This Week in Cyber: January 17th – 21st

Digital Security by Design

This week, Arm announced the launch of the first silicon supporting the research project, Morello prototype architecture, led by Arm, Microsoft, the University of Cambridge, and other industry leaders. It is now available on a limited run of demonstration boards which will be shipped to industry partners and major stakeholders including Microsoft and Google for testing through the UKRI Digital Security by Design (DSbD) initiative.

The DSbD initiative has allowed Arm to invest significant resources into developing this promising technology. If we are to rethink a foundational architecture that has been around for years, we must work with the wider ecosystem as collaboration continues to be a key driving force for security. The next two years will see the ecosystem testing, writing code and collaboratively providing critical feedback to determine whether any features will be used in future versions of the Arm architecture. If the Morello prototype architecture performs as expected, it will be fundamental in future processor designs, protecting businesses, individuals, and the devices of tomorrow.

The Morello program plans on developing a “new, inherently more secure, Arm-based computing platform for the future.” Morello is the first high-performance implementation of the CHERI extensions. CHERI offers fine-grained spatial memory safety at a hardware level. Software developers and security specialists will now be able to employ the Morello architecture to exhibit the improved security that can be attained with hardware capabilities.

News broke this week that The International Committee of the Red Cross had been the victim of a cyber-attack in which hackers seized the data of more than 515,000 extremely vulnerable people, some of whom had fled conflicts. “A sophisticated cybersecurity attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week,” it said in a statement. “The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.” The body, which has its headquarters in Geneva, had no immediate indication as to who might have carried out the attack. It said the hackers targeted an external company in Switzerland that the ICRC contracts to store data. There was no evidence so far that the compromised information had been leaked or put in the public domain.

Commenting on the news, quoted in InfoRiskToday UK, and syndicated across the entire ISMG estate, John Goodacre, Challenge Director for Digital Security by Design, and professor of computer architectures at the University of Manchester, said “Unfortunately, we live in a world where people make mistakes when using computers, and the applications themselves have bugs. Together these create vulnerabilities that can be exposed through even the most stringent cyber defences. Industry and businesses can do little about the software vulnerabilities in computers other than apply patches after they have become known, and potentially exploited, and stop data loss or systems being held to ransom. For years, around 70% of the ongoing reported software vulnerabilities are due to bugs in the way software works. The UK government is supporting industry and academia through the UKRI Digital Security by Design programme to introduce new fundamental technologies that can block software vulnerabilities from exploitation. This latest cyberattack again amplifies the need that everyone must maintain the best cyber practices and ensure all software is fully patched to reduce the risk that any vulnerability is exposed to exploitation.


You can follow updates @DSbDTech or via LinkedIn here  #DSbDtech

Follow Innovate UK

Twitter @innovateuk

Innovate UK on Linkedin

You can find out more about the Industrial Strategy Challenge Fund here

Delivered by Digital Catapult, funded by UKRI through the Digital Security by Design programme.