Sabotage by design: Protecting critical infrastructure from hidden hardware threats
This story first appeared in New York State of Discovery, UAlbany's 2026 research magazine.
ALBANY, N.Y. (April 23, 2026) — Two of UAlbany’s core research strengths — cybersecurity and semiconductor engineering — have converged in a new push to protect critical U.S. infrastructure from digital sabotage.
The federal government has moved aggressively in recent years to onshore computer chip manufacturing. But in the meantime, key components of this microelectronics supply chain vital to our national and economic security continue to be manufactured abroad. That leaves the computers we rely on for systems like the electric grid vulnerable to espionage, or worse, by hostile nations.
The most insidious threats are hardware trojans almost undetectable bits of malicious computing hardware embedded directly into the devices themselves. These nanoscale stowaways can spy on users or cause the device to malfunction and because they’re not software or a virus, there is no security patch that will fix it.
Our only defense is finding them before they become a problem.
“Creating hardware trojans is not easy, but it can be done,” said Sanjay Goel, Morris Massry Endowed Professor in UAlbany’s Massry School of Business and chair of the Department of Information Security & Digital Forensics. “The question is how to detect them. How do you trust the supply chain?”
Companies like Nvidia, Intel — they need to start figuring out how to secure the designs, how to create these trusted designs and how to easily test them. We can help them do that.
Once they make their way into key systems like air traffic control infrastructure, he said, “it could cause real harm to the American public.”
With two academic programs designated as National Security Agency Centers of Excellence in Cyber Defense, and as the home to the first college in the nation dedicated to nanotechnology, UAlbany is uniquely positioned to help.
Goel and his colleague J. Andres Melendez, chair of the Department of Nanoscale Science and Engineering, are working to establish a Chip Forensics Institute that will improve our ability to detect malicious hardware, in part by engineering bad chips and tearing them apart.
That part of the detective work involves building both safe and corrupted chips and then dismantling or delayering them to improve our understanding of the subtle differences in architecture that should serve as red flags.
“Our nanofabrication experts have deep expertise in designing and testing experimental chips, and our co-location with the NY Creates Albany NanoTech Complex makes UAlbany the perfect place to do this research and to train the chip security workforce we need,” Melendez said.
Researchers will also use advanced artificial intelligence techniques to analyze and compare the appearance and performance of chips known to be safe with those known to be corrupted, testing our ability to detect subtle differences that indicate the presence of malicious hardware.
Daunting as the challenge is, Goel said there is a model to follow in how cybersecurity experts tackled the problem of malicious software.
Until we mobilize in a similar way against hardware trojans, they will remain a source of economic and geopolitical instability.
“Even if there are no trojans out there, just the suspicion that there are trojans in our critical infrastructure is pretty stressful,” he said. “Companies like Nvidia, Intel — they need to start figuring out how to secure the designs, how to create these trusted designs and how to easily test them. We can help them do that.”