Spies tied to a foreign government have infiltrated a major server manufacturer and planted tiny microchips on the system boards in order to spy on the American government and its largest corporations. Sounds like the start of a great Hollywood thriller, right? But here’s the scary part: it might be a true story.
Earlier this month, Bloomberg posted an article titled “The Big Hack” that alleges just that—tiny microchips were placed on server mainboards by people tied to the Chinese government for the purpose of hacking and gaining intelligence on the U.S. Department of Defense, CIA, and some of the U.S.’s—and world’s—largest corporations. These chips, about the size of the tip of a pencil, are said to create a stealth doorway into any network that these compromised servers had access to—rolling out the infiltration red carpet, if you will.
Now, it is worth noting that all parties named in the article are refuting its contents, so regardless of whether or not the article is true, the reality is that it could happen. So as you evaluate your current server inventory, or when you think about purchasing new ones, it’s important to know that not all servers are created equal when it comes to security. Hewlett Packard Enterprise Gen10 servers were built with security at the forefront. Of the numerous new unique security features, I’ll outline what I believe to be the two most important: secure supply chain and runtime firmware validation.
Secure Supply Chain
HPE is the only mainstream server manufacturer that owns its supply chain front-to-back. They only source components from Trade Agreements Act (TAA) designated countries, and their component vendors are heavily vetted. Instead of outsourcing the critical base-level components like BIOS, management firmware, and ASIC, they develop all of those in house. They fabricate their own silicon and place an immutable digital “fingerprint” in every mainboard that is the base to their silicon root of trust. Other vendors have a “silicon-based root of trust,” but none are as secure for this reason. Factors like this are what allow HPE to accurately claim that Gen10 is the “World’s Most Secure Industry Standard Server.”
Runtime Firmware Validation
Another feature unique to HPE is runtime firmware validation, which is a feature in the iLO Advanced Premium Security license. HPE and other server vendors use their silicon (or silicon-based) root of trust process to check the system firmware for any compromise during the boot process. However, because servers often run critical programs and processes, they aren’t often rebooted, so it could be days, weeks, or even months between firmware checks. HPE’s runtime firmware validation checks the firmware daily while the server is running without disruption to ensure intrusions are detected as soon as possible. It takes the average business over 100 days to detect an intrusion. With runtime firmware validation, you can detect an intrusion within 24 hours. Also included in the above license is automatic firmware recovery. If it detects your firmware is compromised, the server automatically recovers the compromised firmware to a known-good state you identify.
Companies lose an average of $9 million a year due to cybercrime. HPE Gen10 servers can help ensure that your organization isn’t part of such an alarming statistic. And Connection’s comprehensive Security Practice can assist in all facets of your business, not just the data center.
Chris Mathews
Chris is a Solutions Specialist for Converged Data Center at Connection. He has more than 20 years of experience in computing technology including data center and security technology and is an HPE Accredited Technical Professional in Server Solutions, an Aruba Certified Sales Specialist, and a VMware Sales Professional. In his earlier days, he was a professional musician, and he now loves to travel with his wife and daughter and root for the Boston Bruins and Boston Red Sox.
