Digitalization and innovation have scaled businesses, allowing them to be connected in more ways than ever — as evidenced many times during the first day of Intel Vision. But more data and more computational infrastructure mean more attack surfaces, allowing threat models to keep pace with innovation.
Press Kit: Intel Vision 2022
To open the second day of Intel Vision, Intel Chief Technology Officer Greg Lavender presents “Securing Our Digital World Through Innovations at Scale,” sharing his insights on the need for a trusted foundation and technologies to protect businesses today and into the future. In the latter part of his keynote, Greg will be joined by industry luminaries for a panel discussion bringing perspectives on securing our digital future fueled by innovations in confidential computing, quantum and other yet-unimagined technologies.
9:01 a.m.: Hello and welcome! This is Jeremy Schultz, communications manager at Intel, and thank you for joining me once again for the live show at Intel Vision.
I’m following the broadcast from a ballroom at the Gaylord Texan Resort, where a video is setting the stage for Greg’s presentation. The message: as computation becomes more and more important to business, so does security.
9:03 a.m.: And here’s Greg! “The last two years have been a catalyst for innovation and technology adoption, enabling us to navigate extreme uncertainty while remaining connected.”
Technology is allowing us all to do more, Greg adds, but “it is creating an attack surface and attack vectors at a scale we have never seen before.”
9:04 a.m.: The number of attacks is gobsmacking — and increasing. Greg says that “Cybersecurity Ventures predicts that organizations will face a new ransomware attack every two seconds by 2031, up from every 11 seconds last year.”
And attackers can buy malware without writing a single line of code.
9:05 a.m.: Thus, Intel builds everything with security in mind — “even ethical hacking our own products.” Do the folks on that team get individual codenames like famous hackers? That’d be fun.
This work, combined with external research, informs a regular set of quarterly mitigations and security improvements called the Intel Platform Update, which “give our customers a higher level of protection against evolving threats.”
9:06 a.m.: Greg spent his career before Intel as “a very demanding customer” and knows the challenges well. The big one: “not only security everywhere, but intelligence everywhere.”
Quantum computing will bring a whole new level of intelligence, Greg suggests, but also “the startling possibility of a quantum computer breaking advanced encryption methods in seconds.” Remember Oh’s painfully long password in the movie “Home”? Still won’t be long enough.
9:07 a.m.: Given that security is “existential,” Greg queues up three topics for a deeper dive:
- Confidential computing and trust-as-a-service
- Secure and responsible AI
- Preparing today’s digital world for the quantum computing era
9:09 a.m.: “No product or technology today can be guaranteed to be absolutely secure,” Greg explains. “Intel’s security technologies are hardware-enforced and provide a root of trust for securing workloads and limiting those attack surfaces.”
One example is probably in your laptop. Intel Threat Detection Technology, or Intel TDT, “equips endpoint detection and response solutions with silicon-enabled CPU heuristics combined with innovative AI techniques.”
In other words, TDT helps gives solutions like ConnectWise, Fidelis Cybersecurity and Microsoft Defender for Endpoint a tool to find and stop malware and other nasties on your system.
9:10 a.m.: Where does confidential computing figure in? Encryption is commonly used for data in transit or at rest, but “there is a gap in protecting data-in-use while it is being processed in memory.”
Confidential computing, as the name suggests, helps to protect that data within “a hardware-based trusted execution environment.”
Intel Software Guard Extensions, or Intel SGX, “is the proven trusted execution environment technology powering confidential computing today in private, public and edge cloud environments.” It’s like a secret conference room you can only see when you’re inside.
9:11 a.m.: We’re not stopping at CPUs, adds Greg. “We plan to extend confidential computing beyond the CPU to accelerators such as GPUs, FPGAs and IPUs through software-based solutions today and hardware technologies in the future.”
9:12 a.m.: Definition check: within confidential computing, “trust is established through a process called attestation,” which essentially verifies the trustworthiness and integrity of an environment, Greg explains.
It’s how you know things are in their right place and “a key element of the zero-trust approach to verify everything.”
9:13 a.m.: And Greg’s got an announcement: “I want to introduce an exciting effort that represents a major step forward in extending attestation services in cloud, data center and edge computing environments. This new Intel software-as-a-service offering is code-named Project Amber.”
This new SaaS is a TaaS, er, trust-as-a-service solution to provide “verification of the trustworthiness of customer assets.”
Wait. Where’s the wafer?
9:13 a.m.: Why separate the verification of trust from the infrastructure provider? “This decoupling helps provide objectivity and independence to enhance trust assurance to users and application developers.”
“Project Amber’s initial offering will be a cloud agnostic, multi-cloud, federated service with provable integrity of its verification processes,” Greg says. It’s coming pretty soon — first as a pilot with select customers later this year.
9:14 a.m.: Intel software work like this is stealthy but substantial: Intel invested over $250 million in advancing open-source software security over the last five years, Greg notes. Per Intel’s commitment to an open ecosystem, “we intend to maintain and grow this commitment by double digit percentages.”
The massive cornucopia of Intel hardware and software means “we can deliver new subscription services and solutions such as Project Amber to meet the growing needs of our customers.”
9:16 a.m.: At the perfectly timed intersection of confidential computing and open-source software is Gramine, a library developed by Intel and others that “emulates the Linux kernel so it can run unmodified Linux applications in restricted environments, such as Intel SGX enclaves.”
Gramine makes it almost “push button” easy to protect applications and data using Intel SGX, Greg adds.
As superheroes are wont to team up, “we plan to integrate Project Amber with Gramine for providing attestation verification of confidential computing applications.”
9:17 a.m.: Big topic #2: secure and responsible AI.
As AI reaches into practically every industry, “proliferation of sensitive information adds to the growing threat landscape and more importantly, the security and privacy concerns surrounding it,” Greg says.
9:18 a.m.: Building an AI model can range from $100,000 to $10 million per model — “protecting that IP is a high priority.”
To protect AI models that run outside an organization’s security perimeter, “we can help secure AI models using Intel’s OpenVINO machine learning platform.” Normally used to ensure top performance across a range of Intel hardware, OpenVINO can also be “combined with a security add-in based on the Intel-led open-source Gramine project and Intel SGX.” A superhero trio.
9:19 a.m.: What about heavily regulated industries, like healthcare, where data privacy makes it unwieldy to try AI?
“We partnered with BeeKeeper AI to help them create healthcare’s first secure collaboration platform,” Greg says. This company’s gotta have great swag — who doesn’t like bees?
BeeKeeper AI combines Intel SGX and Microsoft Azure’s confidential computing to enable “an AI algorithm to compute metrics against multiple, real-world clinical data sets without compromising the privacy of the data or IP.”
The result is that the development and deployment of medical AI innovation can be accelerated “by more than 30-40%.”1
9:20 a.m.: And there’s plenty more AI can do in healthcare. Greg invites Jason Martin, a principal engineer in Intel Labs, to show how Intel technologies “are enhancing trust in a very distributed manner.”
9:21 a.m.: Say you’ve got a brain tumor. The first step in treatment is called “segmentation”: taking an MRI and locating the tumor, which requires a radiologist who might be unavailable or over-worked.
Intel’s research partnership with the University of Pennsylvania, Perelman School of Medicine’s Federated Tumor Segmentation, or FeTS, applies AI to ease the strain.
Since privacy and confidentiality prevent centralizing the data required to train an AI model to locate brain tumors, “we distribute the computation to each of the institutions, where it operates on the local data,” Jason explains.
Intel developed an open-source software framework called Open Federated Learning or OpenFL, which enabled 55 institutions across six continents to collaborate. As a result, all that patient data stays safe and private while the AI model can locate tumors 33%1 more effectively.
9:22 a.m.: “What better way is there to improve people’s lives with our technology than helping the medical field save our loved ones?” Jason asks. He waits. And waits.
Still waiting. Maybe one of the folks from BeeKeeperAI could jump up and say “how about AI to build healthcare AI?!” but they’re probably too polite. Nice job, Jason!
9:23 a.m.: “Intel is also investing to address deepfakes,” says “Greg.” I hadn’t thought about it before, but I’m watching this from 2,000 miles away — he sounds like Greg and looks like Greg but how do I know?
“While AI is being exploited to create deepfakes, it can also be the solution.”
Enter FakeCatcher, a deep learning solution that “utilizes the temporal and spatial characteristics of biological signals that are hidden within authentic videos.” Whoa.
With some OpenVINO toolkit-provided boost, “Intel built the world’s first real-time deepfake detection platform we are aware of.”
Longer term, “Intel has joined forces with the Coalition for Content Provenance and Authenticity, setting standards and policies to restore trust in digital content.”
Demo time? Is this the real Greg? Bah, not enough time.
9:24 a.m.: Big topic #3: quantum computing and post-quantum crypto. Time to spin some qubits.
Intel sees a future where everything is encrypted, Greg says, but the problem is that all those crypto operations “are very compute intensive.”
Well, that’s not the only problem. When quantum computers arrive, “attackers will have the ability to break symmetric crypto algorithms and completely break public key cryptography used to protect your data.”
9:25 a.m.: If you thought Y2K was scary: “post-quantum experts are anticipating a moment in the next 10-plus years where, we as an industry, will reach a similar situation as we saw with the millennium bug, which many are calling Y2Q.” Y2Q!
There’s no time to waste. Intel has a pipeline of “quantum resistant” crypto tech, Greg says, but it’ll take “the entire ecosystem, all of us, to bring its ingenuity and collaborate to find the solutions.”
Baddies could even harvest encrypted data now and sit on it until quantum computers are viable — dastardly.
9:27 a.m.: What will post-quantum crypto require? In short: harder math, and when that’s not enough, new algorithms.
We’ll also need Y2Q-ready computers, and Intel is on it. “We have developed internal crypto guidelines for our products specifying algorithms and parameters required for increasing resistance to quantum attacks,” Greg explains.
9:28 a.m.: Overall, Intel’s taking a three-phased approach to address the quantum threat:
- To fight the harvesting of encrypted data, increasing the key sizes of cryptographic algorithms — for example, replacing 128-bit AES with 256-bit AES.
- To guard against malicious code, building quantum resistance into code-signing applications, such as authentication of firmware and software.
- Securing the internet by replacing classical public key algorithms with standardized post-quantum crypto algorithms.
9:30 a.m.: “We have a shared responsibility to protect our critical infrastructure from quantum adversaries,” Greg asserts. “The end of this decade will be here before we know it.”
As security threats continue unabated, Greg says in wrapping up his presentation, you can count on Intel. “We are the trusted choice for secure computing,” delivering software “to unlock additional value realization at all layers running on Intel hardware.”
By partnering with openness, trust and transparency, “we can innovate at scale to secure our digital futures.”
9:32 a.m.: It’s panel time!
Kim Zetter, a cybersecurity journalist and author, will moderate the panel, to which Greg has invited:
- Mark Russinovich, Chief Technology Officer of Microsoft Azure
- Jamie Thomas, general manager for Strategy & Development, IBM Systems
9:35 a.m.: Kim: Is this the golden era of cybersecurity? If so, what was the tipping point to bring it?
Jamie: Seen impressive ramp of attacks in the last year and a half. From Solar Winds to Log4J. We need to cooperate as an industry to overcome this.
Kim: Mark, has government push helped?
Mark: It was in motion for years before that. The open-source security foundation started two years ago as we recognized the need. We welcome government participation, but it’s already been industry-led.
Greg: OpenSSL and Heartbleed was memorable a few years back, and it was embedded in many products. It took months to remediate. We’ve come to rely on a lot of open source software. We’re working to drive more secure open source, that’s not just scanned but trusted.
9:40 a.m.: Kim: Is there anything still overlooked today?
Jamie: There’s always something missing, but we need to execute on the essential elements. Confidential computing, secure boot and quantum resistance. Also need to think through patching and making that easier to manage.
Mark: I believe we are in the golden era of cybersecurity, powered by the cloud and confidential computing and zero trust – I don’t use a password anymore, which prevents phishing. But the basics still matter, such as patching. That’s where the cloud can play a key role.
Greg: We’re working on seamless security updates where you can do firmware updates live, to speed up the process that Mark is talking about. The cloud vendors are where the requirements came from.
9:44 a.m.: Kim: With 2030 as goal for Y2Q-ready, is enough being done?
Jamie: We did announce a 4,000-qubit machine for 2025. We need to take this seriously. We’re working on quantum-safe crypto and we need people to take advantage of them. We do plan to make quantum a reality.
Mark: Microsoft also working deeply to address this crisis. We’ve been working for years, including in the NIST process, and have four algorithms in development. We’re enabling the use of them to VPN connections today.
Greg: I tried to frame the problem so we don’t kick the can down the road. How do we scale to millions of qubits?
9:48 a.m.: Kim: on privacy and security, how do you define trusted AI?
Jamie: It’s important because if you don’t believe your AI, it’s not useful to you. Take cyber-operations. We’re using to AI to analyze what’s happening online and we have to anonymize that information.
Mark: Trusted AI includes responsible AI and explainable AI. Confidential computing is promising because we don’t want to see what our customers are doing with their data. BeeKeeper AI is a great example, to keep data safe at all times.
Greg: The FeTS example is great — the training is local but they’re sharing all of that training to get a better algorithm for everyone. We an eliminate bias in the data as well.
9:52 a.m.: Kim: Is security where it needs to be in the cloud? Are customers relegating too much trust in it?
Mark: Cloud is a key part of raising the security bar; the signals from many products, environments in one place where you can fuse signals is a key part of it. The work we’re doing on open source supply chain and securing that, it will raise the bar on services across the stack.
Jamie: Need to make sure vendors have standards in place. You should certainly trust but verify.
Greg: We all know best practices for securing infrastructure, the monitoring and alerting and patching, being responsive. As you move to SaaS providers, have you taken all the steps to secure your data and models? Every layer needs to participate in that.
9:55 a.m.: Kim: Where should security go?
Mark: I’m heartened by the OpenSSF, it’s a great initiative. Also the confidential computing initiative. It might be looked at today for most sensitive, but it will become ubiquitous as the technology matures. We’ll expect it to protect all data.
Jamie: This education journey we’re all focused on – we need our organizations to be informed. We’re focused on training at all levels, across universities, so our clients can have the right skills in the future.
Greg: We’re a broad supplier of technology, and we’ll keep upping the bar. I’m most concerned about the edge, which is growing. It’s a new entry point and we need to take it seriously.