The US-China Tech War: Technology and Digital Economic Leadership at the Crossroads

Last week, the US Senate passed the USICA (The United States Innovation and Competition Act) which includes the CHIPS for America Act. Despite what the title of the USICA and its sub articles might suggest, the policy is largely a manifesto for dealing with a rising and highly competitive China with particular concern for the Western rival’s ambition to achieve semiconductor self-sufficiency and Huawei’s ascension as the leading 5G technology vendor. The Act presents several concrete policy measures to diminish China’s access to US semiconductor technologies and 52 billion USD in federal funding to build a more resilient semiconductor supply chain. But will these policies help the US achieve what the title of the USICA suggest; improve US semiconductor supply chain resiliency and competitiveness in 5G? Will it stop the technological advancement of China and its digital economy long enough for the West to tame it? 

Continue reading

Tech Insight: Zero Trust in a Trust-challenged World

Today, you can’t talk about security without mentioning zero trust. What is it and why is it such a prevalent principle and practice that dominates cybersecurity speak whether you are talking about an enterprise network, the emerging edge cloud or the 5G network? John Kindervag, SVP of Cybersecurity Strategy at ON2IT and creator of Zero Trust, joins neXt Curve to recalibrate our understanding of his brainchild and to discuss why it has become an important part of our cybersecurity vernacular.

Continue reading

Industry Insight: A Crisis in Trust & Privacy

For the foreseeable future, we will be challenged with the daunting task of updating our regulatory policies and measures to effectively keep individuals safe as digital technologies continuously create new avenues for dubious actors to impact our personal lives as well as our national security. In this episode, we discuss the myriad of issues that are contributing to a global crisis in trust & privacy that threaten to upend our societies, our economies and our individual rights.

Continue reading

Industry Insight: Data Privacy

Some argue that the freemium business models that are largely based on ad-driven revenue streams have had a democratizing effect by allowing seemingly free access to content and services to be enjoyed broadly and globally. For the most part new digital media, software as a service (SaaS) and communications companies that have emerged from the Dotcom era have gone largely unchecked. What is the hope for privacy to be realized or restored in our digital now and future.

Continue reading

Tech Insight: Trust Platforms & Solutions

We are in a race against fake and the ever expanding cyber attack surface that is the Internet of pretty much everything. With the advent of DeepFakes and other artificial challenges to reality and truth, the fundamental fabric that binds our societies, our economies and our business and personal relationships is fast fraying be becoming undone. Trust will become a valuable commodity as we seek to de-risk ourselves from contrived data, dubious transactions, and questionable parties. The emergence of trust platforms are inevitable and essential for restoring and sustaining the fabrics of trust that underpin our lives and make our civilization viable.

Continue reading

Integrated Tools for the Hybrid Operation of the Evolving 5G Infrastructure

The evolution of 5G infrastructure will not be homogenous. Operators will be deploying islands of 5G across a sea of 4G and 3G. They will be faced with the challenges of developing, deploying and managing services across hybrid infrastructures that will be comprised of a fragmented mix of the old and the new. In order to accelerate returns on 5G investments operators will need a common, integrated toolchain that allows service providers to scale operations and services across a mixed portfolio of technologies and operating environments.

Continue reading

Industry Insight: The Marriott Hack: A Call to Action for Holistic Security and Due Diligence for Mergers and Acquisitions

On November 30th, 2018, Marriott disclosed its Starwood acquisition had a 4-year-old data breach that exposed data for up to 500 million customers.  However, this wasn’t the first time they have been hacked. Corporate boards need to take cybersecurity and the risks of a digital future seriously.

Continue reading

World Internet Conference 2018: Key Takeaways

neXt Curve attended the World Internet Conference 2018 in Wuzhen, China’s premier conference on the digital economy and policy, which took place from the 6th to the 9th of November. This year’s conference was sparsely attended by U.S. tech giants such as Apple and Google, but their absence didn’t put a damper on the global scope of the event and its continued promotion of the Digital Silk Road.

Continue reading

Industry Insight: Holistic Security is Key to Meet the Digital Security Threats of Today & Tomorrow

On October 4th, 2018, Bloomberg’s Businessweek released a report alleging that Chinese spies implanted a “malicious chip” into server motherboards assembled by Super Micro Computer Inc. (Supermicro), a U.S.-based Original Device Manufacturer (ODM) that manufactures servers used in hyperscale data centers.  Growing national security threats are increasingly putting enterprises at risk as the bare-metal of our digital infrastructure depends on a supply chain highly influenced and exposed to the Chinese government.  

If Bloomberg’s allegations prove true, digital business leaders have yet another proof point that security matters and is vital to the ongoing integrity of their business in an increasingly digital economy.  Considering that Supermicro is one of the largest manufacturers of servers by annual shipments and the largest ODM according to research firm, IDC, the scope of the “spy chip” vulnerability could be broad.  But what do enterprises do now?  The digital equipment supply chain will not change overnight.

Hardware-Level Security Vulnerabilities are Growing and Threatening the  Foundation of Our Digital Economy

According to the Bloomberg report “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies”, the malicious hardware implant (a.k.a. malicious chip) was detected by Amazon’s AWS engineers during their acquisition of the video compression firm Elemental Technologies, which leveraged Super Micro Computer’s servers for their on-premise platform offerings.

This malicious chip implant allegedly interrupts instructions to an affected server’s Baseboard Management Controller (BMC) whereby a rogue administrator could gain remote access to the server through a firmware update malware and potentially impact virtual and other physical servers sitting on a data center’s network.

What is concerning, if true, is these hardware vulnerabilities, including proven vulnerabilities like Meltdown, Spectre and Foreshadow could be leveraged to attack data centers by breaking traditional security boundaries and safeguards.

For instance, a hacker could use these hardware-level vulnerabilities to create a malware or hack method to log into a cloud service and potentially scan memory and processor cache to gain visibility to other users’ personal data, company intellectual property and/or acquire access to applications and virtual machines hosted on the same affected physical server.  This type of threat exposes a business to a profound risk of personal and confidential data and content being compromised and stolen.

AI-based Behavioral Analytics – The Centerpiece of the Holistic Security Platform

If the Chinese “malicious chip” threat is considered in isolation it would seem – as represented in the Bloomberg report – there is no viable solution to the problem.  As Bloomberg reporter, Jordan Robertson, stated in an interview with Emily Chang, “The Chinese government installed malicious microchips on Supermicro-assembled server motherboards.  What a malicious microchip is, think about it as an infection that is hardcoded into your computer.  You cannot get rid of it without throwing the machine away.”   

However, the Bloomberg report intentionally or unintentionally hints and/or alleges that Amazon and Apple identified affected servers and monitored them for malicious activities (hack/breach incidents) prior to removing them from their data centers, suggesting the use of holistic security methods to identify and contain a threat that exploits the “malicious chip” vulnerability.   Spot on!

Going forward businesses need to take a new, holistic approach to security.  Traditional mindsets and approaches to enterprise security will be insufficient as rabid interest and investment in IoT and 5G by enterprises around the world expand the cyber-risk landscape.  However, based on our own research at neXt Curve, we have observed significant gaps in security capabilities and frameworks needed to address future bare-metal-to-edge security threats in a rapidly converging and expanding ICT universe.

One of the key technologies needed to fill the many holistic security capability gaps is AI-based behavioral analytics.  It is an emerging technology that is a critical element of a holistic security strategy and platform whereby standard (what is normal) profiles and behaviors of users and entities/resources (hosts, applications, and data repositories) and activities (network traffic and compute processes) are defined, and anomalous activity is analyzed, flagged, and quarantined or processes killed if needed.

While behavioral analytics may reside at the core of a holistic security solution framework, additional capabilities and services will need to be integrated in order to realize visibility and control over an enterprise’s internal and external digital infrastructure and environments.  Additional solution components will range from cloud access security brokering, integrated endpoint and network service management, security information and event management (SIEM), to intelligent firewalls with DPI (deep packet inspection) for DLP: data loss prevention and content filtering.

Securing the network and software is not good enough anymore.  Enterprises need to think of security from bare metal in the data center to the cloud to the endpoint devices that deliver the digital value we all love so much.  It’s time to think differently about digital security.

Implications for Business Leaders

CISOs, CTOs and CIOs need to think of security holistically and consider new approaches to address an expanding field of profound hardware-level threats like Meltdown, Spectre and the tampering of hardware exemplified by the alleged Chinese “malicious chip” server sabotage.  The management of risk will require ensuring that both internal and external resources and infrastructures are vetted whether they are enterprise-managed or managed by a 3rd party service provider.

The C-Suite and the board need to understand the significant risks that processor-level vulnerabilities will have on their business and on their digital strategy.  It will be critical to bring cybersecurity competencies and a robust agenda into the boardroom to effectively manage and govern the expanding and deepening sea of digital threats facing enterprises today and into the foreseeable future.

Technology vendors have an opportunity to connect the dots and bridge existing and emerging technologies into a holistic security platform.  This will require traditional vendors and service providers to venture outside of their silos and partner with holistic security ecosystem plays or lead by example with newer innovations.