Since the 1970s, there has been an ongoing challenge regarding the security of computer systems: fast forward to the present the underpinning memory access architecture remains unchanged despite well-documented vulnerabilities and flaws. The results speak for themselves: 300 million+ of devices globally were subject to ransomware in 2021, principally hitting healthcare providers. With cybersecurity breaches costing businesses an average of £8,460, they also impact the lives of users. The 2017 Wannacry ransomware attack, for example, affected a third of NHS trusts and led to the cancellation of approximately 7,000 appointments – while in 2018, some 40,000 Ticketmaster customers had their credit card details stolen. Reality has shown that such attacks are increasingly a result of software bugs that expose systems and data to various exploitations.
Digital Security by Design
Now, underpinned by influential figures in industry and outstanding technical capabilities, the Digital Security by Design (DSbD) programme is trying to change this. In fact, the technology being developed as part of the programme could help stop around two-thirds of cyber-attacks. DSbD is a UK government-backed initiative – involving Digital Catapult, alongside partners including Arm and the University of Cambridge – geared at building a more secure foundation for a safer digital future. Through collaboration between academia, industry and government, new capabilities such as novel chip architectures will make future devices resilient to memory corruption and other forms of software-based exploitation in which only expected access to data is permitted, whilst limiting vulnerabilities. DSbD provides a new and unique opportunity to develop novel systems and software implementations designed to address memory safety vulnerabilities. DSbD technologies also enable scalable software compartmentalisation, which in its principle isolates different parts of critical code into individual ‘walled’ areas so that potential breaches to single pieces of code leave other areas unaffected.
Technology Access Programme (TAP)
Through its Technology Access Programme (TAP), DSbD is already giving companies access to state-of-the-art prototype technology: CHERI – an Instruction-Set Architecture (ISA) extension and protection model developed by the University of Cambridge – and Arm’s System on Chip and associated Morello Development Board with software tooling and technical guides to experiment with core capabilities. Organisations of the first TAP cohort have been testing and evaluating these technologies within their own businesses and providing findings that could influence the design of more secure computer systems. They have access to the technologies, prototype hardware, technical guides, industry and technical mentors to support an experimentation period with the DSbD technologies within their own organisations. Companies of up to 250 employees are eligible for £15,000 to support their experimentation period. For example, full stack software solution provider for IoT devices, Ioetec, investigated whether Morello could act as a tool to secure and authenticate sensor devices, before transmitting data to central servers. Mike Faulks, CTO & co-founder of Ioetec said: “We worked on the CHERI emulator programme to see the differences in the physical system. As IoT experts, we see the DSbD offering as beneficial for industry. Our initial motivation for joining the programme was to improve our general knowledge of future cyber security solutions, to evaluate Morello as a hardware platform for a secure IoT gateway and to learn lessons from CHERI Architecture to improve our existing software. We have now gained a greater appreciation of the easy-to-make software errors that can lead to cyber-attacks.”
Join the security revolution
Cybersecurity attacks represent a major threat to all industries underpinning our economy, and until we can successfully change the way computer systems are designed – keeping digital security at the front of mind – we’ll continue to suffer the consequences.Your organisation could have a chance to make history by being one of the first to test these cutting-edge technologies that promise to bring about a step change in the way we build and protect our computer systems. To register your interest and be notified when the next programme intake opens click here.