Intel McAfee and the Missing Security Link

There has been a lot of focus on security lately with the announcement of Intel’s $7.68 billion acquisition of McAfee. Minimally this highlights the importance that people are giving to cyber security. If we are going to live in a wireless Internet device connected world, we need to secure it first. Kudos to Intel for stepping up to the plate to address security. In the wireless Internet-connected world though, can McAfee squeeze that entire security overhead into a small Intel Internet-enabled device processor? Where does McAfee fit and where might the security missing link be?

Market for Wireless Chips in Internet-Connected Devices

To understand Intel’s rationale for the purchase of McAfee, you need to first look at the world as a chip manufacturer. If you are a computer chip processor manufacturer, you  are looking for more processing chips to sell and the low powered mini processor Internet-connected devices market is just the place to be. The booming market for mobile and Internet-connected devices seems to be endless; it affects every person and every venue. Early research recognizes the immensity of this marketplace. From your home, to your car, to Homeland Security, there is no market vertical that is not currently either using, or planning to use these Internet connected devices. Current research estimates the market will reach a 5 billion device milestone later this month; analysts expect 22 billion Internet connected devices by 2020. This certainly is a market that Intel cannot ignore.

Software Security for a Chip Manufacturer

So what is the Intel hardware /McAfee software advantage and what are the advantages of combining them? There is a double-edged sword when you use just software and just hardware when it comes to security. If you are just embedding security in the chip you have the daunting task of forklifting equipment upgrades when security changes. This may be impractical or even impossible depending on how many devices you have deployed and where the embed chips are located.

If you offer a software solution you can distribute and update security patches via the Internet, and not be locked into a static embedded environment. By adding the chip/software combo, an additional layer of security could be offered in a more robust and manageable solution. This seems to be Intel’s thinking. Understand that Intel is looking at buying a software security company when there are a lot of embedded security companies out there that can be bought for a lot less than $7.68 billion. Intel has listened to the warnings of many cyber security experts: when it comes to security, you need to react quickly and change almost as fast as a hacker can distribute malware.

Security Needs to be Interoperable

There is a warning here though in combining a manufacturer’s embedded chip security with a software security solution. If this makes it a proprietary chip manufacturer’s solution to a specific software security solution, you run a serious risk of losing security interoperability. In the world of billions of Internet-connected things. the potential of one device not working with another due to a lack of security interoperability could prove detrimental to Intel’s chip business. Not knowing the specifics of their design I doubt that this is their business and technology strategy.

We have had a great learning process of interconnecting a multitude of wireless access points by following 802.x standards the last couple of decades. These standards have not only offered vendor agnostic backwards capability but were able to leverage these standards when upgrading needed security platforms. These Internet-enabled devices are still connected wirelessly and most wireless access points connect to some 802.x standards. Just like wireless network access points, security needs to be interoperable and based on standards.

The Problem

The problem is when you think of connecting Internet devices, the typical computer OS stack doesn’t exist in the same way, and security will be a big problem, with the potential of billions of the devices out there. In fact these Internet-connected devices are not computers but small processors doing low-power specific things. This is the core business model behind the Intel® Atom™ and their new upcoming low powered processors. Now all they need to do is find away of securing billions of wireless Internet-connected devices to their processors.

This is where the purchase of McAfee comes in with an understandable focus on an embedded software security combo protecting the processor information. A good start for a company that has built its reputation on protecting security intrusions from the data side with experience gained from McAfee Network Security Platform (formerly Intrushield). There is a problem though when you are securing low powered small processor Internet-connected devices. Your security overhead may be too big to fit in the processor. This was a terrible security lesson that was learned when deploying smart meters for the power grid.

Start by Securing Smart Meters

The list of big players pursing the smart grid market is a Who’s Who of the biggest companies in the world and Intel is no exception. In fact they are a major contributor to GridNet, an industry consortium focusing on the smart grid. This smart grid target market not only offers billions of dollars in chip and security solutions but also is a good testing ground to learn from smart meters. Frankly if security issues with smart meters are not fixed first, it may stop Intel from securely connecting billions of Internet-connected home area network devices to the smart grid.

A recent report from Pike Research offered some sobering comments on just how important this is: “It would be naïve to think that smart meters will not be successfully attacked. They will be. In fact, smart meters represent a worst-case scenario in terms of security: the devices lack sufficient power to execute strong security software; they are placed in physically non- secure locations; and they are installed in volumes large enough that one or two may not be missed.”

“Smart meters are one of the weakest links in the smart grid security chain,” says industry analyst Bob Lockhart.  “Home area networks, commercial building networks, and utility networks all perform well in terms of keeping data encrypted within their domains.  However, these domains terminate at the smart meter, and the only way for data to pass from one network to the other is for the smart meter to decrypt the data from one side and re-encrypt it on the other.  Consequently, the data are, for a short while, unencrypted on the meter and could be successfully eavesdropped.”

The Missing Security Link

Internet connected devices are no different than smart meters. In fact they have the same issue of small processors restricting the size of security overhead. Without adding this needed security, Internet–connected devices could offer entry into the smart grid potentially turning remote power on or off through the network connection or by way of a worm that could affect the millions of smart meters and billions of wireless Internet-connected devices. This may seem like a showstopper but there are actually ways to offer high-end security with low overhead through Layer 2 security techniques.

A good understanding of  Layer 2 security is offered by Australia-based Senetas in their white paper describing the attributes and differences as it relates to today’s security models. Switzerland-based InfoGuard explains Layer 2 advantages as secure data transfer without any restrictions, no overhead, minimal latency and easy network integration and configuration. US-based WirelessWall actually deployed this Layer 2 security solution almost 10 years ago addressing similar eavesdropping issues between military field soldiers in Iraq when connecting end devices to short-range communication radio access points. Just like today’s smart meters and Internet enabled devices, the military application was faced with the same need for high-end security with low device overhead. In addition they needed to be vendor agnostic and be able to cloak existing network security. WirelessWall now offers this same capability in the commercial marketplace. Clearly attributes of Layer 2 security will have its place in the wireless Internet-connected device market and may be an immediate solution to a big problem in smart today’s meters and tomorrow’s wireless Internet enabled devices.

It is great to see Intel is taking security seriously with the potential acquisition of McAfee. This is the type of responsibility we need in a world that will be connect by billions of Internet enabled devices that will affect everything we do on a daily basis. Add a few missing links to the security model and Intel is in the security business.

* * * * * * * * * * * *

About the author

Larry Karisny is the Director of Project Safety.org and a consultant supporting local wireless broadband, smart grid, transportation and security platforms. ProjectSafety Business and Technology Cluster researches and deploys leading edge standards based technologies supporting secure migration paths to current and future wireless networks and network applications.

Comments

  1. I am pleased to see good information about Layer 2 because the value of it is simply not understood. I have tried to simplify my explanation of it and described the functionality of WirelessWall in this article: http://www.wi-fiplanet.com/columns/article.php/3839266 “Literally, you install a piece of software in one device, install another piece of software in another device—and everything in between, over the wireless, as well as the wired portion of a network, is secured, voice, video, data… everything,” There are major problem in the Smart Power Grid that must be addressed and the idea of solving an equipment problem, with equipment, does not make sense if an end-to-end, vendor agnostic , mature and blanketing software security solution exists.