Cybercrime costs the global economy an estimated half a trillion dollars a year in economic losses, ransom payments and dealing with the resulting chaos. But while the advantages of a fully-connected world vastly outweigh the threats, achieving a digital world anchored in security needs all companies to accept their share of the responsibility to create a foundation of trust. In effect, all companies need to sign up to the Digital Social Contract (Social Contract) that obliges them to protect users.
Social Contract adherence will require companies to go well beyond the legal language in their terms and conditions and regard robust security as a prerequisite in all design decisions. It will mean them taking full account of how people are likely to use their technology, not how they’d like them to use it. While the contract also places a duty of care on users to protect themselves by behaving responsibly, technology designers will always carry the major burden as we are the experts. It will require a swift departure from the mindset in which companies ship products with device passwords as simple as 12345 or PASSWORD, and consider that acceptable.
The subject of IoT security is fundamental to the IoT’s development. The Economist survey on commercial IoT adoption co-sponsored by us and IBM last year showed investment was continuing and many sectors were already in early scale deployment. But despite progress, the IoT is still immature and trust is being built. If, as technology industry companies, we consider ourselves architects of the connected device world, then we must also consider ourselves as architects of trust. This means treating the currency of the IoT – data, connectivity and control – as carefully as a national bank treats its currency. This is the focus of the Security Manifesto published today at Arm TechCon in Santa Clara.
We discuss how the technology industry can meet its Social Contract obligations and protect products over their design lifetime. The Manifesto authors assess the evolving threat and describe some of the advanced security features and directions Arm and others are considering.
We examine new silicon chip architectural paths that “compartmentalize” the central brain, the CPU, making it harder for an attack to spread. Also, we explore how the industry can use artificial intelligence running on devices rather than in the cloud to look for irregularities and learn the unique patterns of device users to improve security and authentication.
Another interesting concept is based on the creation of a network-wide immune system and health service. The idea, based on human biology, may only be 3-5 years from first rollout and it would see artificial intelligence used to assess and then target attacks. The system, like human white blood cells, would attack infections by reflex, and quarantine devices to ensure the wider network could continue operating.
If the immune system failed to cope, there would be an option to bring in more intensive health care services to rehabilitate devices or take them offline permanently.
Dr. Mary Aiken, the inspiration behind “CSI: Cyber” who advises international agencies on cybersecurity, supports the Manifesto. She offered insights into the rising risk and what she thought should be done about it
In her foreword, she writes:
Hacking is now ubiquitous, and perpetrators are engaging in complex global offenses targeting both individuals and businesses. The IoT only increases the opportunity to strike. We need to care more about the consumer and focus on the cyberpsychology of tech security. We need a human-centered approach that is mindful of how humans really use connected ‘things’.
So with cybercrime costing the world $500 billion a year, more than the individual GDP of all but nine countries, we must act – expecting the unexpected and launching counterattacks before we have been attacked. It is tomorrow’s issue but it must be tackled creatively today, and success can lead to a world where hackers are put out of business.
I invite you to download the IoT Security Manifesto using the button below and think about how you can join us in adhering to the Digital Social Contract to assure our future as companies and citizens of a data-driven society.
Download IoT Security Manifesto