Dem lawmaker wants briefing on major chip vulnerabilities

Dem lawmaker wants briefing on major chip vulnerabilities
© Greg Nash

A Democratic lawmaker on Tuesday asked major microchip manufacturers whose products are affected by the Spectre and Meltdown vulnerabilities to provide a briefing on the newly discovered cybersecurity flaws.

“I am looking to better understand the nature of these critical vulnerabilities, the danger they pose to consumers, and what steps your companies plan to take to protect consumers,” Rep. Jerry McNerneyGerlad (Jerry) Mark McNerneyHere are the 95 Democrats who voted to support impeachment Lawmakers grow impatient for FDA cannabis rules Trump’s clean power plan replacement is exactly what the coal industry needs MORE (D-Calif.) wrote in his letter to the CEOs of Intel, AMD and Arm.

McNerney is one of the first lawmakers to react to the massive breach which, if exploited, allows hackers to access sensitive information stored on the hard drive of computers and servers.

The California Democrat asked that in the proposed briefing companies address how consumers are affected by the breaches, the timeline for when they became aware of the breaches and what steps they're taking to resolve the flaws among other concerns.

A spokesperson for Rep. Frank Pallone Jr.Frank Joseph PalloneHere are the 95 Democrats who voted to support impeachment Overnight Energy: USDA expected to lose two-thirds of research staff in move west | EPA hails Trump's work on reducing air pollution | Agency eyes reducing inspections of nuclear reactors Hillicon Valley: Lawmakers struggle to understand Facebook's Libra project | EU hits Amazon with antitrust probe | New cybersecurity concerns over census | Robocall, election security bills head to House floor | Privacy questions over FaceApp MORE (N.J.), the top Democrat on the Energy and Commerce Committee, said Pallone agrees such questions should be answered and supports briefings on the matter.

Intel welcomed McNerney’s interest and said it has already been speaking with members of Congress regarding the vulnerabilities.

“We share Congressman McNerney’s interest in these important issues and will continue to engage with a variety of Congressional and Executive Branch officials to address how the industry can best respond,” an Intel spokesperson said.

Shortly after the vulnerabilities were revealed, Sen. Mark WarnerMark Robert WarnerTop Democrats demand security assessment of Trump properties Senate passes bill making hacking voting systems a federal crime Senators unload on Facebook cryptocurrency at hearing MORE (D-Va.) released his own statement calling for improved industrywide standards of “cyber-hygiene.”

“Recent reports of a security flaw in Intel’s chips once again highlight the impact of vulnerabilities in widely adopted components and protocols, and illustrates the importance of adopting basic hygiene requirements for the rapidly proliferating Internet of Things,” Warner said at the beginning of January.

Spectre and Meltdown directly affect the hardware of countless computers across the country, including cloud computing systems used by many businesses and the federal government.

Companies whose chips have been affected and the Department of Homeland Security have both said they aren’t aware of any groups successfully exploiting the cybersecurity flaws, but cybersecurity experts are still concerned about the vulnerabilities.

While companies affected are working on their own patches to mitigate the risks, experts anticipate that vulnerabilities can only be fully resolved by replacing the susceptible hardware.

--This report was updated on Jan. 17 at 7:42 a.m.