Supporting the UK in becoming a leading global player in cybersecurity

By the turn of 2019, Arm technologies had shipped in more than 130 billion silicon chips, making the Arm architecture the most widely-deployed advanced instruction set ever. It’s a constant source of pride, especially for me as chief Arm architect, as there really isn’t a sector – business, industrial or consumer – that Arm chips aren’t deployed in today.

But, as we all know, you’re only ever as good as your next project - so it’s vitally important for us to remain as focused on Year 29 as we were on Year 1. That is particularly true when it comes to security. It never leaves me that the digital world that gives us so much is under constant threat from criminals and other foes looking to do us harm. And with 130 billion chips to care about, you can trust me that my colleagues and I at Arm feel the weight of our responsibility.

Working with the British Government to enhance Cybersecurity

The threat to the security of digital systems is constantly-evolving, and Arm has been working with British Government-backed UK Research and Innovation (UKRI) on efforts to enhance homegrown cyber resilience. Its efforts are focused on a Digital Security by Design project backed by UKRI’s Industrial Strategy Challenge Fund. The project is the result of a combination of the best practice approaches to security laid out in the Digital Security by Design review in 2018, and extensive discussions with broader industry, academia and government.

Today the project got a major boost with £70million of new Government funding. The intention is to now match-fund that money with additional investment from the UK technology sector.

Arm is fully supporting UKRI’s push on security as it will catalyze research by the UK’s top computer engineering departments and, in partnership with industry, turn advanced security ideas into commercially-deployable technologies more rapidly. Ultimately, we will see a range of  new industrially-led projects making use of the research to prove potential new advanced technologies are viable, and valuable, in real-world systems.

Arm’s role

Arm is already contributing to the UKRI drive and we have been working with the University of Cambridge to bring concepts from its CHERI project into the Arm architecture to deliver demonstrable security benefits. CHERI technology offers the potential to derive formally-proven security properties of the memory system, addressing basic spatial memory safety which is a root cause of many existing security exploits. CHERI technology also goes further and has the potential to become a building block for far finer-grained security compartmentalization of software, enhancing the protection that is typically achievable in commercial computing systems today. Ultimately, compartmentalization can make future systems inherently more robust against known attacks and so-called Zero Day attacks we may face in future.

You can read more about Arm’s ongoing approach to cyberthreats in our latest Security Manifesto published in October 2018. As well as broader thinking industry-thinking, we talk about the role of AI in enforcing stronger device security at the chip level, and how we must think about security in its entirety – not just at a point in time or at a particular layer in a hardware or software stack.

Further underpinning what Arm is doing, and the thinking of the British Government, is the Platform Security Architecture (PSA). The PSA was launched by Arm in 2017 and is a series of guiding principles we set out to help foster greater understanding of how products, particularly connected IoT products, can be built securely. You can read more about PSA on arm.com and you’ll hear more about its evolution over the next few months. Again, I can’t say more about that at the moment.

Now the UK Government has taken this stronger position on security, it is up to industry to show support. That will mean putting in money and resource and it is in all of our interests to do the right thing. There’s no time like acting today but with security you should actually be acting yesterday.

Anonymous