Cyber Attacks Will Continue to Succeed

Spectre and Meltdown demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

Spectre and Meltdown, two methods of exploiting security vulnerabilities found in Intel, AMD and Arm processors, demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

Software-based cybersecurity, the go-to measure to ensure a system won’t be hacked, addresses software vulnerabilities but overlooks hardware design. That’s because more than $150 billion is spent a year on software-based cyber security tools, while relatively little is spent on hardware security tools, and there continues to be a stream of hacks and breaches.

As machines control more of our physical world, security needs to be built in from the ground up, utilising the latest security technologies to protect software and hardware.

The gap between the intent of security IP building blocks and their actual deployment in full SoC designs must be filled. What’s needed is a proactive and early approach to identifying and eliminating security vulnerabilities throughout the design of a semi-conductor chip. While a software vulnerability can often be patched, a hardware vulnerability in silicon deployed in systems is very costly to repair.

Ensuring the chip’s final implementation does not expose a security hole that software will exploit is a clear call to action. Without these solutions, chips will continue to be built in ways that leave them vulnerable to hackers.

The chip verification investment today is driven by requirements of functional verification. While absolutely essential, it is this focus on functionality that can lead to the introduction of unintentional security vulnerabilities during the design and verification cycle.

IoT designs may be the most vulnerable and Smart IoT devices will push the edge further from the enterprise expanding the size of the core network. Their volume will increase by 10-to-100 fold as this segment continues to accelerate. Huge investments in the end-to-end ecosystem will support this expansion.

However, unless investments in hardware security increase significantly as the interconnectedness expands, the risk and liability to both service providers as well as the edge consumer will increase.

The methodology and techniques to verify hardware security must catch up to the complexity of the SoCs that implement them. Fortunately, the shift from conversation to action is beginning as silicon providers feel the impact of gaps in security exposed in deployed products.

Investment in development of secure silicon architectures and foundation building blocks has been increasing for some time. Investment for hardware security is now increasing as well because hardware threat scenarios must be verified before products are released and deployed in the communications infrastructure.

As a result, chip design is moving from a focus on verification of functionality to verification for security.

This paradigm shift will create new de-facto standards and methodologies that must be deployable without increasing the overall SoC verification schedule. Ideally, they will co-exist with existing verification processes that yield an overall reduction in project schedule, with a significant reduction in security vulnerability.

Only then will they be adopted as standard practice in time-sensitive projects servicing the compute and mobile communications market, and the safety critical markets of automotive and aerospace.

Until then, cyberattacks will be executed successfully on the semiconductor industry through Spectre and Meltdown like vulnerabilities.

EE|Times

You Might Also Read:

Inside the Intel Chip Security Problem:

Major Chip Flaws Confirmed:

 

 

 

« AI Can Simplify The Purchasing Process For Business
Russian Hackers Trying To Infiltrate US Senate »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

PKWARE

PKWARE

PKWARE is a global leader in business data security, providing encryption and compression solutions to enterprise customers and government entities around the world.

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

McIntyre Associates

McIntyre Associates

McIntyre Associates is an Executive Search boutique specialized in recruiting for the Cybersecurity industry. Our clients range from Venture Capital backed startups to Fortune 100 companies.

SecZetta

SecZetta

SecZetta provides third-party identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity access and lifecycle strategies.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

Moro Hub

Moro Hub

Moro Hub, a subsidiary of Digital DEWA, is a UAE-based digital data hub focused on digital transformation and operational services.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.