Cyber Attacks Will Continue to Succeed

Uploaded on 2018-01-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Spectre and Meltdown demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

Spectre and Meltdown, two methods of exploiting security vulnerabilities found in Intel, AMD and Arm processors, demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

Software-based cybersecurity, the go-to measure to ensure a system won’t be hacked, addresses software vulnerabilities but overlooks hardware design. That’s because more than $150 billion is spent a year on software-based cyber security tools, while relatively little is spent on hardware security tools, and there continues to be a stream of hacks and breaches.

As machines control more of our physical world, security needs to be built in from the ground up, utilising the latest security technologies to protect software and hardware.

The gap between the intent of security IP building blocks and their actual deployment in full SoC designs must be filled. What’s needed is a proactive and early approach to identifying and eliminating security vulnerabilities throughout the design of a semi-conductor chip. While a software vulnerability can often be patched, a hardware vulnerability in silicon deployed in systems is very costly to repair.

Ensuring the chip’s final implementation does not expose a security hole that software will exploit is a clear call to action. Without these solutions, chips will continue to be built in ways that leave them vulnerable to hackers.

The chip verification investment today is driven by requirements of functional verification. While absolutely essential, it is this focus on functionality that can lead to the introduction of unintentional security vulnerabilities during the design and verification cycle.

IoT designs may be the most vulnerable and Smart IoT devices will push the edge further from the enterprise expanding the size of the core network. Their volume will increase by 10-to-100 fold as this segment continues to accelerate. Huge investments in the end-to-end ecosystem will support this expansion.

However, unless investments in hardware security increase significantly as the interconnectedness expands, the risk and liability to both service providers as well as the edge consumer will increase.

The methodology and techniques to verify hardware security must catch up to the complexity of the SoCs that implement them. Fortunately, the shift from conversation to action is beginning as silicon providers feel the impact of gaps in security exposed in deployed products.

Investment in development of secure silicon architectures and foundation building blocks has been increasing for some time. Investment for hardware security is now increasing as well because hardware threat scenarios must be verified before products are released and deployed in the communications infrastructure.

As a result, chip design is moving from a focus on verification of functionality to verification for security.

This paradigm shift will create new de-facto standards and methodologies that must be deployable without increasing the overall SoC verification schedule. Ideally, they will co-exist with existing verification processes that yield an overall reduction in project schedule, with a significant reduction in security vulnerability.

Only then will they be adopted as standard practice in time-sensitive projects servicing the compute and mobile communications market, and the safety critical markets of automotive and aerospace.

Until then, cyberattacks will be executed successfully on the semiconductor industry through Spectre and Meltdown like vulnerabilities.

EE|Times

You Might Also Read:

Inside the Intel Chip Security Problem:

Major Chip Flaws Confirmed:

 

 

 

« AI Can Simplify The Purchasing Process For Business
Russian Hackers Trying To Infiltrate US Senate »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IABG

IABG

IABG offer independent, product-neutral consulting as well as technical and scientific services for the use of safety-relevant systems and technologies.

Cyber Security & Information Systems Information Analysis Center (CSIAC)

Cyber Security & Information Systems Information Analysis Center (CSIAC)

CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.

SecureKey Technologies

SecureKey Technologies

SecureKey is a leading identity and authentication provider that simplifies consumer access to online services and applications.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

Suprema

Suprema

Suprema is a leading global provider of access control and biometrics solutions.

HumanFirewall

HumanFirewall

HumanFirewall makes it possible for every individual to take part in securing their organisation. With HumanFirewall, achieving security has never been easier.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

Qohash

Qohash

With a focus on data security, Qohash supports security, compliance and optimization use cases enhancing your risk management process.

Mainstream Technologies

Mainstream Technologies

Mainstream Technologies is an information technology services firm specializing in custom software development, managed IT services, cybersecurity services and hosting.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.

Afripol

Afripol

AFRIPOL was set up to strengthen cooperation between the police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.

SCS Technology Solutions

SCS Technology Solutions

SCS Technology Solutions has become the preferred partner for top performing organisations across Lincolnshire for IT support and consultancy.

Xiphera

Xiphera

Xiphera designs and implements proven cryptographic security for embedded systems.