The government today announced that it will invest £36 million in a fresh partnership with ARM to develop a new chip design that will protect devices from cyber attacks and will foil hackers' attempts at remotely taking control of computer systems.
In March last year, the government introduced its first Security By Design Report in collaboration with the National Cyber Security Centre (NCSC) and industry specialists. The purpose of the report was to call for IoT device manufacturers to take greater responsibility to implement security mechanisms in their products.
The report outlined 13 steps to improve the security of consumer IoT devices that included the eradication of default passwords, making it possible for consumers to delete their personal data stored in IoT devices, making devices resilient to outages, and updating software automatically with clear advice for consumers.
Earlier this year, to demonstrate its seriousness towards the security of IoT devices, the government promised to invest up to £70 million through its Industrial Strategy Challenge Fund to support research into the infusion of security and protection solutions into hardware and chip designs at the development stage.
At the same time, the government also promised to invest a further £30 million to ensure the safety and security of Internet-connected smart devices, 420 million of which would be deployed across the UK within the next three years.
The additional £30 million investment will also be used as part of the government's Ensuring the Security of Digital Technology at the Periphery programme and will be used to ensure the safety and security of IoT devices and in finding solutions to combine cyber and physical safety and security with human behaviour, influence new regulatory response and validate and demonstrate novel approaches.
Morello chip design will require up to £50 million in investments
Earlier today, the government announced that it is investing £36 million in a new partnership with ARM to develop a new chip design that will protect devices from cyber attacks and will foil hackers' attempts at remotely taking control of computer systems.
"Cyber-criminals operate in the shadows, with the severity, scale and complexity of breaches constantly evolving. It’s critical that we are ahead of the game and developing new technologies and methods to confront future threats, supporting our businesses and giving them peace of mind to deliver their products and services safely. Investing in our world-leading researchers and businesses to develop better defence systems makes good business and security sense," said Business Secretary Andrea Leadsom.
The investment is part of the government's Digital Security by Design initiative and is backed by the Department for Business, Energy & Industrial Strategy, the Department for Digital, Culture, Media & Sport, Home Office, UK Research and Innovation, The Rt Hon Andrea Leadsom MP, and Matt Warman MP.
Commenting on the partnership, ARM said that the new £36 million investment by the UK government will be used to develop the Morello Board, a prototype hardware that will enable industry partners to assess the security benefits of a range of prototype architectural features in real-world scenarios.
"Creating the Morello prototype board commits Arm to more than £50 million worth of engineering and research. The ultimate goal is to design a new Arm-based platform that will make it far harder for bad actors to take full control of a computer system- even if they manage to hack it," the company said.
The Morello prototype board will enable ARM to create a new chip design with "compartmentalisation approach" that ensures the isolation of different parts of critical code in individual ‘walled’ areas, with no access to any other area. This will ensure that even if a hacker infiltrates one piece of the code or data, the hacker will be unable to access other pieces of the software.
Ensuring the visibility of digital assets needs to be the first priority
Ilia Kolochenko, founder and CEO of ImmuniWeb, says that while such government-led cyber security initiatives will ensure that the UK will likely remain the European centre for cyber security, the time UK businesses may require to migrate to new hardware platforms will be quite long, thereby enabling cyber criminals to enjoy immunity for the time being.
"Most of the successful attacks nowadays are caused by incomplete or outdated inventory of digital assets. A vast majority of businesses in the UK and abroad do not know where exactly their data is stored, how many applications or APIs they have or how many mobile devices are connected to their internal networks.
"That is a root cause of the problem, and deserves urgent attention and mitigation. Therefore, I’d urge investing in a supplementary cyber security initiative that's aimed at bringing visibility of data and assets to UK businesses," hee adds.