Much has been said lately about the vulnerability of key infrastructure to “hacking” from the Internet. Here’s a rather simple idea. Intel could produce a chip with a modified instruction set. It is still the regular Intel CPU that does all the things a regular CPU does, just that at the machine language level, it’s instruction set has been scrambled. What this means is that a binary from a “civilian” machine would not be able to run on the “hardened” machine. There would be no way for a virus to move from one to the other. You could break in and put your malware there, but it wouldn’t run.
Sure, someone could create a program that would run on that chip, but they would have to deliver it directly. It wouldn’t be able to spread from machine to machine and find its way to the target. It would make it very hard for code to “accidentally” find a target system by simply spreading through the computer ecosystem. It would be like having carbon-based life and silicon-based life. What is food to one is a rock to the other.
It would be pretty simple to do, just change the microcode. It wouldn’t take any physical changes in the die but they could do that, too. Change some pins around so a “hardened” CPU won’t even work in a “civilian” motherboard. In fact, it could be wired so that plugging one in to a “civilian” mother board (or vice versa, the plugging of a civilian CPU into a “hardened” motherboard) would produce a rather spectacular result. Considering the number of CPUs purchased by utility companies and government, it would seem that there would be sufficient market to warrant doing this. All of the regular software would be available, one would simply have to compile the operating system on that processor type, but malware from “civilian” hosts would just plain not run on a “hardened” host. The “hardened” CPUs could be controlled in distribution, not sold to the general public, banned from export, made only inside the US, etc.