ARM CEO challenges the tech industry to build an immune system to prevent a cyber pandemic

0 1

By Matthew Griffin Security and Privacy 10th November 2017

WHY IT MATTERS

Over the coming decades trillions of devices will become smart and connected and, unless companies and individuals come together to tackle the issue, we could be heading for a cyber security armageddon

Cyber security today is bad, very bad, and as we all buy more devices, and as more devices and things become connected it’s only going to get worse, and the risks are increasing dramatically all the time. That’s why, according to many, it’s time for the tech industry to step up and take responsibility for protecting the devices they make, and, by association, the people that use them.

This was the message delivered by ARM CEO Simon Segars to ARM developers attending the annual ARM TechCon in Santa Clara, California the other week.

The theme of security permeated the event, with ARM announcing its Platform Security Architecture, a set of architecture specifications and open source firmware aimed for use in the IoT, along with a programmable security core. But Segars and other speakers made it clear that this concern about security wasn’t just about what ARM is doing.

Segars proselytised and showed off what ARM is calling a Security Manifesto, urging the tech industry to accept the fact that it has a social contract with users, that security is a collective industry responsibility and that security systems have to allow for human error.

The manifesto also states that security must be a primary design consideration from the beginning, an approach cybersecurity experts have been beating the drum about for a long time now.

“It’s not just a software problem,” Segars said, “if we can do more in hardware, if we design things with the assumption that a compromise is going to happen, we can make the [security] software simpler.”

Segars also said the makers of connected products have to take ownership for security for the lifetime of the product.

In the auto industry, he pointed out “you read all the time about recalls, so you know that the car company is taking some responsibility for your safety after you’ve driven off the lot. As imperfect as that is, at least there is an onus on the company that sold me the car to look after that,” then he continued, “the tech industry is not like that. In very few cases does anybody who sold you an electronic product take responsibility for it. That has to change and it has to change very soon, because as we go into the world of IoT, the threats explode tremendously.”

“When everything is a connected, it is an opportunity for a bad hacker,” he said, adding that hackers recently even attacked a connected fish tank, killing the fish, “I’d like all of you to join us in committing to making electronic products safer than they are today,” he urged.

In Segars words he wants the tech industry to think of protecting against security hacks not so much as building a wall that locks hackers out, but as building an immune system that fights infections.

“These devices are alive,” he said, “and electronic threats are alive in the same way biological threats are alive, they are constantly adapting to new conditions.”

The kind of cyber immune system he then went on to describe would use intelligence in the devices themselves, in the network, and in the cloud to spot when something is wrong, to quarantine it so it doesn’t damage other systems, and to heal it by triggering a firmware update or other patch, in most cases, without the user of the device having to do anything. Companies would have to work together to spot and counteract threats.

While Segars focused on what the industry can do against cybercrime, he clearly didn’t want to oversell the power of technology to fix the problem, adding that users should also take more responsibility for their own security.

People, he indicated, need to do better holding up their end of the social contract, that is, spotting when they are about to be manipulated by hackers and not falling for it, or at least not falling for it quite as often as they do today.

You can download ARM’s Security Manifesto, as well as detailed explanations of ARM’s concerns and vision from Segars and other executives, here.

Matthew Griffin / About Author

Matthew Griffin, described as a "Walking encyclopaedia of the future" by NASA and a futurist polymath, is one of the world's most renowned futurists and strategic foresight experts. A serial entrepreneur Matthew is the Founder and Futurist in Chief of the 311 Institute, a global Futures and Deep Futures advisory firm working across the next 50 years, XPotential University, the world's first free futures and foresight university, and the World Futures Forum which works with the United Nations to solve the worlds greatest challenges. 13 times author of the Codex of the Future series, Matthew is an in demand international keynote, acclaimed university lecturer, and host of the hit Fanatical Futurist podcast.

A rare talent in his past Matthew helped build and run several multi-billion dollar business units for Atos, Dell-EMC, and IBM, and his ability to identify, track, and explain the impacts of hundreds of emerging technologies and trends on global business, culture, and society has earned him a powerful reputation and a roster of clients that include royal households, world leaders, G7, G20, and G77+ governments, and many of the world's most respected brands including ABB, Accenture, Adidas, AON, ARM, BCG, Centrica, Citi Group, Coca Cola, Dentons, Deloitte, Disney, EY, KPMG, Lego, Legal & General, LinkedIn, Microsoft, Pepsi Co, Qualcomm, RWE, Samsung, T-Mobile, UBS, VISA, and many others. He was also the only futurist invited to talk at the UN COP28 held in Dubai alongside world leaders.

Regularly featured in the global media including the AP, BBC, Bloomberg, CNBC, Discovery, Forbes, Khaleej Times, Telegraph, TIME, ViacomCBS, WIRED, and the WSJ, Matthews mission is to help organisations create a fair and sustainable future whose benefits are shared by everyone irrespective of their ability, background, or circumstances.