Digital Security by Design Monthly Round-Up: October 2022

The DSbD team is preparing for an upcoming event on 9 November, where attendees will learn how Discribe Hub+ are contributing to this important initiative. Taking place at the Pavilion Café at the University of Bath, attendees can join the Bristol & Bath Cyber Cluster for another fascinating networking event. Professor Adam Joinson will talk about Digital Security by Design and how Discribe Hub+ are contributing to this important initiative. Adam is Professor of Information Systems at the University of Bath and is Director of Discribe. His background is in behavioural science applied to security and new technology.

Article type: Blog
author Lara
Joseph

Back on 25 October, DSbD exhibited at Hardware Pioneers Max, the annual gathering of product innovators in IoT and electronics. Dedicated to all engineers, as well as technical and business leaders whose companies are developing IoT devices and systems. We had the opportunity to meet over 40 visitors who wanted to learn more about the Technology Access Programme and see cutting-edge prototype hardware by Arm displayed on stand. In a standing room only event, about 100 delegates joined us for a panel discussion on the topic ‘Security Challenges for Hardware/IoT Makers’. Dr Ramona Marfievici, Lead Engineer – IoT, Digital Catapult chaired the session with guests from Academia and the industry to discuss the current state of hardware security, the most pressing threats on the hardware side and approaches to secure it.

On 19 October, Nuala Kilmartin, Innovation Lead, Digital Security by Design, Innovate UK presented at Digital Government 2022. This prestigious event provided an overview of the DSbD Challenge and its role in creating a more resilient and secure future. This annual event provided a valuable opportunity to bring together key stakeholders to gain insight into the government’s objectives for digital transformation and hear directly from those responsible for driving this forward. Taking place as a fully in person event, reconnect and network with your peers and colleagues, key senior policy makers and decision makers. The conference also featured an exhibition zone featuring some of Northern Ireland’s leading expert solution providers.

It was also great to have the opportunity to speak and exhibit at the IoT Security Foundation on 5 October. Despite rail strikes around the Country nearly 200 people gathered for the keynote delivered by John Moor (MD IOT SF). Professor John Goodacre, and Peter Davies (Thales), followed with an excellent panel session hosted by Professor Carsten Maple with Nick Allott (Nquiring Minds) and Daryl Flack (BEIS) joining for questions. All attendees gave an excellent positioning for the importance of DSbD technology in creating a more secure, safe, and resilient future. There was a real buzz in the audience who followed up with interest at the DSbD exhibition stand.

On 11 October we were delighted to be invited to speak at the High Integrity Software Conference 2022. Professor John Goodacre spoke to over 200 attendees about the importance of securing the future by fixing the foundations. There was keen interest from a highly engaged technical audience who once again were excited by the real change DSbD technology can bring to them and their businesses.

There were some big cyber stories in the news last month too. Most notably was that Nadhim Zahawi stated that UK businesses “must do more to boost cyber defences”. Professor John Goodacre, Challenge Director, Digital Security by Design, UK Research and Innovation shared his thoughts on this, saying

“Addressing the spiralling costs and disruption of cybercrime is a nationally important topic. This announcement from the government is focused on the challenges of today, helping businesses to boost their defences and cyber response. The government is also engaged with industry to better balance responsibility across the supply chain, whether through the consumer protections from the PSTI bill, or through technology advancements such as the Digital Security by Design programme that should block around 70% of the ongoing software vulnerabilities from exploitation by cyber criminals.”

Professor John Goodacre, Challenge Director, Digital Security by Design, UK Research and Innovation

In addition, Intel confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic, raising cybersecurity concerns with researchers. Alder Lake is the name of Intel’s 12th generation Intel Core processors, released in November 2021. On Friday, a Twitter user named ‘freak’ posted links to what was said to be the source code for Intel Alder Lake’s UEFI firmware, which they claim was released by 4chan. Commenting on this, John Goodacre said

It is unlikely that viewing software code alone will cause a subsequent cyber security incident. Much of the UEFI source code is already Open Source and available for third party use and inspection.  Proprietary initialisation and configuration code can make it easier to understand potential attack vectors, but with appropriate hardware protection such as a root of trust, trusted execution environments and other security by design features in the implementation would mean it is no less secure unless production keys are also exposed.”

Professor John Goodacre, Challenge Director, Digital Security by Design, UK Research and Innovation

Sign up to the newsletter

Sign up to the Digital Security by Design newsletter to stay up to date with our events, news, insights and opportunities. Be the first to know about our work and ways to get involved.

UKRI DSbD Councils
Website delivered by Digital Catapult as part of the Technology Access Programme, funded by UKRI through the Digital Security by Design Programme