August 9, 2022
Photo: Al Drago/Bloomberg via Getty Images
Hello and welcome to Protocol Enterprise! Today: The SEC and CISA push new rules for cyberattack reporting, Micron’s revenue warning is a bad sign for the chip business, and VMware releases its latest incident report.
Two federal agencies are simultaneously pursuing new rules for reporting major cyberattacks, but the difference in their approaches couldn't be starker.
An SEC proposal that would cover public companies has been met with fierce criticism from the industry. Separate rules that CISA is implementing for critical infrastructure operators seem on a less-confrontational track.
While CISA's rulemaking work is just getting underway, the SEC has been receiving comments on its proposal for months.
It's not yet clear what the fate will be of the two regulatory proposals.
Chip shortage could undermine national security: The global shortage of semiconductors has impeded the production of everything from pickup trucks to PlayStations. But there are graver implications than a scarcity of consumer goods. If the U.S. does not ensure continued domestic access to leading-edge semiconductor manufacturing, experts say our national security could suffer.
Up until this week, the server chip business was looking pretty good. Booming, in fact. But back-to-back revenue warnings from graphics processor designer Nvidia and memory producer Micron suggest that things are not as rosy as everyone thought.
Tuesday, Micron warned Wall Street that it was likely going to generate much less revenue than executives had expected at the end of June because of a weakening market across most of its business, including memory for the cloud. At an investor conference, CFO Mark Murphy delivered his own unflattering assessment that the cloud customers are looking at the economy and, concerned, pulling back on their orders.
“We do see some isolated supply chain disruptions affecting cloud as well, but it's principally macro and market conditions, inventory adjustment,” Murphy said, according to a transcript from Sentieo. The weakness stretched across Micron’s whole business, which includes chips in smartphones, PCs and memory for vehicle and industrial uses.
The memory Micron makes has long been the most prone to the booms and busts that have defined the chip industry for decades, and it doesn’t bode well for the broader industry.
Nvidia’s warning Monday is another solid data point that tracks with what Micron said. Sales of Its graphics chips for video games are expected to drop by roughly a third. Nvidia noted that its data center chip sales were short of its expectations, but blamed supply chain disruptions.
“The significant charges incurred in the quarter reflect previous long-term purchase commitments we made during a time of severe component shortages and our current expectation of ongoing macroeconomic uncertainty,” Nvidia CFO Colette Kress said in a statement.— Max A. Cherney (email | twitter)
The disclosure of a previously unknown "zero-day" vulnerability is never a fun time for cybersecurity and IT teams. Unfortunately, the use of zero-days by attackers is only continuing to get worse, a growing number of security researchers warn. This week, VMware released a new survey of incident response professionals, which found that 62% had encountered a zero-day over the previous 12 months — a sizable jump from 51% a year ago.
The report follows other findings along the same lines, such as the reports by CrowdStrike and Unit 42 (a part of Palo Alto Networks) that each showed attackers are moving ever faster to exploit new vulnerabilities once they're disclosed. Tom Hegel, a senior threat researcher at SentinelOne, recently told me that hackers working for the Chinese government are especially adept at this. They’re now scanning for zero-day vulnerabilities “the second they pop up online," he said.
The bottom line, as the Unit 42 researchers point out in their report, is that the "time to patch is getting shorter." While organizations may have been accustomed to having more time for patching in the past, now they "need to ramp up patch management and orchestration to try to close these known holes as soon as possible.”
President Joe Biden signed the Chips Act into law at a White House ceremony attended by a number of semiconductor industry executives.
Cloudflare disclosed that it seems to have been hit by the same phishing attack as Twilio, though the web security provider says it thwarted the attack.Avaya has “substantial doubt” about its ability to continue operating, after the cloud communications provider took out $600 million in debt and slashed earnings by more than 60%.
Chip shortage could undermine national security: To ensure American security, prosperity and technological leadership, industry leaders say the U.S. must encourage domestic manufacturing of chips in order to reduce our reliance on East Asia producers for crucial electronics components.
Thanks for reading — see you tomorrow!