philosecurity

I stood in a dimly lit room at Argonne National Labs with both wrists handcuffed, working a tool into the mechanism on my right hand. “Push the cuff up and then down,” said Jon Warner helpfully. The cuff snapped open.

We were in the Vulnerability Assessment Team’s (VAT) “museum,” a small display room in Argonne National Laboratory. The tables in the VAT’s museum were littered with locks, bolts, seals and unrecognizable electronics. I had been brought there by Eric Michaud, a fellow researcher on the team. Jon explained that the purpose of the VAT is to try to emulate the “bad guy,” investigating real threats for both industry and government. Much of their work focuses on “tamper-indicating devices such as bolt seals, adhesive label seals, etc.,” upon which our global supply chain relies.

Jon lined up four shipping container bolts on the counter in front of me. “Which one has been tampered with?”

I inspected them all diligently. The heights were the same. Perhaps some were a little more scratched than others? Upon close inspection, they all had almost imperceptible variation, but none which seemed to specifically indicate tampering.

Finally, I picked out the one that seemed to be the most scratched, and handed it to Jon. He twisted the top. “Nope.” Then he picked up one of the other bolts, and checked it. Suddenly, the top popped off.

“We modified the bolt seal so that we could open it when we wanted to ,” he said. “See, we can take a bolt seal that is already on a container being shipped, modify it and enter the container whenever we want.” Someone who managed to slip these tampered bolts into the supply chain could steal millions of dollars of merchandise, smuggle goods or people in legitimate containers, or contaminate the food supply.

I studied the bolt, intrigued that the security of our global supply chain rests on such an innocuous object.

Sherri Davidoff