Dem lawmaker wants briefing on major chip vulnerabilities

Dem lawmaker wants briefing on major chip vulnerabilities
© Greg Nash

A Democratic lawmaker on Tuesday asked major microchip manufacturers whose products are affected by the Spectre and Meltdown vulnerabilities to provide a briefing on the newly discovered cybersecurity flaws.

“I am looking to better understand the nature of these critical vulnerabilities, the danger they pose to consumers, and what steps your companies plan to take to protect consumers,” Rep. Jerry McNerneyGerlad (Jerry) Mark McNerneyHouse passes host of bills to strengthen cybersecurity in wake of attacks In defense of misinformation House Democrats want to silence opposing views, not 'fake news' MORE (D-Calif.) wrote in his letter to the CEOs of Intel, AMD and Arm.

McNerney is one of the first lawmakers to react to the massive breach which, if exploited, allows hackers to access sensitive information stored on the hard drive of computers and servers.

The California Democrat asked that in the proposed briefing companies address how consumers are affected by the breaches, the timeline for when they became aware of the breaches and what steps they're taking to resolve the flaws among other concerns.

A spokesperson for Rep. Frank Pallone Jr.Frank Joseph PalloneHouse Democrats ramp up probe of FDA approval of Alzheimer's drug Intercept bureau chief: Democrats dropping support of Medicare for All could threaten bill's momentum House Democrats reintroduce road map to carbon neutrality by 2050 MORE (N.J.), the top Democrat on the Energy and Commerce Committee, said Pallone agrees such questions should be answered and supports briefings on the matter.

Intel welcomed McNerney’s interest and said it has already been speaking with members of Congress regarding the vulnerabilities.

“We share Congressman McNerney’s interest in these important issues and will continue to engage with a variety of Congressional and Executive Branch officials to address how the industry can best respond,” an Intel spokesperson said.

Shortly after the vulnerabilities were revealed, Sen. Mark WarnerMark Robert WarnerDemocrats confront 'Rubik's cube on steroids' Advocates call on top Democrats for 0B in housing investments Democrats draw red lines in spending fight MORE (D-Va.) released his own statement calling for improved industrywide standards of “cyber-hygiene.”

“Recent reports of a security flaw in Intel’s chips once again highlight the impact of vulnerabilities in widely adopted components and protocols, and illustrates the importance of adopting basic hygiene requirements for the rapidly proliferating Internet of Things,” Warner said at the beginning of January.

Spectre and Meltdown directly affect the hardware of countless computers across the country, including cloud computing systems used by many businesses and the federal government.

Companies whose chips have been affected and the Department of Homeland Security have both said they aren’t aware of any groups successfully exploiting the cybersecurity flaws, but cybersecurity experts are still concerned about the vulnerabilities.

While companies affected are working on their own patches to mitigate the risks, experts anticipate that vulnerabilities can only be fully resolved by replacing the susceptible hardware.

--This report was updated on Jan. 17 at 7:42 a.m.