Intel keynote misses the mark on Meltdown and Spectre vulnerabilities
When Intel CEO Brian Krzanich took the stage last night at CES 2018 in Las Vegas, he began his keynote by addressing the elephants in the room – the recently disclosed Meltdown and Spectre vulnerabilities affecting modern CPU architectures, including Intel’s.
Those remarks lasted approximately two minutes.
Then Krzanich turned to his prepared keynote address, which featured flying drones and a guest appearance from former Dallas Cowboys quarterback and NFL analyst Tony Romo. Celebrity sightings and gimmicky gadgets are much more of the CES culture than information security talks, so Krzanich’s keynote wasn’t exactly a surprise in that respect.
However, it was disappointing to see the world’s largest chip maker waste an opportunity to provide clarity and reassurances about its plans – both short term and long term – to address the Meltdown and Spectre vulnerabilities. Krzanich did discuss the issues briefly; he thanked the technology industry for coming together to work on the problems.
“The collaboration among so many companies to address this industry-wide issue, across several different processor architectures, has been truly remarkable,” Krzanich said during his keynote.
On that note, Intel’s CEO is absolutely correct. But Krzanich did little to explain how that collaboration happened and what benefits it will provide in the future as companies continue to grapple with these problems. And as far as Intel’s individual efforts go, Krzanich mostly repeated what the company had previously announced – that updates for more than 90% of the products released in the last five years will arrive within a week. He added that Intel expects the remaining products to received updates “by the end of January.”
But that was about it. Krzanich didn’t say what the updates would be (again, he repeated previous company statements that the performance impacts of the updates would be “highly workload-dependent”) or how Intel would “continue working with the industry to minimize the [performance] impact” of the updates. He didn’t say what Intel’s long-term plan was for the Meltdown and Spectre vulnerabilities, or even say if there was such a plan.
It’s important to note that Intel actually had new information to provide; according to a report from The Oregonian, Krzanich authored an internal memo announcing the formation of a new internal group, dubbed Intel Product Assurance and Security. But for whatever reason, Krzanich didn’t mention it.
Meltdown and Spectre are critical findings with industry-altering implications. A consumer-focused show may not seem like the best setting to discuss the intricacies of microprocessor designs and technical roadmaps, but CES is still the biggest technology event in the world. Last night was an opportunity to reach an enormous amount of consumers, enterprises and media and communicate a clear strategy for the future. And Intel largely wasted it.
“Security is job number one for Intel and our industry,” Krzanich said last night.
If that were true, then the Meltdown and Spectre vulnerabilities should have warranted more than two minutes on the biggest technology stage of the year.