Cybersecurity

Supply Chain Security

Cyberattacks against information and communications technology (ICT) supply chains are becoming increasingly sophisticated. To combat the significant impacts of these attacks. it is important to develop supply chain security policies on a foundation of evidence, data, and transparency rather than policies that target the country of origin as a means of mitigating supply chain risk. Rather than creating barriers to building a robust global supply chain, which can cause significant negative impacts on international trade, governments should support policies that focus on domestic production investment while establishing clear, transparent standards and guidelines for securing global supply chains. Objective criteria built on trust (e.g. DHS Supply Chain Risk Management Task Force) are more sustainable and more likely to avoid the impacts of political trends that result in country-specific exclusions. Intel has a unique role as both a manufacturer with its complex supply chain, as well as a supplier to other finished goods and services, and thus has tremendous experience in supply chain security that can help inform more effective policies.

Confidential Computing

Today, data is often encrypted at rest, in storage, and in transit across the network, but not while in use in the processor and memory. Confidential computing is an emerging industry initiative focused on securing data in use, without exposing it to the rest of the system. The implications of expanding the use of confidential computing can have wide-reaching impacts, but these opportunities have not been widely pursued through public policy at this point.

Developments in advanced analytics, artificial intelligence, and multiparty data collaboration are accompanied by risks to confidential or regulated data. Confidential computing can help reduce risks to privacy through hardware-enforced data confidentiality and access while raising the bar for security simultaneously. Intel is looking to work together with our government and industry counterparts to make confidential computing more accessible and help organizations realize that anytime sensitive data is in use, there is an opportunity to leverage the latest technology to better protect it.

Product Security

Ubiquitous connectivity has brought forth a new era of intelligent, connected devices and data-driven capabilities delivering benefits to society and users. Public policies should encourage innovation and competition to preserve these benefits and accelerate secure, scalable, and interoperable technology deployment, particularly of IoT devices. Concerns regarding expanding attack surfaces and increased embeddedness in the digital ecosystem have prompted IoT security regulation proposals globally. Intel supports design-neutral regulation rooted in internationally harmonized standards that leverage risk-based approaches to securing IoT devices and avoid fragmented requirements while supporting interoperability. Intel actively collaborates with the ecosystem in the development of international standards in ISO (JTC 1, SC27) and other organizations. Intel also participates in other consensus-driven efforts, such as the Internet of Things Labeling Initiative and the Council to Secure the Digital Economy C2 Consensus on IoT Security Baseline Capabilities project.

Security Certification

Governments worldwide show increased interest in creating cybersecurity certification and labeling schemes to boost confidence in products, services, and companies in their markets. Current proposals include the  EU Cybersecurity Certification Framework, NIST FIPS 140-3 Security Requirements for Cryptographic Modules, and several others. Intel supports government efforts to ensure adequate security for its technologies if these efforts follow a risk-based process for determining appropriate requirements and can evolve with the rate of technological advancement. The context for technology deployment is critical to determining how best to secure the environment (highlighted in ITI’s Policy Principles for Cybersecurity Certification). Blanket requirements are often too rigid to accommodate this variance. Additionally, innovation in the technology space evolves rapidly and certification schemes are often unable to keep pace with new developments. All these factors and more need to be considered before pursuing a certification or labeling regime. Collaboration with industry during the development of such a scheme is vital to establishing and maintaining long-term success.

Encryption

Encryption is a fundamental technology essential to make ICT infrastructure secure and reliable. In past decades, researchers, industry, and governments worldwide collaborated to develop encryption mechanisms that supported interoperability globally. Local technology mandates proposed in the name of national security cause harm to the compatibility of the global market. Such mandates can negatively impact users within that country by forcing the technology to be, by nature, less secure. For this reason, Intel supports globally harmonized encryption standards and regulations. See more in this blog that details Intel’s positions on encryption policy.