Dem lawmaker wants briefing on major chip vulnerabilities

Dem lawmaker wants briefing on major chip vulnerabilities
© Greg Nash

A Democratic lawmaker on Tuesday asked major microchip manufacturers whose products are affected by the Spectre and Meltdown vulnerabilities to provide a briefing on the newly discovered cybersecurity flaws.

“I am looking to better understand the nature of these critical vulnerabilities, the danger they pose to consumers, and what steps your companies plan to take to protect consumers,” Rep. Jerry McNerneyGerlad (Jerry) Mark McNerneyTrump’s clean power plan replacement is exactly what the coal industry needs House Dems press FCC chairman for answers on false cyberattack claim Overnight Energy: Poll finds majority oppose Trump offshore drilling plan | Senators say Trump endorsed ethanol deal | Automaker group wants to keep increasing efficiency standards MORE (D-Calif.) wrote in his letter to the CEOs of Intel, AMD and Arm.

McNerney is one of the first lawmakers to react to the massive breach which, if exploited, allows hackers to access sensitive information stored on the hard drive of computers and servers.

The California Democrat asked that in the proposed briefing companies address how consumers are affected by the breaches, the timeline for when they became aware of the breaches and what steps they're taking to resolve the flaws among other concerns.

A spokesperson for Rep. Frank Pallone Jr.Frank Joseph PalloneThe Hill's Morning Report - Presented by Pass USMCA Coalition - Restrictive state abortion laws ignite fiery 2020 debate Work on surprise medical bills goes into overdrive Overnight Health Care — Presented by Campaign for Accountability — Alabama bill heats up fight over abortion | 2020 Dems blast bill | ACLU challenges Ohio abortion law | NC sues e-cig maker Juul | Flurry of activity on surprise medical bills MORE (N.J.), the top Democrat on the Energy and Commerce Committee, said Pallone agrees such questions should be answered and supports briefings on the matter.

Intel welcomed McNerney’s interest and said it has already been speaking with members of Congress regarding the vulnerabilities.

“We share Congressman McNerney’s interest in these important issues and will continue to engage with a variety of Congressional and Executive Branch officials to address how the industry can best respond,” an Intel spokesperson said.

Shortly after the vulnerabilities were revealed, Sen. Mark WarnerMark Robert WarnerOvernight Defense: Congressional leaders receive classified briefing on Iran | Trump on war: 'I hope not' | Key Republican calls threats credible | Warren plan targets corporate influence at Pentagon Key Republican 'convinced' Iran threats are credible Hillicon Valley: Trump takes flak for not joining anti-extremism pact | Phone carriers largely end sharing of location data | Huawei pushes back on ban | Florida lawmakers demand to learn counties hacked by Russians | Feds bust 0M cybercrime group MORE (D-Va.) released his own statement calling for improved industrywide standards of “cyber-hygiene.”

“Recent reports of a security flaw in Intel’s chips once again highlight the impact of vulnerabilities in widely adopted components and protocols, and illustrates the importance of adopting basic hygiene requirements for the rapidly proliferating Internet of Things,” Warner said at the beginning of January.

Spectre and Meltdown directly affect the hardware of countless computers across the country, including cloud computing systems used by many businesses and the federal government.

Companies whose chips have been affected and the Department of Homeland Security have both said they aren’t aware of any groups successfully exploiting the cybersecurity flaws, but cybersecurity experts are still concerned about the vulnerabilities.

While companies affected are working on their own patches to mitigate the risks, experts anticipate that vulnerabilities can only be fully resolved by replacing the susceptible hardware.

--This report was updated on Jan. 17 at 7:42 a.m.