Cyber Attacks Will Continue to Succeed

Uploaded on 2018-01-18 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Spectre and Meltdown demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

Spectre and Meltdown, two methods of exploiting security vulnerabilities found in Intel, AMD and Arm processors, demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

Software-based cybersecurity, the go-to measure to ensure a system won’t be hacked, addresses software vulnerabilities but overlooks hardware design. That’s because more than $150 billion is spent a year on software-based cyber security tools, while relatively little is spent on hardware security tools, and there continues to be a stream of hacks and breaches.

As machines control more of our physical world, security needs to be built in from the ground up, utilising the latest security technologies to protect software and hardware.

The gap between the intent of security IP building blocks and their actual deployment in full SoC designs must be filled. What’s needed is a proactive and early approach to identifying and eliminating security vulnerabilities throughout the design of a semi-conductor chip. While a software vulnerability can often be patched, a hardware vulnerability in silicon deployed in systems is very costly to repair.

Ensuring the chip’s final implementation does not expose a security hole that software will exploit is a clear call to action. Without these solutions, chips will continue to be built in ways that leave them vulnerable to hackers.

The chip verification investment today is driven by requirements of functional verification. While absolutely essential, it is this focus on functionality that can lead to the introduction of unintentional security vulnerabilities during the design and verification cycle.

IoT designs may be the most vulnerable and Smart IoT devices will push the edge further from the enterprise expanding the size of the core network. Their volume will increase by 10-to-100 fold as this segment continues to accelerate. Huge investments in the end-to-end ecosystem will support this expansion.

However, unless investments in hardware security increase significantly as the interconnectedness expands, the risk and liability to both service providers as well as the edge consumer will increase.

The methodology and techniques to verify hardware security must catch up to the complexity of the SoCs that implement them. Fortunately, the shift from conversation to action is beginning as silicon providers feel the impact of gaps in security exposed in deployed products.

Investment in development of secure silicon architectures and foundation building blocks has been increasing for some time. Investment for hardware security is now increasing as well because hardware threat scenarios must be verified before products are released and deployed in the communications infrastructure.

As a result, chip design is moving from a focus on verification of functionality to verification for security.

This paradigm shift will create new de-facto standards and methodologies that must be deployable without increasing the overall SoC verification schedule. Ideally, they will co-exist with existing verification processes that yield an overall reduction in project schedule, with a significant reduction in security vulnerability.

Only then will they be adopted as standard practice in time-sensitive projects servicing the compute and mobile communications market, and the safety critical markets of automotive and aerospace.

Until then, cyberattacks will be executed successfully on the semiconductor industry through Spectre and Meltdown like vulnerabilities.

EE|Times

You Might Also Read:

Inside the Intel Chip Security Problem:

Major Chip Flaws Confirmed:

 

 

 

« AI Can Simplify The Purchasing Process For Business
Russian Hackers Trying To Infiltrate US Senate »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

Aries Security

Aries Security

Aries Security provides a premiere cyber training range and skills assessment suite and develops content for all levels of ability.

C2SEC

C2SEC

C2Sec provides an innovative analytics platform that assesses and quantifies cyber risks in financial terms based on combining patented big data, AI, and cybersecurity technologies.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

Schellman

Schellman

Schellman is a leading provider of attestation and compliance services.