Francillon seems very dismissive of the risk, citing his "castle walls", but there's a flaw in his thinking, partially described in the article. Francillon seems to anticipate adversarial traffic only flowing in, not out. Sure, he can block packets before they ever reach CSME or PSP. But there are several embedded assumptions in there which are unsupported: that the behavior of these systems is known, auditable, or understood well enough to assume that they're not sending outbound communications as a covert C2 channel, and that attackers reaching in need to send packets directly to these systems, rather than surreptitious delivery mechanisms to the main OS that CSME and PSP can observe, like a certain WLAN name broadcast from a wireless radio, or certain device firmware being present, or even a specific targeted ad being served to a browser running in the main OS. The claim that these criticisms make the entire framework he designed worthless is obviously untrue, but it's also a strawman. The true claim isn't that it makes the framework worthless, but rather, it makes the framework incomplete. This is inconvenient for Francillon because it tasks him with addressing a class of problem that may be partially possible to detect, but impossible to solve, in practice. And you can't have a conclusion that there is an unsolvable problem, even if it's true.