Cyber Clash: Navigating the Firmware Fight
By John Benkert and Tom Ricoy
Over the last week there have been reports of two firmware vulnerabilities coinciding with the FBI Director's warning to Congress about the potential for Chinese hackers to "inflict chaos and tangible damage on the US."1 Is this a coincidence?
Yesterday, FBI Director Wray expressed concerns to the House Select Committee on the Chinese Communist Party, stating that Chinese cyber attackers are strategically positioning themselves against American infrastructure, ready to unleash chaos and harm upon American citizens and communities at a moment's decision by China.1
In 2022, it was revealed that Russia had gained persistent access to tens of thousands of systems across the Ukraine, undetected.2 At the very beginning of the war, Russia used that access to disrupt and gain the advantage for their attack. They disabled both military and commercial systems through firmware exploits.
A recent report by the Foundation for the Defense of Democracies (FDD) highlights a high-profile cyberattack on some 30,000 Viasat KA-SAT modems carried out by Kremlin-linked operatives immediately following Russia’s invasion on Ukraine in 2022. According to the report, tens of thousands of consumers had to throw out their devices, as an update or patch at the firmware level would have been impossible.2
Firmware vulnerabilities present a critical weakness in cybersecurity, offering adversaries unparalleled system control and remaining largely undetectable by current security measures. They also are generally undetectable to all cyber security solutions on the market today. They give adversaries a persistent and perhaps more importantly, silent hold on systems that they can use at a moment's notice. And there is little to no regulation to address these vulnerabilities.3
Modern PCs and servers contain numerous firmware components, such as BIOS, WiFi, Bluetooth, and other embedded devices, all of which are potential entry points for attackers. Current cybersecurity tools are inadequate in detecting real-time firmware compromises, and even when available, they cover a limited scope and are seldom implemented effectively.
So what can be done to address these vulnerabilities and this threat beyond basic cybersecurity hygiene like two-factor authentication and identity management? Fight firmware with firmware.
There is a need for a fundamental shift towards prevention-first, data-centric security strategies. This approach led to the development of Cigent’s solutions. The concept was simple: if data is the target and operating-system based protections are easily breached, then put the protection alongside the data. Where is the data located? On the storage device. The storage device is controlled by its firmware, which is where we put Cigent’s data protection.
Cigent creates “Secure Vaults”, which are protected storage partitions controlled by the storage's firmware, ensuring that sensitive data remains locked and inaccessible to compromised systems upon startup. This method effectively blocks "side-channel attacks" (laterally moving from firmware directly to the storage device and extracting data directly from the drive), preventing attackers from bypassing traditional security measures.
To balance security with accessibility, Cigent employs Multi-Factor Authentication (MFA) to allow legitimate users to access protected data. Additionally, Cigent enhances data security within these unlocked partitions through file encryption, MFA for individual file access, and AI-driven threat detection to prevent the circumvention of Cigent's protections.
The growing threat of nation-state cyber campaigns against critical infrastructure necessitates immediate and decisive protective measures to avert potential widespread devastation. It's crucial for national leaders to recognize the severity of this threat and mandate comprehensive cybersecurity defenses. Meanwhile, those in a position to act should adopt proactive prevention strategies to safeguard our nation's security and well-being.
3US regulators have done little to address firmware vulnerabilities, think tank argues - Nextgov/FCW
---
John Benkert, CEO and Cigent’s co-founder, spent 20 years in USAF Intelligence and seven in the NSA where he received the National Scientific Achievement Award for technological innovations in data security and has over 35 years of experience in commercial and government organizations. Through securing funding from In-Q-Tel, the Cigent team has achieved Benkert’s vision of developing the most secure data security solution available.
Tom Ricoy, Chief Revenue Officer, has 30 years of IT experience and has established global alliances with IT and cyber security leaders and worked with federal agencies to deploy new solutions to improve national security.