Intel’s efforts to address security issues
Intel (INTC) is currently in the middle of a security crisis after a Google (GOOG) security researcher found a security gap in Intel’s chip design. The company has been working with its PC (personal computer) and cloud customers to fix this issue. The Oregonian, citing a memo sent to Intel’s employees, reported that the company has also created an internal cybersecurity group called “Intel Product Assurance and Security.” Many of the company’s top executives are involved. While Intel’s efforts are moving in the right direction, the way it is handling the matter is making the issue bigger.
Intel originally planned to reveal the security flaw on January 9, 2018, at the CES (Consumer Electronics Show) 2018. But The Register leaked the news on January 2, 2018. In response to this leak on January 3, 2018, Intel released a statement in which it admitted that there are flaws in its chips but stated that these flaws exist in competitors’ chips as well. Intel was referring Advanced Micro Devices (AMD) and ARM chips.
The company stated that it has started providing software fixes for the issue and the performance impact of these fixes would depend on workloads. It stated that an average computer user may not see any significant dip in performance and even the performance drop could be mitigated over time.
On January 4, 2018, Intel issued another statement in which it admitted that initially performance dips might be significant for some discrete workloads but assured that additional software updates would mitigate the impact. The company also promised that it would issue updates for 90% of its processors introduced in the past five years by mid-January 2018.
As the software updates are the ones that are not distributed centrally by Intel or Microsoft (MSFT), PC vendors had to make customers aware of their existence.
The CES 2018
On January 9, 2018, Intel’s chief executive officer Brian Krzanich presented at the CES 2018 where he said, “We expect some workloads may have a larger impact than others…”
In the span of one week, Intel went from no significant impact to an initially significant impact for some workloads to a larger impact for some workloads. Moreover, a few days before the CES show, Intel encouraged major cloud providers to accelerate efforts in developing their own processors, thereby reducing their dependence on Intel’s chips.
Intel’s actions and its statements are not in sync, creating ambiguity around the severity of the issue. This confusion pulled down Intel’s stock by 9% in one week. Adding to this ambiguity, Intel’s response to the security issues didn’t match with the response of its customers, which we’ll look at in the next article.