Most computer platforms change custody, ownership and physical location several times throughout their journey from assembly to transportation and provisioning. These supply chains are often intricate, international and opaque. To help ensure the integrity at every stage of the compute lifecycle, we must establish a security-first method for designing, architecting and building these technologies. Without assurance at each phase, challenges around design, responsible sourcing, deployment and secure retirement are far more likely to arise. As such, Intel is working with a broad ecosystem of customers and partners on a Compute Lifecycle Assurance (CLA) Initiative designed to provide an end-to-end framework that includes tools and solutions for increased platform integrity, resilience and security.
How did we get here and what has been done in these area historically? The call for assurance across the supply chain landscape has been evolving for decades. In fact, several examples have arisen as a result of social responsibility and sustainability initiatives. For instance, The Responsible Business Alliance was formed in 2004 to help address key challenges around the rights and well-being of workers and communities across the world. More recently, policymakers have begun to focus on supply chain risks in new and different ways. One example is the 2018 SECURE Technology Act, which gave U.S. federal agencies new authority to consider supply chain risks when procuring products.
Technology companies have been doing their part to build platform integrity and assurance as well. For example, over the past several years, Intel has taken several important steps toward supply chain transparency, including being one of the first to deliver Transparent Supply Chain (TSC) tools – a set of policies and procedures implemented at factories that have been developed to provide visibility into the critical components that were used to manufacture Intel-based PCs or servers.
Four key stages of the CLA Initiative
Today, Intel TSC is available to customers across a variety of platforms, including Intel® Core™ based PCs, Intel® NUC, Intel® Xeon® SP systems, and Intel® solid-state drives. In addition to our own platforms, we have enabled ecosystem partners with Intel TSC tools, including Hyve Solutions, Inspur, Lenovo (client and server), Mitac, Quanta, Supermicro, and ZT Systems.
While these have been great initial steps toward transparency and integrity, there is always more that can be done. This is the goal of Intel’s Compute Lifecycle Assurance (CLA) Initiative. A fundamental principle of this initiative is health of device hardware and firmware across the system – not just on day one, but across all stages of the compute lifecycle. The initiative establishes an end-to-end framework that can be applied across the life of any platform to substantially improve platform integrity, resilience and security.
As a side note, the industry working group National Telecommunications and Information Administration (NTIA) has already created a Software Bill of Materials with an initial set of deliverables that address similar challenges in the software supply chain. Similar to the way Intel is pushing to improve the compute platform lifecycle with tools and processes that bolster integrity from end to end, these organisations’ work is complementary and is bringing about meaningful improvements across the software ecosystem.
There are four key stages of the CLA Initiative. The first is “Build.” This phase includes the architecture and design of the Intel components, with the goal of utilising the latest in security research findings and world-class security techniques to minimise attack surfaces. We include the manufacturing of the platforms (PCs, servers, SSDs, etc.). We believe this build phase must start from the component level and extend all the way to platform manufacturing to provide a comprehensive picture of the platform’s inception. Next comes “Transfer.” This phase extends from the manufacturing facility dock to when the device arrives at the customer site. In this phase it is important to detect tampering, modification or changes within the hardware, firmware and software since the device was manufactured. We will also put mechanisms in place designed to establish who should or should not have rights to modify the platform throughout distribution.
From there, the next stage is “Operate,” which starts with provisioning of the device and extends over the remainder of the device’s useful life. We aim to improve confidence that a system is operating in a known and trusted state at any point. One example of our goals is to provide visibility into the functional or security updates that have been applied to the platform and report whether the device is fully updated. And the final phase is “Retire,” when a device is being decommissioned either permanently or for repurposing to a secondary customer/market. Here we develop tools to help assure all data was confidentially wiped from the drive and the platform.
To understand how this framework works in practice, let us examine a procurement example. When procurement places an order and receives the device on their dock, they have comprehensive visibility into that device. Under the new framework, this includes ensuring the device includes the required components that were ordered (such as processor type, SSD type, etc.) and does not include any blacklisted components from vendors that are high risk from either security or quality standpoint. Further, assurance will be provided that the device state (including key hardware components and firmware versions) has not changed unexpectedly from the time of manufacturing. Finally, there would be access to management tools capable of reporting on and assessing the fleet security posture with data read from each device.
Prioritising assurance is critical for the industry, and creating a successful CLA Initiative requires deep collaboration. Legislators across the world have already begun to focus on supply chain risks in new ways. Commercial enterprises around the world should find value in this improved level of assurance as well for validation, compliance and governance. Over the next year and beyond, we expect to see customers, partners and government oversight organisations show significant interest transparency beyond just the manufacturing supply chain to include transportation, provisioning, attestation and in-field updates. Join us as we tackle assurance and work with the broader industry ecosystem to build a more trusted foundation for all computing systems.
Tom Garrison, Vice President and General Manager of Client Security Strategy,Intel