Cyber threats shift as fast as the winds and strike as hard as a thunderbolt. Never was this clearer than the early weeks of 2018, when the semiconductor industry was bombarded with news of major security problems in certain hardware.
In early 2018, it became public that researchers last year discovered a major security flaw in certain chips, the processors inside almost all PCs, tablets, smartphones, and servers— components generally thought to be secure. Analysts soon showed that the bug existed in processors built by more than one company.
The vulnerabilities could allow cyber attackers to bypass current security protocols and read data stored in memory, including sensitive personal and business information. Programmers quickly demonstrated how such a cyberattack could work, succeeding at accessing machine memory to steal protected passwords.
As tech giants scrambled to apply software patches to their data center infrastructure, a new issue arose: the planned fix slowed down the performance of impacted computing devices.
How should the industry respond?
Fortunately, cyber security was a strategic priority for semiconductor executives even before the latest firestorm of chip security holes were discovered. “Minimizing cyber security risk” rose eight spots between KPMG’s 2016 and 2017 surveys, from #17 up to #9. Since the latest survey was conducted in October 2017—before the recent chip vulnerabilities became public—the increasing priority placed on cyber security initiatives was likely as a response to the proliferation of chip-using, connected IoT devices, automobiles, and data centers.
Of course, should we re-survey our audience today, we expect cyber security to rank significantly higher on semiconductor executives’ agendas. We urge semiconductor companies to confront the reality that chips are vulnerable. Hardware can be breached, and will have a waterfall impact as it spreads outward to devices in the technology ecosystem.
Hardware-based security starts by integrating security at the transistor level. As such, semiconductor companies will need to build cyber security in from the beginning by including it as a core element of the chip product design stage.
Finally, semiconductor companies will need to constantly reassess both security vulnerabilities and defenses, as cyber threats are always evolving and becoming more sophisticated. January 2018 proved that.
The article “Chip security demands attention” by Tim Zanni, Chris Gentle, Lincoln Clark and Scott Jones, KPMG in the US, was taken from the publication entitled Semiconductors: Can the surge continue?