SESSION ID: PS-R01 "I’m Still Standing," Says Each Cyber-Resilient Device Abhilasha Bhargav-Spantzel Nivedita Aggarwal Principal Engineer Intel Corporation Firmware Engineer Intel Corporation #RSAC Powering every person’s greatest contribution to the data-centric enterprise #RSAC How is the security landscape shifting? worldwide security spending4 2017: ~$102 Billion 90% of INCIDENTS Result from exploits in software1 Every 4.2 seconds New malware in the first quarter of 20172 2018: ~$114 Billion Cost of a breach Digital records stolen, brand damage, etc. 62% IT budget on Security And 41% on risk analysis4 Attacks on the rise increasing regulation 1) McAfee Labs Threat Report, June 2018 2) GData, Malware Trends 2017, 2017 3) Gartner Press Release, August 15, 2018 4) 2019 CIO Tech Poll, IDG/CIO Disclaimer: Intel does not control or audit third-party data. You should consult other sources to evaluate accuracy. 15%~$124 CAGR 2019: Increased spending Billion Agenda Cyber Resiliency Overview Problem Statement Enterprise Requirements Strategy and Challenges Resiliency Principles Deep dive of solution architecture for firmware resiliency Industry standards When you go back you should be able to identify the need for resiliency and understand the current industry work #RSAC #RSAC What is Cyber Resilience? NIST1 defines Cyber Resilience as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that include cyber resources Prevention + Detection Correction Monitor + Respond + Rebound 1) National Institute of Standards and Technology: https://csrc.nist.gov/ •Security Mitigation •Security Patch •Cyber Resiliency 5 #RSAC Problem Statement In 20121 Shamoon malware wiped out the hard drives of 35,000 Aramco computers. A three quarters of their Servers went unusable and several 10000s of their employees unable to login to their system and resume work for several months. Just in the first quarter of 2017, new malware emerged every 4.2 seconds2 Critical infrastructure e.g. hospitals were forced to stop production. This trend continues till date. What we would like to do : 1. Get back to work immediately after a corruption, failure or an attack 2. Ensure our devices are ready and responsive when we need them 3. Have the ability to automatically install of urgent security updates 1) https://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html 2) GData, Malware Trends 2017 Disclaimer: Intel does not control or audit third-party data. You should consult other sources to evaluate accuracy. 6 #RSAC Enterprise requirements IT operations Secure access to endpoints Ensures system recovery IT Security 62% of IT budget for security1 Remove firmware blindspots Digital transformation User experience IT spend shifting to cloud 2 Zero Trust environment No clout on PC Productivity and performance3 Enterprise requirements is shifting the security focus to resilience and recovery 1) CIO, “2019 CIO Tech Poll: Economic Outlook Research,” June 2019 2) Gartner, “Market Insight: Cloud Shift — 2018 to 2022.” Sep 2018 3) IDC “The Future of Productivity: How Today’s Next-Gen PCs Empower Workers and Why Performance Still Matters.” Tom Mainelli, April 2019 Firmware Resiliency Strategy and Challenges #RSAC Strategy : Understand your platforms Measure your platforms Compliance Accelerate Response Challenges : Limited Telemetry information Lack of readiness of local and remote attestation Limited compliant devices in ecosystem Finite Hardware resources Ecosystem and infrastructure readiness to deploy updates easily Hardware based security foundation Software Creative and open by design A more visible surface for tampering Firmware Talks to software, but hides things Makes tampering more difficult Hardware Vaulted by design Farther from sight and reach Hardware and firmware resilience help build a secure foundation #RSAC #RSAC Computer System Hierarchy App1 App2 Reinstall on corruption User Data App3 Operating System, VMM Master Boot Record/EFI System Partition, OS Loader Requires special Recovery Platform Runtime 1. EC/SIO 2. Power Delivery BMC/ME NIC 3. Host Processor firmware Finger Print 4. Memory 5. Display TPM Camera 6. Storage Reinstall on corruption 7. I/Os We focus our discussion on Firmware Resiliency EC – Embedded Controller SIO – Serial I/O BMC – Bus Manage