Taking Aim at the Achilles Heel of Computer Hardware

Cybersecurity is at a crossroads. Spending on cybersecurity is expected to exceed $133 billion¹ in 2022, and yet we still have huge data breaches. Even after the unprecedented attacks to Anthem in 2014 and Equifax in 2017, we still see hackers accessing the personal medical information of millions of patients around the country.²

Historically, software has received most of the attention in cybersecurity investment because it has been the primary target of hackers and cyber criminals. But new approaches to security are constantly needed to ensure that the industry proactively defends against breaches, rather than constantly patching and reacting to them.

As technology increasingly becomes the infrastructure of the physical world, flaws in the hardware at the heart of these digital systems represent critical vulnerabilities that must be prevented. Those flaws often originate during the design stage, before chips are taped out and deployed, and that’s where companies like Tortuga Logic come in.

This month, the San Jose-based company announced a partnership with Mercury Systems, Inc. to ensure the security of computing systems at the U.S. Department of Defense (DoD). This came on the heels of an announcement in December that Tortuga won a series of contracts with the DoD and U.S. Air Force to enhance the security of next-generation microelectronics.

Since its launch in 2015, Tortuga has gone from a Ph.D. research project to a robust, automated software platform for identifying security flaws in silicon designs. Tortuga’s solutions have won the praise of industry leaders like Xilinx, Synopsys and Rambus.

“If you look at cybersecurity in general, it’s a system-level problem. It really affects the whole stack,” says Jason Oberg, Tortuga’s co-founder and CEO. “Hardware’s the big broken link in the way that cybersecurity is being approached. If you compromise that, you really compromise the rest of the entire system.”

Indeed, as Oracle Co-Founder Larry Ellison once said, “You should always push security as low in the stack as possible. At the bottom of the stack is silicon.”³

The industry is shipping and integrating over 1 trillion semiconductor devices annually. Connected hardware is everywhere, and Tortuga is one of the few companies with the talent and capability to take up the incredibly daunting task of making the digital systems we rely on more secure at the root level.

Two years ago this month, we saw the worldwide panic over the ominously named Meltdown and Spectre⁴ security vulnerabilities. Because these vulnerabilities gave hackers a path to sensitive data processed on a computer — and were found on processors designed by Intel, AMD and ARM — pretty much everyone was at risk of having passwords, files and other digital assets stolen.

A new McKinsey report⁵ echoed, and greatly expands upon, an observation⁶ we made back in 2017 that the promises of artificial intelligence were dependent on the production of more powerful and secure semiconductors.

That’s why we partnered with Tortuga Logic, and why we share in their excitement today. The recent influx in government business indicates that a new cybersecurity paradigm is here to stay. New technologies often emanate from the needs of the government and end up in the private sector. For instance, Oracle started as a CIA project⁷ before it became a corporation that captures data for the masses.

Tortuga has worked with the government since the start and will continue to do so in light of recent hardware-based attacks. And as more decisions and capabilities are controlled by advanced microelectronics, the need for continued trust and reliability in those components must be met.

To be clear, solving security flaws at the boundary of hardware and software isn’t for every startup. But it’s a vitally important problem, representing a huge opportunity for the types of entrepreneurs we seek to partner with.

Whether they’re in autonomous vehicles or our smart homes, these computer chips will have more and more power over our daily lives. And as the saying goes, with great power comes great responsibility — to ensure the security and safety of the hardware all around us.

Follow Eclipse Ventures on LinkedIn and Twitter for the latest on the Industrial Evolution.

Sources:

1. Worldwide Spending on Security Solutions Forecast to Reach $103.1 Billion in 2019 (IDC, March 20, 2019)
2. More than 12M people may be affected by latest medical data breach. Why those patients are now vulnerable (USA Today, June 6, 2019)
3. Oracle ships first Sparc M7 systems with security in silicon (The Inquirer, Oct. 28, 2015)
4. Meltdown and Spectre vulnerabilities: What you need to know (Zscaler, Jan. 5, 2018)
5. Artificial-intelligence hardware: New opportunities for semiconductor companies (McKinsey, January 2019)
6. Securing the Future (Eclipse Ventures, Nov. 17, 2017)
7. CIA memo on Project ORACLE (CIA.gov, Nov. 11, 1975)