Cybersecurity
Intel advocates for risk-based, evidence-driven, design-neutral approaches that foster cybersecurity resilience.
Sound cybersecurity policy targets areas of mutually beneficial outcomes by improving industry and government information sharing in a way that maintains confidentiality, integrity, and availability with appropriate liability protection to business.
Intel’s security objective is well-aligned with the goal of global governments: to promote trust in technology by enabling governments, businesses, and individuals to better secure their data and infrastructure. To accomplish this, Intel is committed to working alongside governments to promote policies that are globally scalable and flexible enough to address the evolving security landscape by focusing on robust and transparent security solutions and risk-based, evidence-driven, design-neutral approaches to security policy informed by consensus-driven processes.
Key Issues
Secure AI
In the era of digital transformation, AI is reshaping industries and improving aspects of our lives.
Yet the history of cybersecurity is a constant battle of technological innovation to stay ahead of evolving threats. As AI becomes increasingly capable of performing complex calculations, bad actors can use AI tools to exploit security vulnerabilities. It is crucial to enable cybersecurity mechanisms to meet this evolving threat rather than rely on traditional security measures.
Secure AI is the basis of future digital interactions, protecting data with advanced security technologies, embedded directly into hardware. Any approach to Secure AI will need to account for both Security for AI, which strengthens AI infrastructure against cyber threats, and AI for Security, which uses AI to enhance cybersecurity. This dual approach means that as AI systems advance, they can be equipped with sophisticated hardware and software defenses against digital vulnerabilities.
One central tenant of AI policies should be to enable innovation without compromising trust. This balance should be reflected by 1) promoting secure AI standardization and adoption; 2) investing in cybersecurity and R&D in AI; 3) developing cybersecurity skills in AI; and 4.) fostering international cooperation, not only between governments but also between different groups of stakeholders, such as the Coalition for Secure AI (CoSAI) and the Open Platform for Enterprise AI (OPEA).
Confidential Computing
Today, data is often encrypted at rest, in storage, and in transit across the network, but not while in use in the processor and memory. Confidential computing is an emerging industry initiative focused on securing data in use, without exposing it to the rest of the system. The implications of expanding the use of confidential computing can have wide-reaching impacts, but these opportunities have not been widely pursued through public policy at this point.
Developments in advanced analytics, artificial intelligence, and multiparty data collaboration are accompanied by risks to confidential or regulated data. Confidential computing can help reduce risks to privacy through hardware-enforced data confidentiality and access while raising the bar for security simultaneously. Intel is looking to work together with our government and industry counterparts to make confidential computing more accessible and help organizations realize that anytime valuable data is in use, there is an opportunity to leverage the latest technology to better protect it.
Product Security
Ubiquitous connectivity has brought forth a new era of intelligent, connected devices and data-driven capabilities delivering benefits to society and users. Public policies should encourage innovation and competition to preserve these benefits and accelerate secure, scalable, and interoperable technology deployment, particularly of IoT devices. To address concerns regarding expanding attack surfaces and increased embeddedness in the digital ecosystem, Intel supports design-neutral policies rooted in internationally harmonized standards that leverage risk-based approaches to securing IoT devices, while supporting interoperability. Intel actively collaborates with the ecosystem in the development of international standards in ISO (JTC 1, SC27) and other organizations.
Finally, Intel is supportive of Secure by Design approaches to improving product security. These efforts need to include the importance of designing secure and resilient hardware from the onset of the product development lifecycle.
Supply Chain Security
Cyberattacks against information and communications technology (ICT) supply chains are becoming increasingly sophisticated. To combat the significant impacts of these attacks, it is important to develop supply chain security policies on a foundation of evidence, data, and transparency rather than policies that target the country of origin as a means of mitigating supply chain risk. Rather than creating barriers to building a robust global supply chain, which can cause significant negative impacts on international trade, governments should support policies that focus on domestic production investment while establishing clear, transparent standards and guidelines for securing global supply chains. Objective criteria built on trust (e.g. DHS Supply Chain Risk Management Task Force) are more sustainable and more likely to avoid the impacts of political trends that result in country-specific exclusions. Intel has a unique role as both a manufacturer with its complex supply chain, as well as a supplier to other finished goods and services, and thus has tremendous experience in supply chain security that can help inform more effective policies.
Security Certification
Governments worldwide show increased interest in creating cybersecurity certification and labeling schemes to boost confidence in products, services, and companies in their markets. Current proposals include the EU Cybersecurity Certification Framework, NIST FIPS 140-3 Security Requirements for Cryptographic Modules, and several others. The context for technology deployment is critical to determining how best to secure the environment as highlighted in ITI’s Policy Principles for Cybersecurity Certification. Blanket requirements are often too rigid to accommodate this variance. Additionally, innovation in the technology space evolves rapidly and certification schemes are often unable to keep pace with new developments. All these factors and more need to be considered before pursuing a certification or labeling regime. Collaboration with industry during the development of such a scheme is vital to establishing and maintaining long-term success.
Encryption
Encryption is a fundamental technology essential to make ICT infrastructure secure and reliable. In past decades, researchers, industry, and governments worldwide collaborated to develop encryption mechanisms that supported interoperability globally. Local technology mandates proposed in the name of national security cause harm to the compatibility of the global market. Such mandates can negatively impact users within that country by forcing the technology to be, by nature, less secure. For this reason, Intel supports globally harmonized encryption standards and regulations.