Bill Gates started talking about the risk of a pandemic like COVID-19 nearly a decade ago, but too few people took him seriously. Therefore, it is fascinating that Microsoft appears to be anticipating a cyberwar (well, a bigger one anyway) with their move to collaboratively create a unique cross-vendor PC security processor that would be embedded in X86 and ARM processors. The goal appears to be to harden future PCs against this potential worldwide cyberthreat before it arrives. And the name of the technology is Pluton.
Let’s talk about the level of threat and why a hardware-based approach like Pluton may be the closest thing we have to an effective antivirus against this anticipated attack(s).
I watched the 1983 movie War Games where a kid wanting to play computer games nearly wipes out the planet by playing with a U.S. Defense Department AI that can’t tell the difference between reality and virtual reality. Things became dire and the computer emulated nuclear risks, increasing the readiness level from Defence Condition 5 (DEFCON 5) to DEFCON 1 levels. The nation prepared to launch a response to a virtual Russian attack and go to war.
Before the pandemic, the cyberthreat level was barely manageable. It has increased significantly since the pandemic, with attacks on education, healthcare, labs, finance, and infrastructure — many specifically targeting the now largely unprotected employees and executives working from home.
As a result, PCs need to be universally hardened against these attacks that are increasingly coming from State-level organizations initially, and often then drift to well-funded criminal organizations. In some cases, the related malware has gone out of control and self-replicated on its own.
While users remain individually the most vulnerable on the hardware side, the biggest concern is rootkits, which reside below the operating system and render security software impotent. This DEFCON comparison is a long way of saying that, if we had DEFCON levels for security, we’d have passed level three and be well into level four by now; by the end of next year, things could be scarier.
Trusted platform module
The industry traditionally addressed this problem with the Trusted Platform Module (TPM), but there have been issues. First, not all systems have this module, and often it can be physically removed, making it unreliable. Indeed, attackers have begun to attack the communication channel between the processor and the TPM, particularly if the attacker gains physical access to the PC. This module did showcase that a hardware approach to security was superior and did provide, when fully implemented, decent protection against a large number of exploits. Given the threat landscape has gone vertical, it appears that Microsoft and the chip companies, led by AMD this round, want something far more effective, thus, Pluton was born.
Expanding on their Secured-Core PC effort, which offered advanced identity protection along with OS and hardware protection, Pluton is the most potent hardware solution so far. Backed by AMD, Intel, and Qualcomm Technologies, Pluton is a chip-to-cloud security technology that partially came out of developments on the Xbox and Azure Sphere. The Pluton design eliminated the exposure that the existing TMP communications channel created by placing the processor’s security technology inside the CPU. This implementation first emulates the TPM, so existing software that depends on that TPM continues to function. Features critical to enterprises like Bitlocker and System Guard will continue to work and be far more able to defend against attacks that would overcome the old TPM. Windows devices that use Pluton will be better able to protect credentials, user identities, encryption keys, and personal data. In short, even if an attacker has physical control of the PC, this data remains protected. Pluton also builds on the work Microsoft has done with the security community, including Project Cerberus.
One fascinating part of Pluton is securely and reliably keeping firmware up to date across the entire ecosystem so that problems and threats can be addressed and mitigated safely and quickly. This improvement will finally bring firmware into the Windows Update process, improving the overall update experience’s rigor and quality.
It is important to note that this solution evolved out of the Xbox platform and the partnership between AMD and Microsoft going back to 2013, providing a significant test of the solution’s effectiveness and reliability.
Wrapping up: Where is Apple?
Now a few things to remember, this is not a technology you can likely retrofit onto most existing PCs. And it will span AMD, Intel, and Qualcomm processors; however, Apple isn’t part of this effort. Assuming the technology is effective, this could result in Apple being blacklisted from enterprises and governments that most need this protection by year-end 2021. Apple’s “go it alone” strategy could backfire if this part becomes, as is likely, part of a broad security requirement in business and government once it is available.
Given the massive sales numbers generated this year for new PCs, the industry anticipates a second-half 2021 catastrophic drop in sales. Pluton could force an early upgrade cycle to offset that drop if the threat the technology anticipates becomes widely known.
The other significant benefit is that we are getting to firmware management that is in line with our driver and software update process, allowing the entire system to, finally, be automated concerning patches and updates.
The good news is that Pluton will immunize us against this potential cyberwar escalation; the bad news is that it will be years before we are at critical mass with this new technology, which isn’t expected on new hardware until the first half of 2021.