July has been a busy month for the Digital Security by Design team. Events have played a large part in our activities; both attending events and organising our own.
On 20th July, Digital Security by Design were represented at the AESIN Security Conference, speaking to delegates about the opportunities for the future with DSbD Technology, and the potential to get involved now with a prototype Morello Board through the Technology Access Programme (www.DSbD.tech). The conference provided insight into the latest thinking and experiences from leading cross-industry players, considering topics such as skills requirements, digital trust, secure architecture and more.
Peter Davies, Director Security Concepts at Thales highlighted at the event that the single biggest reason for recall in the automotive sector is “complexity”. With cyber sitting among this theme, continuing as we are in cyber in the automotive sector could lead to exponential growth of these recalls, costing millions. With the acknowledgement of the growing need for cyber expertise, it was suggested in one report that as many as 500,000 software engineers would be required in automotive alone. A number that size was acknowledged to be unattainable both in terms of costs for the sector and in terms of the skills gap that already exists. Something more is needed, including new technology to take some of the strain that the sector will be under. DSbD technology is available for organisations to start exploring to understand if this world changing technology could become that something.
In September, DSbD will be hosting a couple of events:
Monday 5 September 2022, 11.30 – 12.30pm BST
Technology Access Programme Funding Opportunity: Live briefing and Q&A
Join this live Q&A webinar for the opportunity to find out how your organisation could receive £15,000 in funding from the Digital Security by Design programme and gain access to the cutting-edge Arm Morello board incorporating CHERI architecture. Through the Digital Security by Design Technology Access Programme, UK-based companies can use these technologies to uncover security vulnerabilities in their own systems before they become a problem and provide findings that could influence the design of future computer systems. You can register here.
Tuesday 6 September 2022, 10:00am – 18:00pm BST
CHERITech22: King’s College London, Edmond J. Safra Lecture Theatre, King’s Building, Strand Campus, London, WC2R 2LS
The UKRI Digital Security by Design (DSbD) government-led programme is working to create an ecosystem around the adoption of CHERI concepts to significantly increase the protection of next-generation products and services from cyber-attack. CHERITech22 is a workshop providing a venue for technical discussion around CHERI infrastructure of all kinds, including hardware, software, and verification. The focus is to bring together people working on or interested in CHERI technology, and to share existing work and future ideas to develop the CHERI ecosystem. Attendance is free and lunch and refreshments are provided. Learn more here.
There have been some big cyber stories in the news this month too. An ITV News investigation into cybersecurity at public services has revealed an enormous disparity in defence budgets, hundreds of potential website vulnerabilities and the email addresses and passwords of staff at one council posted in full online. These services are crucial for the smooth running of day-to-day life in Britain and hold swathes of your sensitive data. Exclusive figures show that one council in Britain is spending just £32,000 a year on cyber security. In comparison, another council – with a smaller population – has an annual budget of £1,000,000, a difference of more than 30 times. One hospital sets aside just £10,000 a year towards cyber security. The names of the public institutions involved are being withheld, to avoid turning them into targets.
Professor John Goodacre, Challenge Director, Digital Security by Design, UK Research and Innovation shared his thoughts on this investigation. “Unfortunately, we live in a world where people make mistakes when using computers and from bugs in the application itself. Together these create vulnerabilities that can be exposed through even the most stringent cyber defences, which also suffer such vulnerabilities. Neither individuals, industry or business can do much about the software vulnerabilities in computers other than race to apply patches after they have become known, and potentially exploited, and attempt to stop data loss or systems being held to ransom.
For years around 70% of the ongoing reported software vulnerabilities are due to bugs in the way software works. The UK government is supporting industry and academia through the UKRI Digital Security by Design programme (DSbD) to introduce new fundamental hardware technologies that can block software vulnerabilities from exploitation. This latest research from ITV again amplifies the need that every user of a computer must maintain the best cyber practices and ensure all their software is fully patched to reduce the risk that any vulnerability is exposed to exploitation. Developers need to now consider how their adoption of the DSbD technologies can help protect users by design and relieve the whole of society from the unsustainable race to patch.”
Follow Innovate UK