ICYMI: Chip Vulnerabilities
Is there a way to combat chip vulnerabilities, and what kind of improvement does the future hold? Find out what the panel of experts from iCorps' Cybersecurity Summit had to say in this video.
[Attendee Question] So, with the recent Intel chip-set vulnerabilities with Spectre and Meltdown, you know, that kind of stuff goes to the core. It's not the user. It's not the data. It's baked into the hardware, and that's everybody's problem. So my question is, what do you think about the future of more open-hardware designs, and open security standards, and collaboration among vendors? Because if it's everybody's problem, what is the solution?
[Alan Toews - Sophos] Yeah, I mean, these are things that raise a lot of questions, and if you're looking at shared community environments, it's been pretty serious hacks to look at and look hard at how they're solved. And these have not been easy things to solve because they seem to have performance impacts on—or there's certainly been the risk of performance impacts—that have been closely evaluated. And I think—from the broad side of view if you look closely at everything that's come along and—but I think to the broader question you're asking, like many areas where there's a new avenue of attack that's kind of exposed, what this is really exposing in the industry is that a lot of the things that chip-makers have seen as ways to improve performance—and certainly that's what they are—they also allow side-channel attacks, and they respectively become a vulnerability when looked at under the right lens, and that's what these attackers are doing.
And I think this is just reading the next generation of chip design that will be a more mature process and will take this into account. Whether it's an open design as far as the blueprints...I don't think that's where it's going to go, but maybe. More likely it's just that this becomes a maturity process for the chip vendors to be building, and accounting for the needs, and finding new ways to optimize and improve performance, that don't use these techniques that cause problems.
[Jeffery Lauria - iCorps Technologies] Actually, I'll respond to that real quick. You know, there are always going to be vulnerabilities, there are always going to be flaws, and it's just the business, so to speak. Alright, so obviously patching systems when you can, but you know, all these vulnerabilities and flaws need an avenue on which to be executed. And as long as you're aware of that avenue, that needs to be executed, you can craft your defense around that. Alright, so it is very important. Security is not a set it and forget it. It is not an "I'm going to visit it on Friday at 2 o'clock at lunch," alright. It is a day in and day out job. So, if you're not aware of what's emerging—and this doesn't have to be complicated, right—this is a news feed, an RSS feed that shows up in your mailbox every single day, right. It is a look of what's happening outside of the United States. Look what's happening in Europe. Look what's happening in India. Specifically, in India to be honest with you. Look what's happening there, and then craft solutions around that.
So even though we are going to have vulnerabilities in hardware—your toaster is going to be able to, you know, see what's going on with your refrigerator, and we know that's going to happen. So how do we protect against it? So, vendors will get better. I don't think that open-source hardware is going to work, frankly, because at that point the secret sauce goes away. Right? At the end of the day. Then there's no difference between AMD and Intel right? They're all in the same field, they know what they're doing. So I think that's going to stay, but just understanding what the threats are.
iCorps Video Library