The recently disclosed major hardware security vulnerabilities in microprocessor chips from INTEL, ARM, AMD and others should drive home the point that secure hardware is the critical element in Cybersecurity. The risk introduced by these flaws are not just to your phone and laptop – these chips are also used in critical infrastructure, defense and weapons systems. Action must be taken to address these hardware vulnerabilities, and to proactively prevent and protect against future compromise.
Dozens of studies have been conducted on hardware vulnerabilities in defense systems. But policymakers have only recently begun to recognize that hardware security is a serious issue. There are a few policy steps that could significantly reduce the serious threat from this type of vulnerability:
A Comprehensive Hardware Cyber Initiative is needed.
The US government needs trusted and assured access to critical chips.
Hardware Security Research should be prioritized.
The time to debate the risks or likelihood of hardware security threats is over. The US government needs to take swift action to deal with this serious threat. We need a Comprehensive Hardware Cyber Initiative and a national strategy for acquiring secure hardware for our military and critical infrastructures needs. The recent disclosures of serious hardware vulnerabilities in widely used microelectronics chips should be a sobering wake up call to finally take decisive action on this issue.
For years, policymakers have been waiting for a “Cyber Pearl Harbor” to make us take this problem seriously. “Meltdown” and “Spectre” show that this is happening now. We need to act now to make serious investments in hardware security to deal with this critical issue of national security.