Cyber Attacks Will Continue to Succeed

Spectre and Meltdown demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

Spectre and Meltdown, two methods of exploiting security vulnerabilities found in Intel, AMD and Arm processors, demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

Software-based cybersecurity, the go-to measure to ensure a system won’t be hacked, addresses software vulnerabilities but overlooks hardware design. That’s because more than $150 billion is spent a year on software-based cyber security tools, while relatively little is spent on hardware security tools, and there continues to be a stream of hacks and breaches.

As machines control more of our physical world, security needs to be built in from the ground up, utilising the latest security technologies to protect software and hardware.

The gap between the intent of security IP building blocks and their actual deployment in full SoC designs must be filled. What’s needed is a proactive and early approach to identifying and eliminating security vulnerabilities throughout the design of a semi-conductor chip. While a software vulnerability can often be patched, a hardware vulnerability in silicon deployed in systems is very costly to repair.

Ensuring the chip’s final implementation does not expose a security hole that software will exploit is a clear call to action. Without these solutions, chips will continue to be built in ways that leave them vulnerable to hackers.

The chip verification investment today is driven by requirements of functional verification. While absolutely essential, it is this focus on functionality that can lead to the introduction of unintentional security vulnerabilities during the design and verification cycle.

IoT designs may be the most vulnerable and Smart IoT devices will push the edge further from the enterprise expanding the size of the core network. Their volume will increase by 10-to-100 fold as this segment continues to accelerate. Huge investments in the end-to-end ecosystem will support this expansion.

However, unless investments in hardware security increase significantly as the interconnectedness expands, the risk and liability to both service providers as well as the edge consumer will increase.

The methodology and techniques to verify hardware security must catch up to the complexity of the SoCs that implement them. Fortunately, the shift from conversation to action is beginning as silicon providers feel the impact of gaps in security exposed in deployed products.

Investment in development of secure silicon architectures and foundation building blocks has been increasing for some time. Investment for hardware security is now increasing as well because hardware threat scenarios must be verified before products are released and deployed in the communications infrastructure.

As a result, chip design is moving from a focus on verification of functionality to verification for security.

This paradigm shift will create new de-facto standards and methodologies that must be deployable without increasing the overall SoC verification schedule. Ideally, they will co-exist with existing verification processes that yield an overall reduction in project schedule, with a significant reduction in security vulnerability.

Only then will they be adopted as standard practice in time-sensitive projects servicing the compute and mobile communications market, and the safety critical markets of automotive and aerospace.

Until then, cyberattacks will be executed successfully on the semiconductor industry through Spectre and Meltdown like vulnerabilities.

EE|Times

You Might Also Read:

Inside the Intel Chip Security Problem:

Major Chip Flaws Confirmed:

 

 

 

« AI Can Simplify The Purchasing Process For Business
Russian Hackers Trying To Infiltrate US Senate »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

LRQA

LRQA

LRQA are a leading global assurance provider, bringing together unrivalled expertise in certification, brand assurance, cybersecurity, inspection and training.

NextLabs

NextLabs

NextLabs provides data-centric security software to protect business-critical data and applications.

Truth Technologies Inc (TTI)

Truth Technologies Inc (TTI)

TTI is a premier provider of worldwide anti-money laundering, anti-fraud, customer identification, and compliance products and services.

Zymr

Zymr

Zymr specialize in cloud computing solutions including Cloud Security, Cloud Mobility, Cloud Apps, Cloud Infrastructure and Cloud Orchestration.

Dcoya

Dcoya

Dcoya's complete security awareness training program gives you out-of-the-box compliance with PCI-DSS, HIPAA, SOX and ISO regulations.

DocAuthority

DocAuthority

DocAuthority automatically discovers and accurately identifies unprotected, sensitive documents, enabling a broad yet business-friendly security policy.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

CERT.lu

CERT.lu

CERT.lu is an initiative to enhance cyber security practices and techniques, and support security professionals in Luxembourg.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Venkon

Venkon

Venkon provides effective and unique solutions to cyber-security threats and IT compliance requirements of your organization.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

Securonix

Securonix

Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.