What’s Really Inside?

Today’s cyber landscape is complex and getting more complex by the day.  Challenges to networks and software are ongoing but what about hardware? So far the main threats identified have been against networks and many organization still think that putting up a firewall or installing software-based cyber solutions is sufficient.

A significant increase in the number of attacks is bad, what’s worse is the attack profile is changing. In 2014, most DDoS attacks were short-duration, high-bandwidth occurrences. In the first quarter of 2015, the typical DDoS attack was less than 10 Gbps, and lasted much longer — more than 24 hours in most cases.

Right now technology is moving faster than the means to secure it and many companies are falling behind in their abilities to stay ahead of the burgeoning threat landscape.  Progress is being made but the need for incorporating security whenever date is generated, transported or otherwise handled is challenging traditional solutions.  The need to integrate security handling in chips and applications is opening up other areas to possible compromise . . . hardware and firmware.

On the hardware side there are cryptography chips that provide the most hardened solutions.  Layered onto that is secure code and IP and security software stacks.  These provide good cybersecurity but as threats intensify and diversify, hardware becomes the logical place to introduce new embedded threats.  Relentless attacks on financial, retail, transit, telecommunications, and identity platforms are giving embedded systems traction.

The past two decades have seen the semiconductor and IP industries breakup into small, highly focused companies that individually target challenging problems.  Specialization has helped to reduce development costs and cut time to market, but that comes at the price of security.  Being sure that what gets built into semiconductors or electronics by these highly diversified chip vendors has become difficult.  Too many pieces to the supply chain make it an increasing challenge to ensure that chips do what they were designed to do and nothing else.  Diversification means that no one can say for certain where a particular part came from without removing it, grinding off the package, inserting probes, and examining it under the scanning electron microscope.

Security has to catch up with technology and the chip industry is at the cutting edge with hardware solutions, but with these solutions also come with new opportunities for embedding problems.