Arm wants to wrestle industry into a seat on the's £70m hardware security train

We're taking it seriously, says chief architect

Arm has declared that it feels the "weight of our responsibility" as it jumps on board with's £70m plans to influence "hardware and chip designs" to enhance security.

The Digital Security by Design project is "a combination of the best practice approaches to security laid out in the Digital Security by Design review in 2018", which also gave us GCHQ's code of practice on IoT device security.

“With businesses having to invest more and more in cyber security, ‘designing in’ security measures into the hardware’s fabric will not only protect our businesses and consumers but ultimately cut cybersecurity costs to businesses,” said Business Secretary Greg Clark MP, in a canned quote announcing the move. The project is led by a government body, UK Research and Industry (UKRI).

Cambridge-headquartered Arm, while increasingly global in outlook following its buyout by Japan’s Softbank in 2016, is taking the initiative seriously. Its chief architect, Richard Grisenthwaite, said: "Arm is fully supporting UKRI’s push on security as it will catalyze research by the UK’s top computer engineering departments and, in partnership with industry, turn advanced security ideas into commercially-deployable technologies more rapidly."

He continued, referring to Cambridge University's Capability Hardware Enhanced RISC Instructions (CHERI) project, whose fruits are soon to be seen in Arm-architected chips: "CHERI technology offers the potential to derive formally-proven security properties of the memory system, addressing basic spatial memory safety which is a root cause of many existing security exploits... we must think about security in its entirety – not just at a point in time or at a particular layer in a hardware or software stack."

The "up to £70m" Digital Security by Design Challenge will be delivered by UKRI through the Industrial Strategy Challenge Fund, which we are told will be "subject to business case approval and match funding from industry". Similarly, the £30.6m "Ensuring the Security of Digital Technology at the Periphery" programme will be overseen by UKRI via its Strategic Priorities Fund.

The latter programme is targeted at IoT device security, with informing us all: "Effective solutions need to combine cyber and physical safety and security with human behaviour, influence new regulatory response and validate and demonstrate novel approaches. This will build on current investments including the PETRAS Internet of Things Research Hub and other activities supported through IoT UK."

Digital minister Margot James chipped in to add: "We're moving the burden away from consumers to manufacturers, so strong cyber security is built into the design of products. This funding will help us work with industry to do just that, improving the strength and resilience of hardware to better protect consumers from cyber-attacks."

A sum of "up to" £70m spread across different projects compares less than favourably with, for example, Intel's R&D budget of $13bn in FY2017/18. Nonetheless, Arm's Grisenthwaite concluded: "Now the UK government has taken this stronger position on security, it is up to industry to show support. That will mean putting in money and resource and it is in all of our interests to do the right thing." ®

Similar topics

Other stories you might like

  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading

Biting the hand that feeds IT © 1998–2022