How can the Bureau of Industry and Security (BIS) verify, with reasonably high confidence, that GPUs in a given data center have not been physically transported? For already-installed GPUs that cannot rely on technical location verification, I propose a cheap, scalable solution using thermal signature monitoring.
Each data centre's GPU cluster produces a unique, stable thermal signature with a combination of heat output patterns, airflow distribution, and cooling load response. This thermal fingerprint can give rack configuration and serve as a physics-based verification mechanism.
During initial inspection, BIS would record a baseline thermal fingerprint of each rack of temperature and airflow data from inexpensive off-the-shelf IoT sensors (cost: ~$150-200 per rack). Data centres would then need to submit monthly thermal audits which are 2–3-minute sensor recordings that are captured under standard computational load. BIS software would automatically compare new readings against the baseline profile.
If GPUs have been physically removed, rearranged, or replaced, the rack's cooling pattern would change. Changes in airflow and thermal will likely create silent, automated tamper alerts that would flag those facilities which require to be physically inspected.
This approach is cheap and scalable and requires no site visits for routine verification. It's challenging to spoof. Adversaries can fake documentation but will have a hard time easily replicating the precise airflow physics of a specific GPU configuration. The system also has a bonus of improving data centre efficiency monitoring. Legitimate cooling adjustments would create some false positives requiring manual follow-up, but the system would still catch most physical GPU diversions. The system will automatically scan for unusual sites and tell inspectors where to focus.