You used to be able to tell who the bad guys were. But in our increasingly digital online world, those days are long gone. Now, the bad guys are faceless and anonymous. And they can and do inflict all kinds of damage on individuals, businesses, governments, and other organizations.
Surveys show that data breach attacks are happening with alarming regularity. And while your home and school PCs are hopefully well protected from data theft and viruses, don’t think that you’re in the clear. Data thieves are also targeting smartphones and other mobile devices. And in early 2018, the potential for these thieves to steal your information on your personal devices or information stored on others’ computing devices rose dramatically.
The news broke in early 2018 that independent researchers had discovered flaws in chip designs made by Intel Corporation that hackers could exploit to steal data thought to be secure.47 Every PC, smartphone, and server was exposed and vulnerable. These flaws, code-named Meltdown and Spectre, are unprecedented in their potential information security vulnerabilities.
Intel has been the world’s foremost chipmaker for well over 25 years. It makes about 90 percent of the world’s computer processors and some 99k percent of the server chips that run the internet.48 Intel is a big company with a solid reputation for reliability. However, this whole situation is likely to be viewed as a significantly critical error and misstep by Intel.
How did it all come to light?
In June 2017, a security team at Google’s Project Zero notified Intel that it had discovered the flaws in Intel’s chips.
Who or what is Project Zero? It’s the name of team of security analysts employed by Google who are tasked with finding “zero-day vulnerabilities.” The sole mission of this team of top security researchers is to identify and incapacitate the most serious security flaws in the world’s software so there are zero days of vulnerability.49 (If you’re interested, a thorough technical description of what the team found can be read at https://googleproj e c t z e r o . b l o g s p o t .com/. Look for a blog post by Jann Horn posted on January 3, 2018.) After being notified of the potentially catastrophic flaw, Intel, behind the scenes, worked on fixes with Alphabet Inc.’s Google unit and other “key” computer makers and cloud computing companies.50 Intel had planned to make the discovery public on January 9, 2018. However, on January 3, 2018, the U.K. website the Register broke the news about the flaws. Now, the cat was out of the bag, and the fallout was just beginning. Another issue that eventually came to light was the disclosure that Intel had told Chinese companies Lenovo and Alibaba of the security issues before it had alerted key national security agencies of the U.S. government. As Intel and other tech companies work on patches for the chip flaws, managers of data centers at companies around the world are working to protect their data and their customers. It’s a challenge because quick fixes aren’t perfect and long-term fixes won’t be easy. And the hackers keep hacking. As data security breaches have become all too common, managing those individuals who work to identify and protect data in an environment that’s quickly shifting can be quite challenging.

Discussion Questions

1. In addition to the challenges of “fixing” the flaws, what other issues are Intel’s top managers going to have to address? (Hint:
Think about who might be affected and how they might be affected...
both inside and outside the company.)
2. Look at the timeline of how these flaws were discovered.
Do you think Intel should have done anything differently?
Explain.
3. Keeping professionals excited about work that is routine, standardized, and chaotic is a major challenge for managers at data security companies. How could they use technical, human, and conceptual skills to maintain an environment that encourages innovation and professionalism?
4. In your “assigned” team, discuss Intel’s disclosure about the computer security flaws to Chinese companies before disclosure to U.S. government agencies and officials. What potential ethical issues do you see here? What advice would you have given to the top management team at Intel about their decisions and actions?