A year ago, in the wake of the Spectre and Meltdown microprocessor bugs that swept through the industry like a contagion, Intel formed a new internal cybersecurity group, vowing to make security its first priority.
That unit, referred to as the Intel Product Assurance and Security (IPAS) Group and headed by Leslie Culbertson, now Intel’s product assurance and security executive vice president, is awash in good news, Culbertson wrote in a new blog post.
(Quick look-back) The Meltdown and Spectre bugs enable hackers to read the contents of a kernel’s memory otherwise shielded from administrator and user processes and programs. Intel first commented on Meltdown and Spectre in January 2018, but initial Meltdown and Spectre patches caused higher system reboots after users applied fixes. Intel subsequently identified the source of the issues and offered recommendations to help organizations address the balky patches.)
In what amounts to a peek ahead and a look back, Culbertson laid out what the chip maker accomplished in the past year to take its security profile to the next level and how it is approaching 2019.
“In the past year, Intel has taken many steps to keep pace with this evolution — new tools and processes, exciting new talent we’ve brought on board, and, of course, the ongoing work we’ve done to continue improving security, including protecting against new classes of security vulnerabilities like Spectre and Meltdown,” she said.
Here is a recap of five milestones Intel met during the year, according to Culbertson.
On establishing IPAS: The group operates as Intel’s security “mission control,” Culbertson said. “We have made significant strides that have enhanced our agility from the very beginning of product design all the way through product manufacturing and post-sales support.”
On completing the microcode updates: Culbertson again acknowledged the challenge Spectre and Meltdown presented to the IT industry. It was the cross-sector collaboration that caught her eye. “Working together with a customer-centric focus, we and our partners were able to provide our customers with microcode updates for more than nine years of Intel products,” she said.
On engineering new hardware protection: Intel pledged early in the year to push security at the silicon level to guard against side channel exploits like Spectre and Meltdown. Along those lines, it rolled out Whiskey Lake in August and Coffee lake in October. In addition, Cascade Lake is the first x86 processor released to market that has hardware-based protections for Spectre V2, Culbertson said.
On automating the microcode update process: Intel moved to quarterly microcode updates to map more closely to its ecosystem. “One of the challenges silicon vendors face is the MCU distribution process. This can be a complex process for OEM and software partners as well as consumers,” Culbertson said. The chip maker hit a major marker when it made its MCUs OS loadable, which it did with the Spectre V2 update on a Windows Update cycle.
On more research: According to Culbertson, Intel Security has increased its red team exercises, “connecting deep offensive security research with deep product knowledge to find and address potential vulnerabilities before products ship.”
On coordination/collaboration: Intel is all in on the it-takes-a-village approach. “We’ve built a model for collaboration and development among our partners that enables them to communicate directly. This approach takes a step beyond traditional multi-party collaboration and is one that we expect to build upon that will support an environment of continuous learning,” Culbertson said.
There’s certainty surrounding security for Intel in 2019, Culbertson wrote. “Security will continue to be an area where vigilance is required,” she said. “And just as important, we at Intel will continue to drive security innovation across our product portfolio to better protect customers and help drive the industry forward to make all our products more secure.”
