Keeping Security Algorithms Current Is Getting Harder
Original reporting by Semiconductor Engineering
The digital world’s security hinges on cryptographic algorithms, but these are no longer abstract lines of code. They are deeply embedded in the silicon itself, forming tamper-resistant blocks and secure execution environments across every layer of the semiconductor supply chain. This fundamental shift has transformed security from a software concern into a complex lifecycle challenge, spanning chip design, manufacturing, deployment, and decades of maintenance.
This complexity intensifies with fragmented supply chains, diverse device architectures, and vastly different update schedules. From individual processing elements in a multi-die assembly to the software running on them, ensuring synchronization and security across this intricate ecosystem is a monumental task. Experts emphasize that hardware IP blocks, integrated at design time, are relied upon throughout a device’s entire lifecycle. Yet, many systems still lack a built-in hardware root of trust and scalable update support, leaving them inherently vulnerable.
Embracing Agility Adding to this urgency are emerging threats, notably the specter of quantum computing. To preempt these future risks, hardware must be designed with cryptographic agility, robust roots of trust, and reliable update mechanisms from day one. This proactive approach, moving beyond reactive patching, is essential to keep systems defensible over their often decades-long lifespans, especially in sectors like automotive and military. The goal is to allow secure adaptation as standards evolve, preventing costly silicon re-spins and maintaining user trust in an increasingly hostile digital landscape.
The pervasive integration of security algorithms directly into silicon marks a fundamental shift in how trust is established and maintained across the technology landscape. No longer an abstract software concern, hardware-anchored security, cryptographic agility, and robust update mechanisms are now non-negotiable requirements spanning design, manufacturing, and decades of operational life. Addressing the fragmentation of global supply chains and the inconsistent update practices prevalent in IoT and embedded systems demands a holistic, lifecycle-centric approach where security is baked in, not bolted on.
Future Imperatives for Trust
This evolving paradigm carries profound implications for innovation, regulation, and national security. The impending reality of post-quantum computing, alongside growing government mandates like the EU's Cyber Resilience Act and NIST's push for comprehensive Bills of Materials, is transforming hardware security from a niche competitive differentiator into a foundational imperative for all digital products. Maintaining consumer and enterprise trust in an ever-more interconnected world hinges on the industry's collective ability to embed verifiable security from the ground up, ensure continuous, automated remediation, and manage complex update pathways, especially for long-lived devices. While the initial investment in secure design and robust update infrastructure can be substantial, the alternative — widespread breaches, compromised critical infrastructure, and a systemic erosion of digital trust — presents a far greater and unsustainable cost. The urgency now lies in accelerating the adoption of these best practices across the entire ecosystem, making secure, updatable hardware the default standard to safeguard our shared digital future against increasingly sophisticated threats.