Dem lawmaker wants briefing on major chip vulnerabilities

Dem lawmaker wants briefing on major chip vulnerabilities
© Greg Nash

A Democratic lawmaker on Tuesday asked major microchip manufacturers whose products are affected by the Spectre and Meltdown vulnerabilities to provide a briefing on the newly discovered cybersecurity flaws.

“I am looking to better understand the nature of these critical vulnerabilities, the danger they pose to consumers, and what steps your companies plan to take to protect consumers,” Rep. Jerry McNerneyGerlad (Jerry) Mark McNerneyDemocrats demand FCC act over leak of phone location data Here are the 95 Democrats who voted to support impeachment Lawmakers grow impatient for FDA cannabis rules MORE (D-Calif.) wrote in his letter to the CEOs of Intel, AMD and Arm.

McNerney is one of the first lawmakers to react to the massive breach which, if exploited, allows hackers to access sensitive information stored on the hard drive of computers and servers.

ADVERTISEMENT
The California Democrat asked that in the proposed briefing companies address how consumers are affected by the breaches, the timeline for when they became aware of the breaches and what steps they're taking to resolve the flaws among other concerns.

A spokesperson for Rep. Frank Pallone Jr.Frank Joseph PalloneHouse, Senate announce agreement on anti-robocall bill Overnight Health Care: Trump officials making changes to drug pricing proposal | House panel advances flavored e-cig ban | Senators press FDA tobacco chief on vaping ban House panel advances flavored e-cigarette ban MORE (N.J.), the top Democrat on the Energy and Commerce Committee, said Pallone agrees such questions should be answered and supports briefings on the matter.

Intel welcomed McNerney’s interest and said it has already been speaking with members of Congress regarding the vulnerabilities.

“We share Congressman McNerney’s interest in these important issues and will continue to engage with a variety of Congressional and Executive Branch officials to address how the industry can best respond,” an Intel spokesperson said.

Shortly after the vulnerabilities were revealed, Sen. Mark WarnerMark Robert WarnerBipartisan senators urge national security adviser to appoint 5G coordinator Hillicon Valley: Commerce extends Huawei waiver | Senate Dems unveil privacy bill priorities | House funding measure extends surveillance program | Trump to tour Apple factory | GOP bill would restrict US data going to China Klobuchar unveils plan to secure elections as president MORE (D-Va.) released his own statement calling for improved industrywide standards of “cyber-hygiene.”

“Recent reports of a security flaw in Intel’s chips once again highlight the impact of vulnerabilities in widely adopted components and protocols, and illustrates the importance of adopting basic hygiene requirements for the rapidly proliferating Internet of Things,” Warner said at the beginning of January.

Spectre and Meltdown directly affect the hardware of countless computers across the country, including cloud computing systems used by many businesses and the federal government.

Companies whose chips have been affected and the Department of Homeland Security have both said they aren’t aware of any groups successfully exploiting the cybersecurity flaws, but cybersecurity experts are still concerned about the vulnerabilities.

While companies affected are working on their own patches to mitigate the risks, experts anticipate that vulnerabilities can only be fully resolved by replacing the susceptible hardware.

--This report was updated on Jan. 17 at 7:42 a.m.