New "Symbiote" May Protect Microchips from Cyber Attack

Security experts are working to thwart a potentially devastating cyber attack

Join Our Community of Science Lovers!

As microchips have grown smaller and more powerful, they have infiltrated virtually every corner of society, from smartphones to medical devices to the controls that regulate rail lines, power grids and water treatment facilities. Computer security experts have been warning that these embedded computers are highly vulnerable to attack because they are increasingly networked with other computers and because they have virtually no defenses protecting their firmware, programs that are hardwired onto the chip. In October, following a wave of network attacks believed to have originated in Iran, Secretary of Defense Leon Panetta warned that a “cyber Pearl Harbor” could be imminent.

Security experts used to take firmware for granted, notes Scott Borg, director of the nonprofit Cyber Consequences Unit, because, unlike software, it was designed to operate unchanged for long periods of time. “Yet the circuits embodying these programs are designed to accept a significant number of rewrites, so they can still be altered by cyberattackers,” he says.

Engineers are making headway in protecting these chips. One new approach, described at a computer security conference in July, is a program that would scan random chunks of firmware code to check for signs of intrusion. Developers Ang Cui and Sal Stolfo of Columbia University say their “symbiote” can work with any type of firmware without slowing a computer's processing speed. It may also detect malware that no one had any way of noticing before, potentially shedding light on an “untold chapter of the history of Internet warfare,” Cui says. They plan to deliver a prototype for U.S. government testing by the end of 2012.

On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

Borg calls Stolfo and Cui's approach “very promising.” Marc Dacier, a senior director at Symantec Research Labs, asserts that a major obstacle to any defense measure is getting companies to adopt it. The Pentagon is pushing for legislation to require the private sector to cooperate with government on cybersecurity issues. Without such legislation, Panetta said in his October speech, “we are, and we will be, vulnerable.”

It’s Time to Stand Up for Science

If you enjoyed this article, I’d like to ask for your support. Scientific American has served as an advocate for science and industry for 180 years, and right now may be the most critical moment in that two-century history.

I’ve been a Scientific American subscriber since I was 12 years old, and it helped shape the way I look at the world. SciAm always educates and delights me, and inspires a sense of awe for our vast, beautiful universe. I hope it does that for you, too.

If you subscribe to Scientific American, you help ensure that our coverage is centered on meaningful research and discovery; that we have the resources to report on the decisions that threaten labs across the U.S.; and that we support both budding and working scientists at a time when the value of science itself too often goes unrecognized.

In return, you get essential news, captivating podcasts, brilliant infographics, can't-miss newsletters, must-watch videos, challenging games, and the science world's best writing and reporting. You can even gift someone a subscription.

There has never been a more important time for us to stand up and show why science matters. I hope you’ll support us in that mission.

Thank you,

David M. Ewalt, Editor in Chief, Scientific American