Cyber Attacks Will Continue to Succeed

Uploaded on 2018-01-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Spectre and Meltdown demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

Spectre and Meltdown, two methods of exploiting security vulnerabilities found in Intel, AMD and Arm processors, demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

Software-based cybersecurity, the go-to measure to ensure a system won’t be hacked, addresses software vulnerabilities but overlooks hardware design. That’s because more than $150 billion is spent a year on software-based cyber security tools, while relatively little is spent on hardware security tools, and there continues to be a stream of hacks and breaches.

As machines control more of our physical world, security needs to be built in from the ground up, utilising the latest security technologies to protect software and hardware.

The gap between the intent of security IP building blocks and their actual deployment in full SoC designs must be filled. What’s needed is a proactive and early approach to identifying and eliminating security vulnerabilities throughout the design of a semi-conductor chip. While a software vulnerability can often be patched, a hardware vulnerability in silicon deployed in systems is very costly to repair.

Ensuring the chip’s final implementation does not expose a security hole that software will exploit is a clear call to action. Without these solutions, chips will continue to be built in ways that leave them vulnerable to hackers.

The chip verification investment today is driven by requirements of functional verification. While absolutely essential, it is this focus on functionality that can lead to the introduction of unintentional security vulnerabilities during the design and verification cycle.

IoT designs may be the most vulnerable and Smart IoT devices will push the edge further from the enterprise expanding the size of the core network. Their volume will increase by 10-to-100 fold as this segment continues to accelerate. Huge investments in the end-to-end ecosystem will support this expansion.

However, unless investments in hardware security increase significantly as the interconnectedness expands, the risk and liability to both service providers as well as the edge consumer will increase.

The methodology and techniques to verify hardware security must catch up to the complexity of the SoCs that implement them. Fortunately, the shift from conversation to action is beginning as silicon providers feel the impact of gaps in security exposed in deployed products.

Investment in development of secure silicon architectures and foundation building blocks has been increasing for some time. Investment for hardware security is now increasing as well because hardware threat scenarios must be verified before products are released and deployed in the communications infrastructure.

As a result, chip design is moving from a focus on verification of functionality to verification for security.

This paradigm shift will create new de-facto standards and methodologies that must be deployable without increasing the overall SoC verification schedule. Ideally, they will co-exist with existing verification processes that yield an overall reduction in project schedule, with a significant reduction in security vulnerability.

Only then will they be adopted as standard practice in time-sensitive projects servicing the compute and mobile communications market, and the safety critical markets of automotive and aerospace.

Until then, cyberattacks will be executed successfully on the semiconductor industry through Spectre and Meltdown like vulnerabilities.

EE|Times

You Might Also Read:

Inside the Intel Chip Security Problem:

Major Chip Flaws Confirmed:

 

 

 

« AI Can Simplify The Purchasing Process For Business
Russian Hackers Trying To Infiltrate US Senate »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Wontok

Wontok

Wontok deliver innovative value-added data security services that fill the gaps left in traditional security solutions.

Velta Technology

Velta Technology

Velta Technology provide digital safety and cybersecurity solutions for the industrial space.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

Fairdinkum Consulting

Fairdinkum Consulting

Fairdinkum is a leading full-service IT consulting firm with more than two decades of experience in the industry.

Theos Cyber Solutions

Theos Cyber Solutions

Theos Cyber provides service-first cybersecurity solutions to digital businesses in Asia.

AuthMind

AuthMind

Prevent your next identity-related cyberattack with the AuthMind Identity SecOps Platform. It works anywhere and deploys in minutes.

Calamu

Calamu

Calamu is a software-defined storage security and resiliency platform that keeps your data secure and accessible wherever you choose to store it.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

SecureDApp

SecureDApp

SecureDApp is a blockchain security company that specialises in offering comprehensive security solutions to companies operating in the web3 space.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.