News

Insights for technology professionals

Breaking down today's cybersecurity vulnerabilities in the semiconductor industry

Posted on February 24, 2021 by Jack Trompert

cybersecurity-vulnerabilities

Cybersecurity has always been important, but in today’s environment, it’s mission-critical. Global cybercrime is expected to grow by 15 percent each year over the next five years— triple the figure for 2015. To put it into perspective, that’s more than 100 attacks every second of every day. If the semiconductor technologies we depend on become vulnerable to hacking, the consequences can range from diminished consumer trust to natural security breaches.

To understand and prevent cyberattacks from harming your chip operations, it’s essential to know what cybersecurity issues exist today and what forces drive changes to the cybersecurity space.

Chip security vulnerabilities

 

 

Hardware weaknesses

According to Rambus, a hardware root of trust is the foundation on which all secure operations of a computing system depend on. In an ever-changing environment of cybersecurity threats, a hardware-based root of trust can be continually updated to combat ongoing attacks or fight counterfeit IC production. But the complexity of modern chips with billions of transistor components makes hardware vulnerabilities hard to detect. An issue hidden under layers of a chip’s hardware can often go unnoticed for a long time, potentially disturbing critical infrastructure.

 

Spectre and Meltdown

In 2018, researchers revealed two hardware vulnerabilities, dubbed “Spectre” and “Meltdown”, in Intel chips that took over two years for the company to patch. The flaws can spill sensitive data like passwords and encryption keys from billions of computers, mobile devices, and the cloud to hackers. In an industry-wide scramble to address challenges, the event was known as “Chipmaggedon” and Intel was forced to rethink its security from top to bottom

 

Products with longer life cycles

Longer product life cycles add another dimension to cybersecurity threats. The longer products are in use, the more time attackers have to spread damage to systems or upgrade their skills. While firmware or software updates can curb threats, cyberattack methods continue to evolve as well.

 

SolarWinds software updates

In the case of the infamous 2020 SolarWinds malware incident, hackers sent two malware software updates to 18,000 SolarWinds clients. The Sunburst and Supernova updates created a backdoor to companies’ IT systems, letting hackers spy on companies. Most unsettlingly, the software company responsible for some of the most security-conscious departments in the U.S. government certified those updates. Even with proper authentication, a breach can still sneak past layers of security.

Additionally, malicious software can also result in severe hardware malfunctions. Restoring hardware may require a complete redesign and fabrication, which could take months or years to fix. 

What forces drive changes in global cybersecurity?

There are several forces driving changes in the global cybersecurity landscape:

 

Technology trends

Modern semiconductor chips are pushing the limits of physics and economics. While billions of transistors can squeeze onto a chip, technologists believe shrinking its feature size means more mechanical failures in the future. As researchers explore new manufacturing techniques, chipmakers will have to rethink security for new generation chips.

 

Geopolitical trends

Countries all over the world depend on semiconductor-based technology for economic growth and industry advancement. The result is growing competition between rivals in the Asia-Pacific region and the U.S. This rising battle for chip leadership across the globe will shift changes in oversight and control of the supply chain — thus impacting hardware security. 

 

Industrial trends

Major semiconductor manufacturers have also built assembly plants in areas with more tax incentives like China, Korea, Taiwan, and Singapore. The fab boom in Asia is a looming threat to the United States’ competitive advantage. As rivals ramp up their facilities, so do their national security and intelligence capabilities.

 

Achieve trusted technology

When it comes to cybersecurity, industries should make every effort to stay proactive. Cyberthreats and breaches can happen anytime and anywhere in various ways. When semiconductor technologies remain critical in high-priority sectors and global leadership, industries can’t afford to neglect security.

In today’s unpredictable political and environmental landscape, working with a technology partner can help mitigate risks posed by cybersecurity gaps or new and existing threat actors. At Talent 101, we deliver cybersecurity solutions that flex and scale with your business needs. We help customers build trusted technologies with solid security operations to better manage risk on the fly, grow revenue, and build reputation. Whether you’re exploring new cybersecurity opportunities, building up defenses, or on the road to recovery, secure your digital transformation with us.

Jack Trompert

In 2010, Jack and Janet Trompert started Talent 101 with a clear new vision on how to deliver talent to the marketplace. To work at Talent 101 is to be a part of something creative and big. From our modest roots as an ambitious startup, to becoming a global workforce solution provider to the world’s most recognized semiconductor companies, our growth and momentum owes a lot to our strong company culture of customer service, can do attitude, sense of urgency and always focus on the client and talent.

jackt@talent-101.com