Congressman Jerry McNerney

Representing the 9th District of California
Mobile Menu - OpenMobile Menu - Closed

Rep. McNerney Requests Briefing on Critical Computer Chip Vulnerabilities

Jan 16, 2018
Press Release
Recent Reports Unveil Widespread Vulnerabilities that Pose Serious Danger to Consumers

Washington, DC – Today, Congressman Jerry McNerney (CA-09) sent a letter to the CEOs of Intel, Arm, and AMD requesting a briefing about the Spectre and Meltdown vulnerabilities. The letter follows recent reports that computer chips made and designed by these companies are susceptible to the Spectre and Meltdown vulnerabilities, which can be used by nefarious actors to steal users’ personal information.

“I am looking to better understand the nature of these critical vulnerabilities, the danger they pose to consumers, and what steps your companies plan to take to protect consumers,” Congressman McNerney wrote in the letter.

“The Spectre and Meltdown vulnerabilities are glaring warning signs that we must take cybersecurity more seriously. In recent years, we witnessed the largest global ransomware attack in history and the largest distributed-denial-of-service attack of its kind in history. The warning signs keep piling on, yet cybersecurity practices continue to lag far behind,” Congressman McNerney continued. 

As a member of the House Energy and Commerce Committee, Congressman McNerney has been a vocal proponent regarding the need to address growing cyber threats. Earlier this Congress, he introduced the Securing IoT Act, which would require cybersecurity standards to be established for wireless devices and that the devices be certified to meet those standards.

Full text of the letter available below:

Dear Mr. Krzanich, Mr. Segars, and Dr. Su:

I am writing to request a briefing from your companies about the Spectre and Meltdown vulnerabilities. As a Member of Congress who has a strong interest in cybersecurity and who serves on the House Energy and Commerce Committee, I am concerned about the growing cyber threats our nation faces. You may be aware that earlier this Congress I introduced the Securing IoT Act, which would require cybersecurity standards to be established for wireless devices and that the devices be certified to meet those standards.

It was recently reported that computer chips made and designed by your companies are susceptible to the Spectre and Meltdown vulnerabilities. I am looking to better understand the nature of these critical vulnerabilities, the danger they pose to consumers, and what steps your companies plan to take to protect consumers.

Analysis by security researchers suggests that nefarious actors could use Spectre and Meltdown to access and steal users’ personal information, including passwords, online bank accounts, emails, and photos. They could also take advantage of these security flaws to access and steal critical documents held by businesses and government agencies. Should the vulnerabilities be exploited, the effects on consumers’ privacy and our nation’s economy and security would be absolutely devastating.

The Spectre and Meltdown vulnerabilities are glaring warning signs that we must take cybersecurity more seriously. In recent years, we witnessed the largest global ransomware attack in history and the largest distributed-denial-of-service attack of its kind in history. The warning signs keep piling on, yet cybersecurity practices continue to lag far behind.

Please be prepared to address the following issues during the briefing:

  • The scope of the Spectre and Meltdown vulnerabilities: which chips are susceptible to these vulnerabilities and what are the products (both hardware and software) that utilize these chips.
  • How consumers could be impacted by the Spectre and Meltdown vulnerabilities.
  • The timeframe for when your companies first learned about the Spectre and Meltdown vulnerabilities, notified vendors, and notified the public.
  • Whether there is any evidence that these vulnerabilities have been exploited or that such attempts have been made.
  • The steps your companies have taken and will be taking to mitigate potential risk for consumers, and the timeframe for taking the respective actions.
  • What, if any, chips and products (both hardware and software) could still be susceptible to the Spectre and Meltdown vulnerabilities after the above actions are taken.
  • In cases where patches are issued, what, if any, adverse consequences should consumers expect to encounter – e.g., potential slowing of operating systems.
  • What steps your companies are taking to ensure that other chips they manufacture and design are secure (whether this be protecting chips from Spectre, Meltdown, or other vulnerabilities), and the timeframe for taking the respective actions.

Thank you for your attention and cooperation in this matter.

Sincerely,

Jerry McNerney

Member of Congress

# # #

Rep. Jerry McNerney proudly serves the constituents of California’s 9th Congressional District that includes portions of San Joaquin, Contra Costa, and Sacramento Counties. For more information on Rep. McNerney’s work, follow him on Facebook and on Twitter @RepMcNerney