Dem lawmaker wants briefing on major chip vulnerabilities

A Democratic lawmaker on Tuesday asked major microchip manufacturers whose products are affected by the Spectre and Meltdown vulnerabilities to provide a briefing on the newly discovered cybersecurity flaws.

“I am looking to better understand the nature of these critical vulnerabilities, the danger they pose to consumers, and what steps your companies plan to take to protect consumers,” Rep. Jerry McNerney (D-Calif.) wrote in his letter to the CEOs of Intel, AMD and Arm.

McNerney is one of the first lawmakers to react to the massive breach which, if exploited, allows hackers to access sensitive information stored on the hard drive of computers and servers.

{mosads}The California Democrat asked that in the proposed briefing companies address how consumers are affected by the breaches, the timeline for when they became aware of the breaches and what steps they’re taking to resolve the flaws among other concerns.

A spokesperson for Rep. Frank Pallone Jr. (N.J.), the top Democrat on the Energy and Commerce Committee, said Pallone agrees such questions should be answered and supports briefings on the matter.

Intel welcomed McNerney’s interest and said it has already been speaking with members of Congress regarding the vulnerabilities.

“We share Congressman McNerney’s interest in these important issues and will continue to engage with a variety of Congressional and Executive Branch officials to address how the industry can best respond,” an Intel spokesperson said.

Shortly after the vulnerabilities were revealed, Sen. Mark Warner (D-Va.) released his own statement calling for improved industrywide standards of “cyber-hygiene.”

“Recent reports of a security flaw in Intel’s chips once again highlight the impact of vulnerabilities in widely adopted components and protocols, and illustrates the importance of adopting basic hygiene requirements for the rapidly proliferating Internet of Things,” Warner said at the beginning of January.

Spectre and Meltdown directly affect the hardware of countless computers across the country, including cloud computing systems used by many businesses and the federal government.

Companies whose chips have been affected and the Department of Homeland Security have both said they aren’t aware of any groups successfully exploiting the cybersecurity flaws, but cybersecurity experts are still concerned about the vulnerabilities.

While companies affected are working on their own patches to mitigate the risks, experts anticipate that vulnerabilities can only be fully resolved by replacing the susceptible hardware.

–This report was updated on Jan. 17 at 7:42 a.m.