Interview Gérald Kugler, HP: “Endpoint devices contribute to enterprise resilience”

What role does a player like HP play in the cybersecurity industry today?

HP is a designer and manufacturer of personal computers, printing and video conferencing solutions, and more. Our vision is that these « endpoint » devices must participate in the company’s resilience. Starting with their design, they must play an active role in the overall protection of organizations. Indeed, there is a lot of embedded intelligence in these devices that can be diverted from their primary use.

Moreover, we are in line with the mindset of new European directives such as the CyberScore or the Cyber Resilience Act, which emphasize the resilience of equipment and the supply chain.

Are printers prime targets for cybercriminals?

Today, they may not be « first in line » but they are still in the top tier of targeted devices. If we look at the design of a printer, we see that it has a processor, a memory, network services… I usually say that a printer is a computer like any other. It can therefore be a target for cybercriminals, and there have already been cases of misuse: for example, we saw this at the beginning of the war in Ukraine, with the distribution of propaganda through printers.

At HP Labs, our cybersecurity researchers work in a very generic way. When implementing detection and protection measures, they do so on printers, computers or workstations, without any distinction. They look at what protections need to be made on all types of endpoints, holistically, and that includes printers.

Do you make your customers aware of the security of their devices?

Whenever we work directly with companies, with major accounts for example, we proactively propose to organize workshops with their IT and security teams. We then provide them with all our recommendations on the subject, because sometimes customers don’t think about securing this part of their information system.

We also offer risk assessment services, with recommendations that are adapted to the customer’s needs, as well as services and governance to ensure that the printing equipment remains secure throughout the contract.

What does it mean to secure a printer?

Securing a printer means securing the BIOS, the firmware, the memory, the system… We secure . We begin with the sub-OS, i.e. from the BIOS and the hardware, and we perform integrity checks with self-healing mechanisms. We work on the system and above the system, always applying the same logic.

We pay a lot of attention to the sub-OS layers. This is because attacks on the BIOS and firmware are particularly delicate, as they cannot be detected by antivirus software. Protecting these components is therefore a strategic issue, which is why HP does it natively.

Today, we are witnessing a growing sophistication of equipment and an increase in connected objects. How can we adapt to these changes in terms of security?

By implementing « by design » protection mechanisms, i.e. directly built into the equipment. This is the best protection available. For example, it avoids relying on third-party components or software.

We do not add antivirus software to our printers, because if we did, there would be a degree of dependence on a supplier that we do not necessarily control. Instead, we reintegrate a maximum number of elements into the machine as a default. We talk about « resilient hardware » because the devices have the ability to protect themselves and repair themselves in the event of an attack.

How do you take into account the increasingly open environments of companies?

It is true that our equipment is increasingly exposed due to the growing openness of customer environments. Cloud usage is becoming more widespread nowadays and more and more employees work from home where they are connected to their personal Internet network…

Given this context, we integrate secure default protocols and configurations. We protect connections and communications to the outside world, in particular with the implementation of TLS for secure connections and data encryption with AES-256. We can check and apply security policies through the Internet. The printers used at home are therefore guaranteed to have the same level of security as those located inside the company.

Concerning the services we provide online, such as the automated ink supply, we apply the Zero-Trust principle. We can only establish a connection if we have previously authorized the machine, with its serial number and a set of related parameters, to connect to the service.

We have also certified the security of the supply chain of machines and consumables to protect against attempts at intrusion or corruption over the entire product life cycle: design, supply, assembly, transport, use and end of life.

What measures do you implement against ransomware?

Printers are fairly insensitive to the risk of ransomware because there is no direct user action on the system, and the application interfaces that are enabled are protected. This is not the case for PCs. To counter ransomware, we have integrated protections in the form of micro-virtualization.

We have a feature called HP Sure Click, a micro-virtualization mechanism. Documents, attachments, web pages are not opened immediately but are isolated from the system through virtual micro-machines created on the fly.

If malware is triggered, it is contained in this micro-VM and has no access to the system or the network. When the user closes the document, it destroys the micro-VM and thus the malicious code.