Timeline of a crisis: Intel's security meltdowns

How an industry-wide cyber flaw became an Intel scandal

January 1

Microsoft, Amazon, and Google could be affected by a cybersecurity risk, according to tech blog Python Sweetness, which found an "embargoed security bug" will impact most processors. 

January 2

Tech blog The Register claims every Intel processor produced over the past 10 years has a "fundamental design flaw," leaving computers and phones vulnerable to hacking.

The fix being discussed would slow down performance. 

January 3

A website is launched by researchers from Google and academic institutions discussing vulnerabilities affecting processors: Meltdown, which affects Intel, and Spectre, which affects Intel and competitors Advanced Micro Devices, and ARM.

Intel admits there are security flaws. ARM addresses the concerns in detail, while AMD says its chips won’t be impacted. 

January 4

Three class-action lawsuits are filed against Intel, alleging "deceptive practices, breach of implied warranty, negligence," and other things. Intel says it will have 90% of affected chips fixed by next week.

After relative silence, Apple admits its devices were impacted. 

January 5

Intel’s stock is down more than 5%, while AMD’s shares are up 10.4% during the same period, according to CNBC and Quartz. 

January 7

CEO Brian Krzanich faces increasing scrutiny for selling about $39 million in Intel stock last November. The company insists that sale was part of a trading plan unrelated to the security flaws. 

January 8

In the lead-up to Krzanich’s keynote address at CES 2018, Bloomberg reports the Securities Exchange Commission may investigate his sale because of its size. 

January 9

Sens. Jack Reed (D-RI) and John Kennedy (R-LA) write to the SEC and Justice Department asking them to investigate Krzanich for insider trading. There are no reports of data being accessed.

Microsoft confirms the patches to fix Meltdown and Spectre drive down performance. 

January 10

Reuters reports some of Intel’s clients are exploring the possibility of using chips from AMD and ARM.

A week later, AMD faces lawsuits. 

January 23

Intel hired Sard Verbinnen & Co. for crisis support, according to media reports. The agency’s contact information is listed in a January 11 open letter from Krzanich. 

February 16

Intel faces 32 lawsuits from shareholders and customers for security risks in its chips. 

February 22

Intel failed to inform U.S. cybersecurity officials of Meltdown and Spectre until they leaked to the public, according to Reuters. Other media outlets describe the effort as Intel "intentionally hiding" the flaws, or keeping security agencies in the dark. 

Conclusion 

Miss

Intel ceded ground to competitors AMD and ARM, cementing its image as a cyber-prone company in the mind of the public. 

Takeaways 

1. Cyber attacks are complex issues. Sometimes, less communication is necessary. But once you can talk to the public, make sure you communicate clearly and often, especially to counter your competitors’ messages. 

2. CEO behavior reflects a company’s values. They should discuss not only how the company addresses a crisis, but also personal scandal.


Letter to the editor: In your April issue, PRWeek published a timeline of events following disclosure of the security exploits known as Spectre and Meltdown. Most of the article focused on Intel’s response, followed by a recommendation that companies "communicate clearly and often." Intel agrees – and that is exactly what we have done.

As just one example, during the period in your timeline, our blog posts, open letters, and statements on these security issues outnumbered all other events listed combined. Unlike other crisis timelines PRWeek has published, however, you omitted virtually any mention of Intel’s public communications during this period. This selective, inconsistent editing leaves the impression Intel was unresponsive, when nothing could be further from the truth.

Intel takes its commitment to security very seriously. We also recognize that when we face challenges, it is critically important that we keep our customers, partners, employees and the general public informed and up to date.

Beyond our direct communications and efforts with our customers and partners, Intel established a dedicated web page in early January that remains prominently featured on Intel.com. This website offers a number of resources, including FAQs, white papers, and more. It also lists in detail the public communications we have issued, starting on January 3. This includes an open letter from our CEO Brian Krzanich, who penned a security-first pledge centered around (1) customer-first urgency, (2) transparent and timely communications, and (3) an ongoing security assurance. 

We are staying true to that security-first pledge and, for us, it is not a singular event. It is a long-term commitment. Though we have now completed release of microcode updates for Intel microprocessor products launched in the last nine-plus years that required protection against Spectre and Meltdown, our work is not done.

Between our direct communications efforts with customers and partners, our public education campaign, and our continuous engagement with journalists, we will continue our focus on transparent and timely communications. As Brian said in his most recent post, that is what you can – and should – count on from Intel.

-Laura Anderson is VP and GM of global communications at Intel

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register
Already registered?
Sign in