What’s inside your computer? One of the most recognizable marketing slogans throughout the 1990s was “Intel Inside.” It helped to elevate the Intel brand and drive demand for PCs with Intel processors as the company faced increased competition from rival AMD. The CPU, however, is just one of many components inside of a PC. Globalization of technology design, manufacturing, and distribution make it challenging to know what’s really inside your computer, but privacy and security concerns make it essential. That’s why Intel has now launched the Compute Lifecycle Assurance Initiative to provide greater supply chain transparency.
The Value of Supply Chain Transparency
What do we mean when we talk about the supply chain? The Wikipedia entry for “Supply Chain” describes it, “In business and finance, supply chain is a system of organizations, people, activities, information, and resources involved in moving a product or service from supplier to customer. Supply chain activities involve the transformation of natural resources, raw materials, and components into a finished product that is delivered to the end customer.” In a nutshell, it is everything that goes into converting raw materials to a finished product and delivering it to you.
The next question might be, “Why should we care about the supply chain?”
Well, consider romaine lettuce. People buy romaine lettuce from their local grocery store and use it in recipes and salads. They don’t need to know where it was grown, or how it got from the ground to the grocery store…until they do. It may seem silly to keep track of the supply chain for lettuce, until 100 people in 23 states suffer from eating lettuce tainted with E. coli. At that point, it suddenly seems very valuable to be able to track the tainted lettuce to its source, and to be able to warn consumers and recall lettuce from that source to prevent further infections.
Using an example related to technology, there is also a supply chain for an application. In 2015, Apple discovered over 4,000 apps containing malicious code as a result of being developed using an infected version of the Apple Xcode development environment. The platform—dubbed XcodeGhost, enabled attackers to insert malicious code into any app developed with the compromised tool.
It’s easy to focus on preventing contamination or compromise at the point of origin, or at the point of sale, but the supply chain is typically more complex than Point A and Point B, and leaves plenty of room for error or exploit.
Compute Lifecycle Assurance Initiative
When it comes to creating a laptop or desktop computer, the supply chain for the finished product can be quite extensive and complex. There are many components—the motherboard, processor, graphics processor, power supply, memory, storage, WiFi and/or mobile connectivity, and more. The computer that ends up on the desk or lap of a consumer has likely touched or been influenced in some way by multiple companies and countries—possibly dozens.
Companies and consumers need some way to verify the integrity of a system when making a purchase. They also need to be able to trace issues—whether malicious or inadvertent—back to the source, both to be able to address and resolve them, and to be able to determine what other devices might be affected so proactive action can be taken. Intel understands the importance of supply chain transparency—and the enormous challenges it poses—which is why the company has launched the Compute Lifecycle Assurance Initiative.
Leslie Culbertson, Executive Vice President and General Manager of Product Assurance and Security for Intel, explained in a press release announcing the Compute Lifecycle Assurance Initiative, “We have tackled big, complex problems like this before and we are doing it again. Intel has already taken several important steps toward supply chain transparency. We actively led and collaborated with the industry to influence policies and processes concerning the use of conflict-free minerals — not only for Intel products — but across the industry. In addition, we have already developed a set of policies and procedures at our own factories to validate where and when every component of a server was manufactured. These examples represent an important beginning, and there is more that can be done.”
The Intel initiative focuses on four key stages of the compute lifecycle: Build, Transfer, Operate, and Retire. According to the press release, Intel commits to the following objectives for the coming year:
- Invest in tools and processes that improve the integrity of Intel computing products across every lifecycle stage, building on the Transparent Supply Chain tools we have today.
- Contribute best practices, learned from our decades of experience, for the collection, measurement, stewardship and reporting of platform data to meet our customers’ evolving needs.
- Collaborate with the ecosystem to develop innovative ways that enhance access to platform data while maintaining confidentiality of that data across the platform lifecycle.
More importantly, Intel has issued an invitation to the community at large to join the effort. Unlike the “Intel Inside” marketing campaign, the Compute Lifecycle Assurance Initiative is not intended to promote the brand. The goal is to improve supply chain transparency for the broader ecosystem, and to build a more secure and more trustworthy environment for everyone.