BIS Working on Controls for Hardened ICs, High-Performance and Cloud Computing

Radiation-Hardened Integrated Circuits

Producers have recently started to make radiation-hardened integrated circuits (i.e., resistant to damage due to radiation) for commercial applications. This poses a problem because, for many years, these circuits have been controlled as munitions by the International Traffic in Arms Regulations because of their use in space and nuclear battlefield environments, Rarog said. There is some potential for these integrated circuits for commercial applications to fall under the technical parameters for ITAR controls, he said.

According to Rarog, the issue is whether and when integrated circuit technology will move toward radiation-hardening, how broad the effect is going to be, and what can be done in terms of changing relevant export control regulations to establish new technical parameters.

High-Performance Computing

Another growing problem for export controls is the use of performance-based controls on high-performance computer hardware, Rarog said. Because of the fast evolution of computing technology, control thresholds for these items have increased by about 3 or 4 orders of magnitude since the early 1990s, creating a sort of “treadmill” where thresholds are constantly increasing to keep up with the technology. Furthermore, qualitative improvements in technology and foreign availability of that technology have come to “a point where the rationale for hardware controls is getting a bit thin in terms of what we’re trying to achieve from a strategic perspective,” Rarog said.

The problem, according to Rarog, is that high performance computing is still valuable to the defense community. So some form of control is still necessary. “What we’re trying to do now is to look at alternatives to prevent U.S. vendors from contributing to potential adversaries’ capabilities at the very high end, while looking at this treadmill of performance based parameters,” said Rarog, and the real challenge how to draw the line.

Cloud Computing

Finally, the advent of cloud computing is creating issues for how BIS controls software and technology. When technical data is downloaded onto a cloud, geographic location of data is indeterminate, Rarog explained. The data may be in different parts of the provider’s infrastructure, and even different parts at different times, he said. Technology and controlled code may even be moving across resources located in different countries. The challenge for BIS is to develop a consistent approach to how definition of export can be interpreted in this completely novel situation, Rarog said.

Another issue related, though not specific, to cloud computing is how to deal with non-U.S. national employees of cloud providers that may be exposed to technology as a function of their job. “Privileged access” is very common in any IT service, said Rarog, and this is true in cloud computing as well. To combat this problem, BIS is currently looking at the possibility of developing a set of frequently asked questions that would clarify or define the issue further, as well as new types of authorizations designed around this set of circumstances.