A Hardware Foundation for Government Cybersecurity

Help protect the delivery of essential government services that keep citizens safe, healthy, and thriving.

Government and Cybersecurity Takeaways:

  • Government and public sector technology must be designed for security in order to support essential services.

  • Threats are growing due to an expanding attack surface, more sophisticated cybercriminals, and fragmented solutions that can leave data unprotected.

  • Detecting and protecting against cyberattacks should involve a proactive, end-to-end approach based on a hardware foundation of trust.

author-image

โดย

A secure government technology infrastructure helps support the delivery of essential services. These span local public safety and national security to protect citizens; disease control and prevention to ensure health and well-being; and transportation to keep commerce moving. A strong cybersecurity strategy also helps protect citizens’ personal data and government data and algorithms—an increasing concern as agencies deploy more AI models.

Cybercriminals, both domestic and foreign, often target public sector technology. The range of incidents includes viruses, Trojan horses, phishing, distributed denial of service (DDOS) attacks, unauthorized access, and control system attacks. Cyberattackers aim to steal information and money, and to disrupt the delivery of vital public services. In 2017 alone, US federal agencies reported more than 35,000 cyberattacks, according to the U.S. Government Accountability Office.1

Escalating Cybersecurity Risks

In recent years, three factors have escalated cyber risks for governments worldwide. First, the attack surface continues to expand. In part, that’s due to the burgeoning number of IoT devices, estimated at 30.73 billion in 2020.2 Second, cyberattackers are beginning to skirt firewalls and security software that might have been effective in the past. And third, fragmented cybersecurity solutions leave gaps that make data vulnerable.

Our experts at Intel believe the best strategy to cybersecurity is a proactive, end-to-end approach that covers five key areas:

  • Threat detection and threat intelligence
  • Data and application security
  • Identity access management
  • Network security
  • Host and system security

The need for all aspects of security to work together—from operating system (OS) and software to firmware and hardware—has never been greater. Cyberattackers are increasingly targeting firmware vulnerabilities, according to the National Institute of Standards and Technology (NIST).3 Software protections, including OS security and data encryption, are no longer enough.

In 2017, federal executive branch civilian agencies reported more than 35,000 security incidents to the U.S. Department of Homeland Security.

Intel® Hardware-Enabled Security Technologies

Hardware-based security capabilities can play a fundamental role in state, local, and federal government cybersecurity defense. They can help protect data and devices from the endpoint—which may be a laptop, security camera, drone, or other piece of equipment deployed in the field—through the network and to the data center and cloud.

Hardware-enabled security features are a cornerstone of Intel® products and technologies. We integrate security features into all our products and create specific hardware and software to help secure data against cyberattackers.

PC Client Security

The Intel vPro® platform provides hardware-enhanced security technologies and fast, responsive performance for business computing. It includes features like Intel® Hardware Shield, which provides enhanced protections against attacks below the OS and advanced threat detection capabilities for increased platform security. Intel® Active Management Technology saves time and reduces on-site support costs with remote discovery and recovery, even in cases of power loss or OS failure.

Intel® Threat Detection Technology (Intel® TDT) is built into our silicon to enhance the solutions provided by independent software vendors. Intel® TDT enhances existing capabilities and improves the detection of cyber threats and exploits.

Intel® Security Essentials

Intel® Security Essentials deliver a built-in hardware foundation of trust. This helps protect platforms and data and enables trusted applications without compromising performance:

  • Intel® Trusted Execution Technology (Intel® TXT) creates isolated enclaves in which applications can run in their own space.
  • Hardware-assisted acceleration of performance-intensive cryptographic operations forms the basis of platform trust and security functions.
  • Protected data, keys, and identity help ensure encryption and storage for sensitive information at rest and in transport and help prevent misuse or disclosure.
  • Platform integrity comes from a protected and verified boot process with hardware attestation.

Edge Security

It’s critical to protect endpoints from security threats. Intel supports edge security in several ways.

Internet of Things Security

IoT security must be capable of covering hundreds or thousands of connected devices and the immense volumes of data they generate. Intel advocates integrating security into IoT solutions, starting with the compute device itself. Advanced hardware and software can help prevent harmful applications from being activated on a device or from taking down a network.

We work with our partners in the IoT ecosystem to design solutions with security in mind. Intel® IoT Market Ready Solutions (Intel® IMRS) are scalable, repeatable, end-to-end solutions available now. They are designed specifically for healthcare, smart cities, and other public and private sector markets. Intel® IoT RFP Ready Kits help solve industry-specific challenges with bundled hardware, software, and support. OEMs, ODMs, ISVs, and distributors develop these kits on a foundation of Intel® technologies.

Network Security

Intel® QuickAssist Technology (Intel® QAT) delivers a highly efficient network and software-defined infrastructure (SDI). It provides acceleration for security, authentication, and compression algorithms for high performance in data center and cloud systems. Accelerating SSL/TLS with Intel® QAT enables:

  • High-performance encrypted traffic throughout a secured network
  • Compute-intense symmetric and asymmetric cryptography
  • Platform application efficiency

Intel® QAT delivers performance across applications and platforms. This includes symmetric encryption and authentication; asymmetric encryption; digital signatures; RSA, DH, and ECC cryptography; and lossless data compression.

Data Center and Cloud Security

Government systems increasingly rely on cloud and virtualized infrastructure comprised of virtual machines (VM), containers, or both.

Intel® technologies such as Intel® TXT, Intel® Security Libraries for Data Center (Intel® SecL - DC), and the recently announced Intel® Converged Boot Guard and Trusted Execution (Intel® CBnT) provide trusted infrastructure capabilities for cloud, virtualized, and containerized environments. Intel® TXT and Intel® SecL - DC provide scalable security controls enabling trusted boot and attestation to the authenticity of the platform configuration, BIOS and OS/virtual machine monitor (VMM), and even guest environments. Intel® CBnT adds integration with Intel® Boot Guard to Intel® TXT to provide verified boot capabilities for servers. (See optimization notice.)

Intel® Resource Director Technology (Intel® RDT) brings heightened visibility and control over how applications, VMs, and containers use shared resources. Intel® RDT monitors usage to allocate resources intelligently and ensure no application is unexpectedly monopolizing the system.

Modern data centers built upon silicon-based trusted infrastructure are better able to consolidate servers, allow distributed virtualization, and support both private and hybrid clouds. In the data center, Intel® Software Guard Extensions (Intel® SGX) helps protect application integrity and data confidentiality, while Intel® AES New Instructions (Intel® AES-NI) speeds up data encryption to help protect data at rest and in transit without performance penalties.

Data centers powered by Intel® Xeon® Scalable processors help reduce costs while supporting cloud security. In addition, Intel® Cloud Integrity Technology (Intel® CIT) helps ensure cloud applications run on trusted, unaltered servers and VMs. Thanks to an established root of trust, Intel® CIT can attest integrity and compliance across cloud compute pools.

Supply Chain Security

Today’s supply chains are complex, far flung, and focused on speed and cost. Intel is committed to improving the integrity and traceability of Intel® products throughout their life cycles.

Compute Lifecycle Assurance (CLA) is an industry-wide effort that establishes an end-to-end framework to improve transparency from build to retire. CLA can help improve platform integrity, resilience, and security.

The Intel® Transparent Supply Chain (Intel® TSC) is a set of policies and procedures implemented at our manufacturers’ factories. These enable our customers to validate where and when components of a platform were manufactured.

The Future of Cybersecurity

Government institutions, public sector organizations, and technology companies alike are reexamining their approach to protective measures in security and privacy. As the threat landscape evolves, our commitment to product security at Intel will remain a critical priority. Our engineers and security experts will continue to work together to design products that promote a robust and resilient cyberspace.