This Week in Cyber: Nov 29th – Dec 3rd 2021

Digital Security by Design

 

At the end of last week, it was reported that Patchstack discovered multiple security vulnerabilities In Hide My WP by wpWave and, earlier this month, researchers uncovered a critical security vulnerability In WP Reset PRO.

Commenting on this, John Goodacre, Director Digital Security by Design and Professor of Computer Architectures at Manchester University, said

“There is an ongoing cost to vulnerabilities associated with any exploitation and the need to ensure systems are patched quickly when issues are identified. It’s essential that administrators know what’s in their system and the mechanisms component vendors provide this support. Also, many vulnerabilities can leave systems open to exploit, often needing emergency action. Together with vendors supporting and developing products to be more secure by default, the UK Government is working with industry and academia to introduce underpinning technology that aims to block around 70% of the ongoing vulnerabilities from exploitation, reducing their criticality and costly rush to patch.”

Digital Security by Design

On Tuesday, negotiators from the Council and the European Parliament reached a provisional agreement on a new law to promote the availability of data and build a trustworthy environment to facilitate its use for research and the creation of innovative new services and products. The Data Governance Act (DGA) will set up robust mechanisms to facilitate the reuse of certain categories of protected public-sector data, increase trust in data intermediation services and foster data altruism across the EU. It is an important component of the European strategy for data, which aims to bolster the data economy, increase wealth and wellbeing, and give Europe a competitive advantage to the benefit of its citizens and businesses.

Discussing this new provisional agreement, John said

Data holds the potential to bolster the data economy and increase wealth and wellbeing. By enabling the safe reuse of data, this act aims unlock some of that opportunity by enabling sharing of data subject to the rights of others. The Act will require a trusted register of ‘Data Intermediation Services’. These entities will need to focus on delivering the highest levels of cyber security to ensure this trust is upheld. The UK government has an initiative known as Digital Security by Design (DSbD) that is working to further strengthen, by design, the underpinning technology against the proliferating cyber threat.”

 

Finally, this week saw an exciting announcement for DSbD. Belfast based software consultancy firm Pytilia were selected as part of our competition to deliver technologies that will improve software defences against cyber vulnerabilities. Pytilia secured DSbD funding to investigate the use of prototype secure hardware in key IT infrastructure and was the only company from Northern Ireland selected to participate in the challenge. In collaboration with the Centre for Secure Information Technologies (CSIT) based at Queen’s University Belfast, Pytilia successfully demonstrated that the new hardware can be used to increase the protection of network traffic and prevent the misuse of incoming network packets.

 

Discussing this and appearing in IT Security Guru and The Evolving Enterprise, John commented “Providing early visibility to SME such as Pytilia both validates the applicability of the secure by design approach. It also provides UK businesses the insights to benefit from offering more secure products and services. It bodes well for the security of our digital world in that Pytilia has been able to show that DSbD technologies are able to block software vulnerabilities from exploitation in the highly complex and high-performance application such as packet processing”.


You can follow updates @DSbDTech or via LinkedIn here  #DSbDtech

Follow Innovate UK

Twitter @innovateuk

Innovate UK on Linkedin

You can find out more about the Industrial Strategy Challenge Fund here

Delivered by Digital Catapult, funded by UKRI through the Digital Security by Design programme.