WHY IT MATTERS
Over the coming decades trillions of devices will become smart and connected and, unless companies and individuals come together to tackle the issue, we could be heading for a cyber security armageddon
Cyber security today is bad, very bad, and as we all buy more devices, and as more devices and things become connected it’s only going to get worse, and the risks are increasing dramatically all the time. That’s why, according to many, it’s time for the tech industry to step up and take responsibility for protecting the devices they make, and, by association, the people that use them.
This was the message delivered by ARM CEO Simon Segars to ARM developers attending the annual ARM TechCon in Santa Clara, California the other week.
The theme of security permeated the event, with ARM announcing its Platform Security Architecture, a set of architecture specifications and open source firmware aimed for use in the IoT, along with a programmable security core. But Segars and other speakers made it clear that this concern about security wasn’t just about what ARM is doing.
Segars proselytised and showed off what ARM is calling a Security Manifesto, urging the tech industry to accept the fact that it has a social contract with users, that security is a collective industry responsibility and that security systems have to allow for human error.
The manifesto also states that security must be a primary design consideration from the beginning, an approach cybersecurity experts have been beating the drum about for a long time now.
“It’s not just a software problem,” Segars said, “if we can do more in hardware, if we design things with the assumption that a compromise is going to happen, we can make the [security] software simpler.”
Segars also said the makers of connected products have to take ownership for security for the lifetime of the product.
In the auto industry, he pointed out “you read all the time about recalls, so you know that the car company is taking some responsibility for your safety after you’ve driven off the lot. As imperfect as that is, at least there is an onus on the company that sold me the car to look after that,” then he continued, “the tech industry is not like that. In very few cases does anybody who sold you an electronic product take responsibility for it. That has to change and it has to change very soon, because as we go into the world of IoT, the threats explode tremendously.”
“When everything is a connected, it is an opportunity for a bad hacker,” he said, adding that hackers recently even attacked a connected fish tank, killing the fish, “I’d like all of you to join us in committing to making electronic products safer than they are today,” he urged.
In Segars words he wants the tech industry to think of protecting against security hacks not so much as building a wall that locks hackers out, but as building an immune system that fights infections.
“These devices are alive,” he said, “and electronic threats are alive in the same way biological threats are alive, they are constantly adapting to new conditions.”
The kind of cyber immune system he then went on to describe would use intelligence in the devices themselves, in the network, and in the cloud to spot when something is wrong, to quarantine it so it doesn’t damage other systems, and to heal it by triggering a firmware update or other patch, in most cases, without the user of the device having to do anything. Companies would have to work together to spot and counteract threats.
While Segars focused on what the industry can do against cybercrime, he clearly didn’t want to oversell the power of technology to fix the problem, adding that users should also take more responsibility for their own security.
People, he indicated, need to do better holding up their end of the social contract, that is, spotting when they are about to be manipulated by hackers and not falling for it, or at least not falling for it quite as often as they do today.
You can download ARM’s Security Manifesto, as well as detailed explanations of ARM’s concerns and vision from Segars and other executives, here.