sole source contract? 
And why wasn't it for 30 years or 40 years? Was this a contract 
that was only for 10 years or was this a contract that was 
renewed every year so they were in a position to sell it? And 
they do business with us in lots of other areas, so why are we 
tiptoeing around this?
    Mr. Gudger. Well, I agree with you. I am in violent 
agreement with you. Back up. So IBM's contract was a 
competitive bid. What happened as a successful offerer, they 
became the sole supplier because they were the successful 
offerer on the competitive bid. It was for 10 years with 1-year 
options. And IBM found themselves in a very difficult place 
with this business, where they were losing a lot of money. I 
think in the last balance sheet they stated they were going to 
lose $750 million a year by maintaining the capability.
    And so having a contract with the U.S. Government and then 
forcing them to stay in business in something that they are 
losing money in, it is a very difficult balance. We don't have 
the tools and the authorities through the regulatory process, 
whether it is antitrust or foreign investment, to make anyone 
stay in business when they are losing money.
    And so they searched aggressively and they worked with 
GlobalFoundries to find a partner that they thought that they 
would still continue to need to get access from that they could 
have as a trusted supplier to them, not just to the Federal 
Government. And so I think those things went into the reason 
why IBM decided to exit the business and turn it over to 
GlobalFoundries, because they maintain a state-of-the-art 
facility not far from the ones that they--GlobalFoundries, that 
is--not far from the ones that they acquired.
    Ms. Speier. So when did they notify you that they were 
going to sell off the business?
    Mr. Gudger. I think the official notification happened in 
the second quarter of the calendar year of this year, that the 
official notification----
    Ms. Speier. So when were you first aware? When did they 
first tell you they were having trouble and that they needed 
some workout?
    Mr. Gudger. I am not sure on that answer. But the first 
that I heard about it was when they made the official 
announcement and filed with the interagency committee, is when 
it became real.
    Ms. Speier. Well, at some point, if it was a 10-year 
contract, you would start negotiating a new contract in year 8, 
right?
    Mr. Gudger. They still had multiyears left on the contract 
that they were maintaining. So it wasn't a year 8----
    Ms. Speier. I am not following you. I thought you said that 
it was a 10-year contract and at the end of the 10 years, they 
chose not----
    Mr. Gudger. No. We had just awarded the contract.
    Ms. Speier. What?
    Mr. Gudger. Yeah. We were about 2 years into it. And I will 
let Kristen pick up on----
    Ms. Speier. Wait a second. You are saying it was a 10-year 
contract and they were 2 years into it, and now they are not 
going to comply with the contract?
    Ms. Baldwin. It was a 10-year multi--it was an option 
year--it was a 10-year contract that was awarded with 10 
option--it was a 1-year contract with 10 option years.
    Ms. Speier. Oh, that is really smart, isn't it?
    Ms. Baldwin. There was--right.
    Ms. Speier. So you are saying that for something as 
important for our national security as leading-edge 
microelectronics, we were awarding a 1-year contract with 
options to renegotiate? So we were setting ourselves up----
    Ms. Baldwin. Right.
    Ms. Speier [continuing]. In a very bad negotiating 
position.
    Ms. Baldwin. That was what the offerer was willing to 
negotiate with the Department of Defense and that they were 
the--we did run a full and open competition, and they were the 
sole offerer.
    Ms. Speier. I thought you said there were two.
    Mr. Gudger. No.
    Ms. Speier. And that one went out of business or one----
    Mr. Gudger. I didn't say that.
    Ms. Baldwin. No.
    Ms. Speier. All right. So this foundry, this building still 
exists, right?
    Mr. Gudger. Yes.
    Ms. Speier. Because it cost so much money to create. This 
billion dollar facility exists?
    Mr. Gudger. Yes. Essentially, though, the two facilities 
that GlobalFoundries had acquired through this process still 
exist today and they still produce the products that the U.S. 
Government needs. It is just owned by a different company, 
GlobalFoundries. Many of the same processes, the same people 
are there. They acquired the assets from IBM.
    Ms. Speier. All right. I yield back.
    Mrs. Hartzler. Thank you.
    And we are taking votes, so you have the last question.
    Ms. Graham. No. Thank you. I have no questions.
    Mrs. Hartzler. So we very much appreciate you being here. 
This has been very enlightening, very concerning at the same 
time, but certainly raises the issue of how we need to address 
this for our national security. And I appreciate your efforts, 
all of you, to help in this endeavor as we move forward. So 
thank you so much for being here.
    And this will conclude our hearing.
    [Whereupon, at 4:56 p.m., the subcommittee was adjourned.]



      
=======================================================================




                            A P P E N D I X

                            October 28, 2015

=======================================================================

      



      
=======================================================================


              PREPARED STATEMENTS SUBMITTED FOR THE RECORD

                            October 28, 2015

=======================================================================

      

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]        
    

      
=======================================================================


              QUESTIONS SUBMITTED BY MEMBERS POST HEARING

                            October 28, 2015

=======================================================================

      

                  QUESTIONS SUBMITTED BY MRS. HARTZLER

    Mrs. Hartzler. You mentioned in your oral statement that DOD's 
Trusted Defense Systems Strategy did not address the risk of relying on 
a sole source provider. What more could DOD have done to prevent this 
situation?
    Ms. Mak. DOD has been aware of the risk of using a sole source 
supplier for about a decade, but did not begin to take actions to 
assess and address this risk until late last year when IBM announced 
the proposed transfer of its microelectronics fabrication facilities to 
GlobalFoundries. Had DOD taken actions earlier, investments in 
alternative suppliers may have reduced the risk programs now face due 
to potential gaps in availability for specific technologies.
    Mrs. Hartzler. What are your thoughts on the strategy DOD has 
presented for moving forward to maintain longer-term access to leading-
edge microelectronics?
    Ms. Mak. GAO is in the process of reviewing DOD's strategy as part 
of our ongoing work and will report our findings in mid-2016.
    Mrs. Hartzler. For DOD programs, is the purchase of all of the 
integrated circuits needed for a given technology, otherwise known as 
making lifetime buys, a possible alternative if access to former IBM 
leading-edge technologies is no longer available?
    Ms. Mak. Because the response involves sensitive or proprietary 
information, it is provided in a separate document marked ``For 
Official Use Only//Proprietary Information Involved'' and must be 
protected from disclosure. (Document in Committee Possession.)
    Mrs. Hartzler. What commitments has GlobalFoundries provided to the 
U.S. Government regarding access to the trusted leading-edge 
microelectronics formerly provided by IBM, including the status of the 
contract between the U.S. Government and GlobalFoundries?
    Ms. Mak. Because the response involves sensitive or proprietary 
information, it is provided in a separate document marked ``For 
Official Use Only//Proprietary Information Involved'' and must be 
protected from disclosure. (Document in Committee Possession.)
    Mrs. Hartzler. Are other trusted suppliers able to provide 
technologies similar to the IBM technologies now provided through 
GlobalFoundries?
    Ms. Mak. As GAO noted in its report GAO-15-422RSU, as of August 
2014, in addition to IBM, there were 63 other trusted suppliers, 
including 15 with fabrication capabilities. These other suppliers do 
not have the leading-edge capabilities of IBM/GlobalFoundries (below 90 
nanometers), but provide access to a range of mature technologies.
    Mrs. Hartzler. What will it take for other trusted suppliers to be 
able to provide leading-edge microelectronics needed by DOD?
    Ms. Mak. Because the response involves sensitive or proprietary 
information, it is provided in a separate document marked ``For 
Official Use Only//Proprietary Information Involved'' and must be 
protected from disclosure. (Document in Committee Possession.)
    Mrs. Hartzler. For DOD programs, are there any near-term (within 3 
years) alternatives for the former IBM technologies?
    Ms. Mak. Because the response involves sensitive or proprietary 
information, it is provided in a separate document marked ``For 
Official Use Only//Proprietary Information Involved'' and must be 
protected from disclosure. (Document in Committee Possession.)
    Mrs. Hartzler. Are Field Programmable Gate Arrays (FPGAs) a 
possible alternative to the trusted microelectronics formerly provided 
by IBM?
    Ms. Mak. Because the response involves sensitive or proprietary 
information, it is provided in a separate document marked ``For 
Official Use Only//Proprietary Information Involved'' and must be 
protected from disclosure. (Document in Committee Possession.)
    Mrs. Hartzler. Is there anything DOD or the U.S. Government can do 
to incentivize the microelectronics industry to locate or maintain 
manufacturing on-shore in the U.S.?
    Mr. Gudger and Ms. Baldwin. The microelectronics industry is very 
capital intensive. DOD endorses public-private manufacturing 
partnerships that produce new and advanced manufacturing techniques and 
ecosystems on-shore in the U.S. DOD supports initiatives like the 
President's manufacturing institutes where DOD is investing hundreds of 
millions of dollars to incentivize and grow on-shore microelectronics 
manufacturing.
    DOD is concurrently working to remove barriers to commercial 
technology utilization in areas such as the microelectronics industry 
by seeking out novel and flexible acquisition authorities and practices 
that will allow microelectronics manufacturers to have speedier, less 
encumbered contracting with the Department.
    Mrs. Hartzler. Given GAO's assessment that access to leading-edge 
technology for DOD is uncertain, are there any actions that DOD is 
undertaking to communicate to DOD components, programs, and contractors 
regarding actions they should be taking to mitigate any potential risk?
    Mr. Gudger and Ms. Baldwin. The DOD meets regularly with industry 
associations and companies to promote the integrity of microelectronics 
and the supply chain that provides them. For example, the DOD 
participates in the National Defense Industrial Association (NDIA) 
Trusted Systems Steering Group, which represents the Defense 
Microelectronics Activity (DMEA)-accredited Trusted Suppliers, NDIA 
Systems Engineering Division, and the space community's Mission 
Assurance Improvement Working Group.
    Mrs. Hartzler. Is the Department considering lifetime buys or other 
near-term mitigation strategies, given the uncertainty of access? Is 
there an indication of the cost of these possible actions?
    Mr. Gudger and Ms. Baldwin. In a memorandum dated November 13, 
2015, the Assistant Secretary of Defense for Acquisition asked the DOD 
Component Acquisition Executives, National Reconnaissance Office, and 
National Security Agency to adjust Fiscal Year (FY) 2018 through FY 
2020 budgets to accommodate Life Time Buys (LTBs) of at-risk Trusted 
microelectronic products and avoid costly program disruptions. DOD 
acquisition programs are considering the use of LTBs of at-risk Trusted 
microelectronic products, as well as other options, to address the risk 
of loss of access to Trusted microelectronic technologies. This 
analysis is done on a case-by-case basis, and includes the cost-benefit 
of LTBs of production-ready application-specific integrated circuit 
(ASIC) designs versus the redevelopment of ASICs using alternate design 
and foundry technologies and any components using those ASICs. In many 
cases, dollars are programmed in future years for these ASICs.
    In addition, the DOD is in the process of expanding DMEA's 
capabilities to fabricate ASICs.
    Mrs. Hartzler. What is the status of DOD access to former IBM 
technologies, and how long is that access expected?
    Mr. Gudger and Ms. Baldwin. DOD has uninterrupted access to all 
pertinent IBM technologies that were commercially available prior to 
the transaction. The contract with IBM was novated to GlobalFoundries 
U.S. 2, LLC (GF2) to prevent any interruption in access. According to 
the existing contract and other methods, the access to former IBM 
technologies is assured through June 2017 with an option to extend. DOD 
is currently negotiating a new multi-year manufacturing contract which 
will assure longer-term supply of former IBM technologies.
    Mrs. Hartzler. Will DOD maintain any government purpose rights to 
IBM leading-edge technology semiconductors after the year 2017? If 
possible, how could that arrangement be implemented?
    Mr. Gudger and Ms. Baldwin. DOD's access to IBM leading-edge 
technology will continue beyond 2017, provided a new manufacturing 
contract is executed with GlobalFoundries U.S. 2, LLC (GF2). To assure 
long-term supply, DOD is working with GF2 to transfer the intellectual 
property for certain technologies to DMEA and/or to alternate 
foundries.
    Mrs. Hartzler. What is the potential effect to DOD programs in 
terms of cost, schedule or performance if current access to trusted 
leading-edge technologies is lost?
    Mr. Gudger and Ms. Baldwin. A recent survey of USG customers using 
the National Security Agency Trusted Access Program Office contract 
revealed that 139 programs were using the GlobalFoundries U.S. 2, LLC 
(GF2) Trusted Foundry, and 120 (86%) of them required Trusted services. 
Therefore, the total cost and schedule effect from losing access to 
Trusted microelectronics would be significant; roughly estimated in 
$100s of millions.
    Mrs. Hartzler. What actions has DOD taken or is planning to take to 
mitigate the near-term risk of loss of access to former IBM 
technologies?
    Mr. Gudger and Ms. Baldwin. DOD has taken prudent steps to assure 
access to all pertinent IBM technologies that were commercially 
available prior to the transaction. The contract with IBM was novated 
to GlobalFoundries U.S. 2, LLC (GF2) to prevent any interruption in 
access. According to the existing contract, the access to former IBM 
technologies is assured through June 2017 with an option to extend. DOD 
is currently negotiating a new multi-year manufacturing contract which 
will assure longer term of supply of former IBM technologies.
    The Department is considering its near- and long-term Trusted 
Foundry options and alternatives to address supply chain risks and 
preserve state-of-the-art microelectronics access and trust. Recent and 
ongoing studies are providing the basis for budget proposals and future 
investments, which are currently being evaluated by Department 
leadership.
    In addition, the Department has formed a federation of technical 
experts and laboratory capabilities. The Joint Federated Assurance 
Center (JFAC) supports programs throughout their life cycle by 
providing microelectronics expertise, capabilities, guidance and best 
practices for mitigating risks associated with preserving access and 
trust.
    Mrs. Hartzler. What assurances, if any, does the Department have 
from GlobalFoundries that they will remain a Trusted Supplier?
    Mr. Gudger and Ms. Baldwin. DMEA has granted an interim Trusted 
Supplier accreditation for facilities acquired from IBM. According to 
the existing contract, the former IBM foundries are required to remain 
a Trusted Supplier until March 31, 2016. DOD is currently negotiating a 
new multi-year manufacturing contract with GlobalFoundries U.S. 2, LLC 
(GF2) to remain a Trusted Supplier.
    Mrs. Hartzler. Were DOD's national security concerns adequately 
addressed in the CFIUS process?
    Mr. Gudger and Ms. Baldwin. DOD is a member of an interagency 
process and can present any national security concerns it deems 
important regarding a transaction to the Committee that may cause 
concern.
    Mrs. Hartzler. Is DOD monitoring China's efforts to acquire U.S. 
semiconductor companies (including GlobalFoundries), and what steps is 
DOD taking to ensure the security of the U.S. semiconductor industrial 
base?
    Mr. Gudger and Ms. Baldwin. DOD actively identifies and tracks 
foreign acquisitions of U.S. companies. This includes tracking the 
Chinese government's public initiatives to develop a self-sufficient 
domestic semiconductor industry and its plan to encourage foreign 
acquisitions as part of its strategy. If needed, DOD could utilize its 
membership on CFIUS to evaluate a Chinese acquisition of a U.S. 
semiconductor company for national security concerns. DOD has seen and 
is monitoring public reports regarding China's interest in 
GlobalFoundries. Furthermore, DOD has regular engagements with 
GlobalFoundries U.S. 2, LLC (GF2), as a Trusted Supplier, and has 
discussed these public reports. As a cleared defense contractor, GF2 is 
required to report to DOD any potential foreign acquisition of its 
cleared facilities.
    Mrs. Hartzler. Are there industrial base options for unique 
technologies that IBM supplied as a sole-source?
    Mr. Gudger and Ms. Baldwin. The microelectronics industrial base, 
while undergoing rapid consolidation, continues to maintain 
capabilities across the spectrum of DOD requirements. In specific 
instances where IBM supplied unique, sole-sourced technologies, the 
industrial base possesses capabilities that can be cultivated to fill 
technology gaps or develop different solutions to address the need.
    Mrs. Hartzler. Is there anything DOD or the U.S. Government can do 
to incentivize the microelectronics industry to locate or maintain 
manufacturing on-shore in the U.S.?
    Ms. Baldwin. The microelectronics industry is very capital 
intensive. DOD endorses public-private manufacturing partnerships that 
produce new and advanced manufacturing techniques and ecosystems on-
shore in the U.S. DOD supports initiatives like the President's 
manufacturing institutes where DOD is investing hundreds of millions of 
dollars to incentivize and grow on-shore microelectronics 
manufacturing.
    DOD is concurrently working to remove barriers to commercial 
technology utilization in areas such as the microelectronics industry 
by seeking out novel and flexible acquisition authorities and practices 
that will allow microelectronics manufacturers to have speedier, less 
encumbered contracting with the Department.
    Mrs. Hartzler. Is there anything DOD or the U.S. Government can do 
to incentivize the microelectronics industry to locate or maintain 
manufacturing on-shore in the U.S.?
    Mr. Hamilton. I defer this answer to the Office of the 
Undersecretary of Defense for Acquisition, Technology and Logistics.
    Mrs. Hartzler. Is the Joint Federated Assurance Center sufficiently 
resourced to handle current and the predicted future workloads, with 
sufficient and timely throughput, in assessing the security and 
authenticity of various microelectronics that will be used for DOD 
applications?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
    Mrs. Hartzler. Given GAO's assessment that access to leading-edge 
technology for DOD is uncertain, are there any actions that DOD is 
undertaking to communicate to DOD components, programs, and contractors 
regarding actions they should be taking to mitigate any potential risk?
    Mr. Hamilton. I defer this answer to the Office of the 
Undersecretary of Defense for Acquisition, Technology and Logistics.
    Mrs. Hartzler. Is the Department considering lifetime buys or other 
near-term mitigation strategies, given the uncertainty of access? Is 
there an indication of the cost of these possible actions?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
    Mrs. Hartzler. What is the status of DOD access to former IBM 
technologies, and how long is that access expected?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
    Mrs. Hartzler. Will DOD maintain any government purpose rights to 
IBM leading-edge technology semiconductors after the year 2017? If 
possible, how could that arrangement be implemented?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
    Mrs. Hartzler. What is the potential effect to DOD programs in 
terms of cost, schedule or performance if current access to trusted 
leading-edge technologies is lost?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
    Mrs. Hartzler. What actions has DOD taken or is planning to take to 
mitigate the near-term risk of loss of access to former IBM 
technologies?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
    Mrs. Hartzler. What assurances, if any, does the Department have 
from GlobalFoundries that they will remain a Trusted Supplier?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
    Mrs. Hartzler. Were DOD's national security concerns adequately 
addressed in the CFIUS process?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
    Mrs. Hartzler. Is DOD monitoring China's efforts to acquire U.S. 
semiconductor companies (including GlobalFoundries), and what steps is 
DOD taking to ensure the security of the U.S. semiconductor industrial 
base?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
    Mrs. Hartzler. Are there industrial base options for unique 
technologies that IBM supplied as a sole-source?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
                                 ______
                                 
                   QUESTIONS SUBMITTED BY MR. WILSON
    Mr. Wilson. Please tell me what your office is planning to do in 
the immediate term to harden the defense industrial base as it relates 
to the USG's need for microelectronics and semiconductors. Are there 
targeted investments that are being considered for FY16, or as part of 
the upcoming budget request?
    Mr. Gudger. DOD has a growing concern that the United States' 
technological superiority over potential adversaries is being 
threatened today in a way that we have not seen for decades. DOD 
recognizes that microelectronics and semiconductors are at the center 
of the threat with the remarkable leveling of the state of technology 
in the world, where commercial technologies with military applications 
such as advanced computing technologies, microelectronics, 
sophisticated sensors, and many advanced materials, are now widely 
available. The Deputy Assistant Secretary of Defense (DASD) for 
Manufacturing and Industrial Base Policy (MIBP), in conjunction with 
high priority Department initiatives, is working toward achieving 
dominant capabilities through innovation and technical excellence 
within the Department and specifically in the industrial base.
    For the integrated circuit, the fundamental building block of 
microelectronics, DOD is furthering its strength derived from the long-
standing link between the high-tech community and the United States 
Government (USG) using Manufacturing Innovation Institutes in areas 
like flexible hybrid electronics and integrated photonics.
    DOD is partnering with a consortium of 96 companies, 41 
universities, 14 state and local government organizations, and 11 
laboratories and non-profits--to establish a new Manufacturing 
Innovation Institute focused on flexible hybrid electronics. This is an 
emerging technology that takes advanced flexible materials for circuits 
with thinned silicon chips to ultimately produce the next generation of 
electronic products. DOD's $75 Million investment over five years in 
``Flexible Hybrid Electronics'' will be matched by $96 Million private 
``FlexTech Alliance'' funding. Partner organizations include industrial 
base players across the technology spectrum that differentiate using 
the world's most sophisticated technology, not the least of which is 
microelectronics capabilities.
    The Department stood up and is growing its Defense Innovation Unit 
Experimental (DIUx) specifically to scout for new technology and build 
a bridge to Silicon Valley. DIUx brings together the cutting-edge 
represented by the Silicon Valley tech industry and helps to foster the 
necessary open avenue between DOD and Silicon Valley.
    Mr. Wilson. The DOD seems to have been caught somewhat off guard by 
the IBM divesture and Global Foundries purchase, despite the fact that 
it had been rumored in the trade press for upwards of three years. 
Current industry trade press suggests that Chinese controlled entities 
may now be looking at purchasing a controlling share of Global 
Foundries. Are you aware of these industry reports? How are you 
planning for the impacts that this will cause? If a Chinese controlled 
entity were to purchase some or all of Global Foundries, what affect 
would that have on DOD plans for acquiring trusted microelectronics?
    Mr. Gudger and Ms. Baldwin. DOD has seen and is monitoring public 
reports regarding China's interest in GlobalFoundries. Furthermore, DOD 
has regular engagements with GlobalFoundries U.S. 2, LLC (GF2), as a 
Trusted Supplier, and has discussed these public reports. As a cleared 
defense contractor, GF2 is required to report to DOD any potential 
foreign acquisition of its cleared facilities.
    Commercial sources of Trusted microelectronics remain in inherently 
unpredictable and constitute a continued supply chain risk despite USG 
investments. The Department is considering long-term Trusted Foundry 
options and alternatives to address its supply chain risk and preserve 
leading-edge microelectronics access and trust. Experts from across the 
community contributed to the recommendations to ensure continued access 
to advanced microelectronics while retaining the ability to employ them 
in a trusted manner. A portfolio of innovative technology solutions and 
business models is under review.
    Mr. Wilson. What functionality might be lost by prematurely moving 
to smaller design nodes and how does this impact the health of the 
industrial base given the reality that large geometries exist 
domestically and small geometries exist mostly overseas?
    Mr. Gudger and Ms. Baldwin. Although there are significant upsides 
to designing and manufacturing at smaller node sizes, the impact of 
shifting between nodes varies by system. Smaller node sizes would 
particularly benefit those systems that require high processing 
efficiencies. Many consumer electronics are therefore aggressively 
pushing towards more advanced nodes. Military systems that analyze 
large data sets in real-time, such as radar and electronic warfare 
systems, also depend on advances in technology node. More advanced 
nodes also benefit systems requiring difficult computational tasks with 
reduced size, weight, and power requirements, a critical metric for 
tactical systems including unmanned aerial vehicles and soldier-borne 
equipment.
    The transition between nodes, however, could require that DOD 
replicate or port functionalities designed for less advanced nodes in 
order to apply them at more advanced nodes. In addition, jumping to 
advanced nodes can potentially sacrifice analog performance in certain 
systems. DOD will therefore need a suite of options, from smaller high-
performance nodes to less advanced nodes, to meet the needs of its 
various systems.
    DOD is investing in concepts that utilize existing onshore 
fabrication facilities at less advanced nodes while providing advanced 
capabilities. However, the volume of electronic components purchased by 
DOD is very small. As a result, healthy foundries increasingly depend 
less on DOD as a primary revenue source and more on global commercial 
demand.
    Mr. Wilson. What would the approximate cost (rough order of 
magnitude) be of trying to establish domestic foundry capabilities for 
integrated circuits in the 65 nm to 45 nm node size range, or to up gun 
the capabilities for one of the other existing domestic foundries for 
capacity in that range?
    Mr. Gudger and Ms. Baldwin. The cost to establish such a facility 
would be roughly $500 Million to $2 Billion, depending upon the 
existing infrastructure.
    Mr. Wilson. With respect to the program itself, it was indicated 
that there are 72 partner companies within the trusted supplier 
program. However, it is my understanding that there are only four 
foundry companies in the program with others addressing other aspects 
such as design and packaging. What are the impacts of the limited 
number of foundry companies? Given the limited number, how might we use 
these companies to mitigate the risk of further capability loss?
    Ms. Baldwin. There are 72 Trusted Suppliers within the DOD Trusted 
Supplier program that provide trusted services across the application-
specific integrated circuit (ASIC) supply chain. Fifty of those Trusted 
Suppliers provide trusted design, aggregation, mask manufacturing, 
post-processing, packaging/assembly and/or test services. Twenty two of 
those Trusted Suppliers are Trusted Foundries, i.e., semiconductor 
manufacturers. There are three domestic foundries, i.e., 
GlobalFoundries U.S. 2, LLC (GF2), Intel Corporation, and Samsung, that 
produce state-of-the-art microelectronics, one of which is part of the 
Trusted Supplier program, i.e., GF2. The DOD will continue to rely upon 
the Trusted Supplier network, but is also considering additional 
solutions and business models to mitigate the risk of sole sources of 
supply, and further capability loss.
    Mr. Wilson. How would you characterize the effectiveness of 
DODI#5200.44 and the enforcement of Program Protection Plans for most 
suppliers?
    Ms. Baldwin. Since the publication of DOD Instruction (DODI) 
5200.44, Protection of Mission Critical Functions to Achieve Trusted 
Systems Networks (TSN), November 5, 2012, the Department has mandated 
that program protection plans address the use of trusted 
microelectronics design and manufacturing suppliers and practices for 
ASICs that are DOD-unique. Risk to system trust is now managed 
throughout the entire system life cycle beginning with design and 
before the acquisition or integration of critical components into 
covered systems. Programs are integrating robust systems engineering, 
supply chain risk management, security, counter intelligence, 
intelligence, cybersecurity, and software and hardware assurance. DMEA-
accredited Trusted Suppliers report seeing an increase in interest in 
Trusted services from their customers since the implementation of DODI 
5200.44.
    Mr. Wilson. What is the approximate total annual Federal 
expenditure on Trusted Supplier contracts (including the take-or-pay 
contract)? What is the average cost of an integrated circuit within the 
program and how does this compare to other integrated circuits bought 
outside of the program?
    Ms. Baldwin. The recent total annual outlays to contractors for 
Trusted services is approximately $65 Million per year. The average 
cost per integrated circuit has a very large standard deviation due to 
the wide range of design sizes, manufacturing processes, and quantities 
of parts being ordered. For example, a 3mm x 4mm chip could cost less 
than $290 per good die in a dedicated prototype run using one process 
to over $3300 per device in a multi-project wafer run using an advanced 
process node.
    Products obtained through these contracts are comparable in price 
to what a similar volume commercial customer would pay if it contracted 
directly with the same foundry for similar services.
    Mr. Wilson. With respect to the program itself, it was indicated 
that there are 72 partner companies within the trusted supplier 
program. However, it is my understanding that there are only four 
foundry companies in the program with others addressing other aspects 
such as design and packaging. What are the impacts of the limited 
number of foundry companies? Given the limited number, how might we use 
these companies to mitigate the risk of further capability loss?
    Mr. Hamilton. Respectfully defer to DOD for official department 
response.
                                 ______
                                 
                   QUESTIONS SUBMITTED BY MR. HUNTER
    Mr. Hunter. Recently, Under Secretary Frank Kendall and you 
attended an event sponsored by Defense One, and during that event, he 
highlighted how integrated micro-electronics were an area of particular 
concern for the Department of Defense and how the Department was using 
a number of tools to ensure a reliable supply of these components to 
the Military Services and the Intelligence Community.
    a. What industrial base tools--such as Committee on Foreign 
Investment in the United States (CFIUS) reviews and the Defense 
Production Act (title I and title III)--has your office deployed with 
respect to micro-electronics, and what is the comparative effectiveness 
of these tools to achieving the objective of a reliable supply of 
micro-electronics?
    Mr. Gudger. The Department maintains awareness and conducts 
detailed analyses of domestic and global industry trends affecting its 
available capabilities. As part of its mission to ensure the 
maintenance of a healthy defense industrial base, including in 
microelectronics, the Deputy Assistant Secretary of Defense (DASD) for 
Manufacturing and Industrial Base Policy (MIBP) has a number of tools 
and authorities at its disposal to support the advancement of new 
enabling capabilities that aid in achieving a reliable microelectronics 
supply. The authorities support the health of the defense industrial 
base across the entire life cycle of DOD systems and consist of support 
for the development of emerging technologies, maturation of those 
technologies, manufacturing refinement, and effective sustainment:
      The Department assesses proposed mergers, acquisitions, 
and foreign investments involving defense-related companies and acts to 
mitigate identified issues. DOD's participation in the interagency 
merger and acquisition review processes is a tool that enables the 
protection of DOD's interests when required. The Department works 
cooperatively with the Department of Justice and the Federal Trade 
Commission on antitrust reviews of mergers and acquisitions (Hart-
Scott-Rodino) and serves as a voting member on the Department of 
Treasury-chaired CFIUS.
      The Department is supporting the development of new areas 
of the industrial base and cutting-edge manufacturing technologies 
through initiatives such as the National Network for Manufacturing 
Innovation. This emerging network of manufacturing institutes leverages 
public-private partnerships to reduce barriers to rapid and efficient 
development and commercialization of new manufacturing technologies. 
This innovative approach can enable the DOD Trusted Defense Systems 
Strategy by supporting flexible hybrid electronics and integrated 
photonics manufacturing institutes, which deliver new manufacturing 
capabilities in electronics.
      MIBP oversees the DOD Manufacturing Technology program 
which advances the development and application of advanced 
manufacturing technologies and processes DOD-wide. MIBP, through its 
Defense-wide Manufacturing Science and Technology program, helps to 
coordinate the manufacturing technology efforts of the DOD Components, 
which advances the DOD mission by reducing acquisition and support 
costs as well as manufacturing and repair cycle times across the life 
of DOD systems in a cost-constrained budget environment.
      Defense Production Act (DPA) Title III, which Congress 
reauthorized last year, gives MIBP the ability to use special economic 
incentives to develop, maintain, modernize, and expand the productive 
capacities of domestic sources for critical components, technologies, 
and industrial resources essential for the execution of the national 
security strategy of the U.S. In the field of microelectronics, 
Congress has provided funds that have allowed the Department to improve 
industry's ability to support the DOD's efforts to preserve and expand 
supplies of defense critical microelectronics.
      The Industrial Base Analysis and Sustainment (IBAS) fund 
provides the means to support critical, unique capabilities of 
companies in the defense industrial base with fragile business cases, 
preserve critical skills for technological superiority, and maintain 
reliable sources of strategic materials. In the microelectronics 
sector, IBAS has provided critical investments in research and 
development and qualification testing to develop Trusted technologies. 
These technologies include focal plane arrays to meet advanced imaging 
requirements for the space, ground and aviation sectors, as well as 
radiation-hardened microelectronics, and a specialized integrated 
circuit approach to ensure the preservation of strategic national 
security systems, such as the Trident missile in high-threat 
environments.
    Mr. Hunter. During the course of the hearing before the 
Subcommittee on Oversight and Investigation, multiple witnesses 
discussed the relatively recent sale of IBM's micro-electronics 
business to GlobalFoundries Inc. The owner of GlobalFoundries Inc. is 
the Mubadala Development Company PJSC, a sovereign wealth fund of the 
Government of Abu Dhabi.
    a. Since this transaction must have undergone a CFIUS review, what 
national defense risks to the Department of Defense and the 
Intelligence Community were evaluated during this process?
    b. What additional safeguards, if any, has the Department put in 
place at these former IBM facilities to ensure that export-controlled 
items, or the technology and manufacturing techniques that enables 
their production, are handled in an appropriate and lawful manner?
    Mr. Gudger. DOD is a member of CFIUS and can present any national 
security concerns it deems important regarding a covered transaction to 
the Committee. Due to the confidentiality requirements of CFIUS, the 
Department cannot confirm whether the IBM sale to GlobalFoundries U.S. 
2, LLC (GF2) was a covered transaction by CFIUS. Please contact 
Treasury as the Chair for CFIUS regarding any questions regarding 
CFIUS' reviews or decisions.
    All the stringent security measures in place prior to the 
transaction are still largely present, including Global Business 
Solutions (GBS), a business unit of IBM, continuing to provide security 
oversight. GBS was not part of the IBM sale to GF2 and remains under 
the control of IBM. In addition, the facilities under control of GF2 
currently have an interim facility clearance from the Defense Security 
Service (DSS) and an interim Trusted Supplier accreditation from the 
Defense Microelectronics Activity (DMEA), and are subject to all 
associated security requirements. Due to the foreign ownership of 
GlobalFoundries, DSS required additional security requirements to 
address visitation, export controls, collaborative business endeavors, 
etc. where there were any concerns.
    Mr. Hunter. If I understand the testimony before the subcommittee 
correctly, one compound risks confronting the Department of Defense in 
the micro-electronics space is that (1) micro-electronics are part of 
thousands of items that the Department of Defense buys, including many 
commercial items, but (2) the volume of micro-electronics that the 
Department of Defense buys is so small, relative to the commercial 
market, that it has little influence on market dynamics. Said another 
way, the ability of the Department to protect national security 
equities for micro-electronics through normal procurement practices is 
limited by the Department's market share.
    a. Has your office identified this trend--(1) many important 
defense uses for a particular material or component but (2) small 
defense demand relative to commercial markets--occurring in other 
industrial base sectors?
    b. How does your office address this trend differently from those 
industrial base sectors, such as binders and propellants for solid 
rocket motors, where the Department of Defense is the primary driver of 
demand and private investment?
    Mr. Gudger. Yes. The Department identified several sectors where 
defense-related demand is small compared to commercial demand, such as 
ground supply and transportation subsystems (transmissions, diesel 
engines, brakes, etc.); service sectors, such as medical, 
transportation, and construction; and solid rocket motor propellant 
components. However, the Department's purchase of these items does not 
approach the scale that we see with microelectronics since 
microelectronics are prevalent in almost all of the systems we buy. 
Unlike the examples cited above, the microelectronics industry is 
continuously evolving its technology, roughly every two years, thus 
requiring billion dollar investments in research and development and in 
new production facilities every couple of years. The rate of commercial 
technology advancement and the significant investment necessary to 
establish microelectronic production facilities creates barriers for 
new firms to enter the market. Accordingly, it is the combination of 
the Department's small market share, the rate of technology 
advancement, and the significant investment necessary to establish 
microelectronics production facilities that limit the Department's 
ability to impact market dynamics for microelectronics.
    There is no one right answer for addressing low market share trends 
or DOD dominant market share trends. We address industrial base issues 
associated with each industrial sector on a case-by-case basis 
depending on many variables, to include market share, competitive 
forces (numbers of domestic sources or foreign suppliers), mature or 
emerging technology, and barriers to entering the market. The 
Department has several options available for mitigating supply base 
risks, including propellants or propellant ingredients, such as using a 
reliable foreign source, establishing a domestic source, or investing 
in research and development to develop a second source. The Department 
used IBAS funding to help establish a domestic source for this 
material. A current high-priority item for a low DOD market share issue 
is hydroxyl-terminated polybutadiene (HTPB), where variability in the 
product from the sole-source domestic supplier has caused issues for 
many DOD missile systems. Various mitigation activities, including 
research and development funding from the Defense Logistics Agency and 
IBAS are helping to characterize the material more thoroughly, and also 
to establish a reliable second source. An example of a material that 
scores very high in terms of risk, but has been determined that no 
action is required at this time is nitrocellulose (NC)--a material that 
is in all DOD ammunition systems and for which there is a sole domestic 
source. However, that source is a Government-Owned, Contractor-Operated 
(GOCO) facility, and is therefore stable; no mitigation is necessary at 
this time. A final example of a dominant DOD demand issue was the solid 
rocket motor for the Advanced Medium Range Air-to-Air Missile where the 
program office used a foreign source to mitigate the supply issue.
    Mr. Hunter. During her opening statement, Ms. Marie Mak (Director, 
Acquisition & Sourcing Management Team, U.S. Government Accountability 
Office) made the following remarks with respect to micro-electronics 
and industrial base policy more broadly:
    ``But the bottom line is that, not only is the U.S. reliant on a 
single provider, it now faces the unknown risk of relying on one that 
is foreign-owned. DOD is in a position where it faces some very 
difficult and complex decisions with potentially significant costs and 
national security implications.
    ``Microelectronics is just the latest of several defense industrial 
base issues. Other examples include rare earth materials, specialty 
metals, and counterfeit parts. We need an industrial base strategy that 
is much more proactive and less reactive.''
    a. Since the duties of the DASD-Manufacturing and Industrial Base 
Policy include being the principal advisor to Under Secretary Kendall 
on ensuring a reliable supply of critical materials like rare earths 
and specialty metals (10 U.S.C. 139c(b)(16)), would you characterize 
the national security drivers associated with rare earths as similar to 
that of micro-electronics (small defense demand, minimal Department of 
Defense market influence, outsized presence of foreign and Chinese 
manufacturers, etc.)? If not, why not?
    b. What steps is the Department of Defense taking to promote 
domestic and/or allied nation production--not low technology readiness 
level research projects and surveys--of rare earth materials to meet 
defense requirements?
    Mr. Gudger. There are similarities between microelectronics and 
rare earth supply chains (small defense demand, minimal DOD market 
influence, outsized presence of foreign and Chinese manufacturers, 
etc.). There are also key differences. Microelectronics are 
manufactured components which can be sabotaged or counterfeited 
resulting in significant national security risks. Rare earths are raw, 
semi-finished, or alloy products which go into manufactured items, 
which substantially limits the ability to tamper or sabotage the 
materials. DOD is reliant on thousands of different microelectronic 
components, while rare earths consist of just 17 elements. DOD can 
stockpile a handful of different forms of these rare earth elements to 
mitigate the majority of its risk. Therefore, DOD's primary risk 
mitigation for rare earths is stockpiling. Stockpiling is generally 
ineffective for addressing microelectronic components because the 
technology advances so rapidly, and stockpiled components become 
obsolete before being used. Additionally, the cost of the multitude of 
components required to be stockpiled would be too high. Consequently, 
stockpiling of select critical microelectronics is considered by DOD 
acquisition programs on a case-by-case basis, when necessary, carefully 
considering its cost/benefit.
    There is not a sustainable business case for developing rare earth 
mining and production capabilities in the United States at this time 
due to the current overcapacity in the market. Compared to domestic 
commercial demand for rare earth materials, the Department's industrial 
base requirements are very small. Accordingly, the current risk 
mitigation effort being pursued by the Department is stockpiling. The 
ongoing establishment of rare earth inventories will mitigate much of 
the Department's risk for a relatively small investment.