This Week in Cyber: Dec 13th – 17th

Digital Security by Design

This week, the UK Government announced their new National Cyber Strategy. The strategy officially launched on Wednesday 15th December at the International Convention Centre in Birmingham. Stephen Barclay MP, Chancellor of the Duchy of Lancaster, set out the Strategy’s vision for the UK to be a leading responsible and democratic cyber power, able to protect and promote our interests in and through cyberspace.

Digital Security by Design was highlighted in the strategy, and will help to strengthen the UK’s position as a world leader in secure microprocessor design.

Digital Security by Design is also announcing £7.2 million in funding for four collaborative projects which will demonstrate the impact of new technologies. These projects will use the DSbD technology platform prototype, known as the Morello board, funded through the DSbD programme, and developed by a consortium led by Arm. This funding is also supported by the Department for Digital, Culture, Media and Sport.

Professor John Goodacre, Challenge Director for Digital Security by Design, said “I’m pleased to see that the importance of new technology being developed through Digital Security by Design has been recognised in the new National Cyber Strategy announced today. The DSbD Challenge Is a £200m collaborative initiative bringing together government, industry and academia to transform digital technology and create a resilient, and secure foundation for a safer future. These demonstrator projects are investigating how these technologies can benefit their business and further enhance the cyber security of living and working in the UK.”

 

Other DsbD funded projects include:

  • 100% IT based in Newbury will develop a demonstrator and supporting framework of development tools to help digital computing infrastructure to become more resistant to attacks, both in the UK and around the world. It will also develop innovative new methods to secure the data being transmitted by applying layered encryption resistant to attack by quantum computers that is thus more resilient to near-term and future cyber-threats – making it harder to attack and infiltrate network infrastructure or endpoints and remotely take control or extract sensitive information.
  • Beam Connectivity, in Cirencester will demonstrate and review the use of DSbD technologies for cyber critical and safety critical applications in the automotive sector.
  • Southern Gas based in Horely seeks to deliver an Internet of Things (IoT) demonstrator in the utility industry, which sees the use of DSbD technologies to deliver an enhanced security solution for applicability within SGN critical national infrastructure
  • ICETOPE based in Rotherham will work with industry standard bodies to address the lack of cooperation between Information Technology (IT) and Operational Technology (OT) to help overcome the cyber-security barrier for implementing effective Edge computing by harnessing the new security compartmentalisation features of the Morello platform.

Join the DSbD team and Digital Catapult on 25th January for the official launch of the Digital Security by Design Technology Access Programme.

What is Digital Security by Design? Registration, Tue 25 Jan 2022 at 10:00 | Eventbrite

 

Also, this week we saw two large ransomware attacks: one affecting a natural gas company – Superior Plus – and the other targeting HR management company, Ultimate Kronos Group. Commenting on the news, John Goodacre said “Whether unwanted access to a computer is through a failure in the system design to be secure by default, or a mistake in the software implementation, once patches for vulnerabilities are released and it becomes generally known, then it is a race between cyber-attackers looking to take advantage and those that need to patch their systems.

“The Mitre.org CVE list is recognised as the world’s central catalogue of publicly disclosed cyber vulnerabilities. Recent analysis suggests that around 70% of the ongoing CVE recorded vulnerabilities are associated with a class of error known as a memory safety error. This is caused when a software developer inadvertently inserts a memory corruption bug. Research from as far back as the 1970’s highlighted that such bugs can be exploited and leave systems open to the loss of data and their operation perverted or held to ransom.

“The cybersecurity industry has advanced significantly since then, but as recent stories of vulnerabilities become known, we still see an onslaught of attackers trying to find systems that have not yet been patched. Its clear more must be done.

“The University of Cambridge has spent the last 10 years on a programme known as CHERI, working out how today’s computers could evolve to block such software vulnerabilities from been exploited, removing the rush to patch and effectively closing the digital door to exploitation from this significant number of ongoing memory safety vulnerabilities. 

“Such changes however needed to start from within the very heart of the digital system, changing the way computers work with memory and ultimately in how software is produced. Coordinating and aligning various activities, with various barriers due to the way the computer markets evolved, how to adopt such research was unclear. 

In 2019 the UK government agreed to work with Arm in the UK, the broader industry and research through their ISCF initiative to overcome adoption barriers and created the Digital Security by Design (DSbD) programme so that future digital systems can block the exploitation of such vulnerabilities by design and reduce the harm to society and business alike.

“In the meantime, it is imperative everyone, everywhere, understands what software they use, implement the most rigorous cybersecurity practices, and how they will respond efficiently to the availability of critical patches so as to reduce the risk and costs of cybercrime.”


You can follow updates @DSbDTech or via LinkedIn here  #DSbDtech

Follow Innovate UK

Twitter @innovateuk

Innovate UK on Linkedin

You can find out more about the Industrial Strategy Challenge Fund here

Delivered by Digital Catapult, funded by UKRI through the Digital Security by Design programme.