Digital Security by Design: a revolution in the cybersecurity landscape

Digital Security by Design: a revolution in the cybersecurity landscape

Since the 1970s, there has been an ongoing challenge regarding the security of computer systems: fast forward to the present the underpinning memory access architecture remains unchanged despite well documented vulnerabilities and flaws. 

The results speak for themselves: 300 million+ of devices globally were subject to ransomware in 2021, principally hitting healthcare providers. With cybersecurity breaches costing businesses an average of £8,460, they also impact the lives of users. The 2017 Wannacry ransomware attack, for example, affected a third of NHS trusts and led to the cancellation of approximately 7,000 appointments – while in 2018, some 40,000 Ticketmaster customers had their credit card details stolen. Reality has shown that such attacks are increasingly a result of software bugs that expose systems and data to various exploitations.

Digital Security by Design

Now, underpinned by influential figures in industry and outstanding technical capabilities, the Digital Security by Design (DSbD) programme is trying to change this. In fact, the technology being developed as part of the programme could help stop around two thirds of cyber attacks.

DSbD is a UK government-backed initiative – involving Digital Catapult,  alongside partners including Arm and the University of Cambridge – geared at building a more secure foundation for a safer digital future. Through collaboration between academia, industry and government, new capabilities such as novel chip architectures will make future devices resilient to memory corruption and other forms of software-based exploitation in which only expected access to data is permitted, whilst limiting vulnerabilities. 

DSbD provides a new and unique opportunity to develop novel systems and software implementations designed to address memory safety vulnerabilities. DSbD technologies also enable scalable software compartmentalisation, which in its principle isolates different parts of critical code into individual ‘walled’ areas so that potential breaches to single pieces of code leave other areas unaffected.

Technology Access Programme (TAP)

Through its Technology Access Programme (TAP), DSbD is already giving  companies access to state-of-the-art prototype technology: CHERI – an Instruction-Set Architecture (ISA) extension and protection model developed by the University of Cambridge – and Arm’s System on Chip and associated Morello Development Board with software tooling and technical guides to experiment with core capabilities. 

Organisations of the first TAP cohort have been testing and evaluating these technologies within their own businesses and providing findings that could influence the design of more secure computer systems. They have access to the technologies, prototype hardware, technical guides, industry and technical mentors to support an experimentation period with the DSbD technologies within their own organisations. Companies of up to 250 employees are eligible for £15,000 to support their experimentation period. 

For example, full stack software solution provider for IoT devices, Ioetec, investigated whether Morello could act as a tool to secure and authenticate sensor devices, before transmitting data to central servers. Mike Faulks, CTO & co-founder of Ioetec said:

We worked on the CHERI emulator programme to see the differences in the physical system. As IoT experts, we see the DSbD offering as beneficial for industry. Our initial motivation for joining the programme was to improve our general knowledge of future cyber security solutions, to evaluate Morello as a hardware platform for a secure IoT gateway and to learn lessons from CHERI Architecture to improve our existing software. We have now gained a greater appreciation of the easy-to-make software errors that can lead to cyber attacks.

Join the security revolution

Cybersecurity attacks represent a major threat to all industries underpinning our economy, and until we can successfully change the way computer systems are designed – keeping digital security at the front of mind – we’ll continue to suffer the consequences.

Your organisation could have a chance to make history by being one of the first to test these cutting-edge technologies that promise to bring about a step change in the way we build and protect our computer systems. 

If you’re interested in joining the next TAP cohort, apply by 8th September 2022 here. 

In the next webinar Q&A session to be held on 5th September 2022, Arm, University of Cambridge and Digital Catapult will present information about the programme and brief organisations who might be interested in joining the Cohort. Details can be found here.

Jeremy Silver, CEO of Digital Catapult, said: “our unique combination of technology, industry, and innovation expertise will help tackle new market challenges associated with advanced technology adoption. Our Technology Access Programme’s first cohort had 10 businesses get hands on with groundbreaking cybersecurity tools from industry leaders – allowing them to build their organisational resilience and provide invaluable feedback to shape the security landscape of the future.

The benefits of DSbD are: 

  • lower cyber security costs with the production of scalable, secured, products and services; 
  • CHERI exposing vulnerabilities in existing legacy software providing the ability to retrospectively repair code;
  • increased research for the UK to become a world leader in cyber security; 
  • computer industry deployment of an advanced security architecture; 
  • development of new skills and jobs aligned with the new hardware and software; 
  • increased confidence and motivation for change across numerous industries.

 


You can follow updates @DSbDTech or via LinkedIn here  #DSbDtech

Follow Innovate UK

Twitter @innovateuk

Innovate UK on Linkedin

You can find out more about the Industrial Strategy Challenge Fund here

Delivered by Digital Catapult, funded by UKRI through the Digital Security by Design programme.