House Energy and Commerce demands answers on Spectre and Meltdown cyber flaws

House Energy and Commerce demands answers on Spectre and Meltdown cyber flaws
© Greg Nash

House Energy and Commerce Committee leaders are demanding answers from major technology companies affected by the Spectre and Meltdown cybersecurity flaws that leave computer chips vulnerable to hackers. 

In a letter, lawmakers pressed the CEOs of Intel, Apple, Microsoft, Amazon, Google, AMD and ARM to explain the need for an "information embargo" agreement between the companies to keep information on the cybersecurity vulnerabilities from the public.

ADVERTISEMENT

“While we acknowledge that critical vulnerabilities such as these create challenging trade-offs between disclosure and secrecy, as premature disclosure may give malicious actors time to exploit the vulnerabilities before mitigations are developed and deployed, we believe that this situation has shown the need for additional scrutiny regarding multi-party coordinated vulnerability disclosures,” the letter reads.

ADVERTISEMENT

The letter — signed by House Energy and Commerce Committee Chairman Greg WaldenGregory (Greg) Paul WaldenOVERNIGHT ENERGY:  House passes sweeping clean energy bill | Pebble Mine CEO resigns over secretly recorded comments about government officials  | Corporations roll out climate goals amid growing pressure to deliver House passes sweeping clean energy bill Hillicon Valley: DOJ proposes tech liability shield reform to Congress | Treasury sanctions individuals, groups tied to Russian malign influence activities | House Republican introduces bill to set standards for self-driving cars MORE (R-Ore.), Subcommittee on Oversight and Investigations Chairman Gregg HarperGregory (Gregg) Livingston HarperCongress sends bill overhauling sexual harassment policy to Trump's desk Dems cry foul in undecided N.C. race Mississippi New Members 2019 MORE (R-Miss.), Subcommittee on Digital Commerce and Consumer Protection Chairman Bob Latta (R-Ohio), and Subcommittee on Communications and Technology Chairman Marsha BlackburnMarsha BlackburnNetflix distances from author's comments about Muslim Uyghurs but defends project Hillicon Valley: Subpoenas for Facebook, Google and Twitter on the cards | Wray rebuffs mail-in voting conspiracies | Reps. raise mass surveillance concerns Key Democrat opposes GOP Section 230 subpoena for Facebook, Twitter, Google MORE (R-Tenn.)  — is just the latest example of lawmakers' concern over the Spectre and Meltdown vulnerabilities.

Rep. Jerry McNerneyGerlad (Jerry) Mark McNerneyTrump administration signs AI research and development agreement with the UK Hillicon Valley: FBI chief says Russia is trying to interfere in election to undermine Biden | Treasury Dept. sanctions Iranian government-backed hackers Lawmakers call for expanded AI role in education, business to remain competitive MORE (D-Calif.) wrote his own letter to Intel, AMD and ARM earlier in January, probing the matter as well. 

Intel said that it's already begun to engage lawmakers on the chip vulnerabilities. 

"We appreciate the questions from the Energy and Commerce Committee and welcome the opportunity to continue our dialogue with Congress on these important issues," an Intel spokesperson said. "In addition to our recent meetings with legislative staff members, we have been discussing with the Committee an in-person briefing, and we look forward to that meeting."

Researchers have called the flaws, which were revealed early this year, some of the worst computer processor vulnerabilities to date. The Department of Homeland Security and Intel have both said they’re not aware of anyone having successfully exploited the vulnerability yet.

The companies kept Spectre and Meltdown under wraps after first discovering them over the summer in an attempt to create and issue software updates before hackers discovered and could exploit the vulnerabilities. 

The companies planned to make knowledge of the cybersecurity flaw public on Jan 9, but news of the vulnerabilities was leaked to the media. 

Chipmakers like AMD, Intel and ARM have since issued patches to mitigate the issue, however, some of the updates have led to hindered device performance.

Experts believe that despite patches, the issue will only fully be resolved after the affected computer and phone hardware has been replaced.

This story was updated at 4:11 p.m.