Insulating Hardware From Software Crucial for Security of Devices, Say Silicon Flatirons Panelists
February 11, 2021 – Hardware components should be built separately from software to minimize the risk of cyberattacks, experts say. Technologies like artificial intelligence are increasingly being embedded into hardware, making it challenging to prevent and keep separated cyberattacks from component
February 11, 2021 – Hardware components should be built separately from software to minimize the risk of cyberattacks, experts say.
Technologies like artificial intelligence are increasingly being embedded into hardware, making it challenging to prevent and keep separated cyberattacks from component failures, said Jennifer Roberts, Deputy Director at the DARPA Information Innovation Office.
That fact makes hardware harder to trust, experts said. Devices and the systems running those devices both need to have safety features in place to mitigate risk in the event of a breach, said experts at the Silicon Flatirons Trust and Tech Worthiness in the Tech Sector conference.
Protecting hardware from attacks is complicated. It is built to act a certain way, and if one component of that is compromised, it still needs to know how to act the way we expected it, Roberts said. Bolstering supply chain security during hardware and software deployment is critical to prevent cyberattacks, she said.
Separating and sealing off parts of hardware from software can prevent against system failures or even accidents. “Take your car for example,” said Roberts. “If someone hacks your software-based entertainment system, you wouldn’t want them to also be allowed to hack your hardware-based steering wheel while you’re driving—they need to be separated.”
Failures are inevitable, but they can be minimized, she said. This is especially true with medical devices. There are scores of medical devices that combine both hardware and software components that, if breached, would cause serious patient harm, said Jessica Wilkerson, a cyber policy advisor at the FDA Center for Devices and Radiological Health. Whether it’s a hardware or cyberware component, mitigating these dangers must be done, she said.
Winning trust in hardware is a lifelong pursuit. Trusting in a technical environment is by nature different than trusting in the human environment, said Brian Scriber, vice president at Security Technologies and CableLabs.
Just because a device may have delivered trust in the past three years, doesn’t mean you can trust it in the next minute, he said.
