back to article Arm wants to wrestle industry into a seat on the UK.gov's £70m hardware security train

Arm has declared that it feels the "weight of our responsibility" as it jumps on board with UK.gov's £70m plans to influence "hardware and chip designs" to enhance security. The Digital Security by Design project is "a combination of the best practice approaches to security laid out in the Digital Security by Design review in …

  1. hammarbtyp Silver badge

    Chicken feed

    The EU Cybersecurity strategy earmarked 600million Euros of research and innovation. It is more likely also to have global significance due to the technology and population size of the EU

    But hey, at we are taking back control....

    1. Anonymous Coward
      Anonymous Coward

      Re: Chicken feed

      I have been in projects funded by Euro-projects and it quickly became painfully obvious that a lot of money went all other places than into actual project work. The project leader was British and he was outraged. Unfortunately for him the way the funding works there was nothing he could do about it.

      Anonymous for obvious reasons, though I can state I am not British myself.

      1. Roland6 Silver badge

        Re: Chicken feed

        >I have been in projects funded by Euro-projects and it quickly became painfully obvious that a lot of money went all other places than into actual project work.

        It's the same with all government funding. If you are outraged by Euro-project leakage, I suggest you take a look at UK government funding for the third-sector.

    2. Anonymous Coward
      Anonymous Coward

      Re: Chicken feed

      The EU Cybersecurity strategy earmarked 600million Euros of research and innovation.

      For an EU population of 510m, so around 1.2 euros per capita, which is almost exactly the same as the UK's proposed £70m for 66m people.

      But hey, they EU must be better, no matter what the facts are.

      1. BigSLitleP

        Re: Chicken feed

        Is 600 million bigger than 70 million? Or is the 70 million bigger because someone wrote it on the side of a bus for you?

        1. J.G.Harston Silver badge

          Re: Chicken feed

          Try 600m divided by 500m vs 70m divided by 60m. If you're going to argue numbers, at least do yourself the favour of starting from the right point.

          1. Anonymous Coward
            Anonymous Coward

            Re: Chicken feed

            600m euros, 70m pounds. If you're going to argue numbers, at least do yourself the favour of starting from the right point.

        2. Anonymous Coward
          Anonymous Coward

          Re: Chicken feed

          Is 600 million bigger than 70 million? Or is the 70 million bigger because someone wrote it on the side of a bus for you?

          Go back, read my post, and look up what "per capita" means.

          1. BigSLitleP

            Re: Chicken feed

            I am aware of what per capita means, cowherd, but in this case it doesn't make any difference. The total is what is important. You can do more with 600 million than you can with 70 million. Per Capita in this instance is a pointless comparison.

            1. Yet Another Anonymous coward Silver badge

              Re: Chicken feed

              I was going to start my own space program by spending more per capita in my house than the USA spends on NASA

      2. Roland6 Silver badge

        Re: Chicken feed

        >For an EU population of 510m, so around 1.2 euros per capita, which is almost exactly the same as the UK's proposed £70m for 66m people.

        Clearly written by someone who has never applied for research funding:

        Going on previous experience with UK and EU funding, I can assure you, getting 10% of the EU fund assigned to your project is a much simpler undertaking than getting 10% of a UK government funding pot.

  2. Steve Davies 3 Silver badge
    Facepalm

    But...

    Isn't a good part of Softbank that owns ARM in turn owned by the Chinese and given the issues over other Chinese companies...???

    I wish them well but I can't help but think that this money will have already been earmarked for the usual suspects who charge a lot and deliver very little if anything on time. I don't need to mention names as we all know of or have worked for them in the past.

    1. Anonymous Coward
      Anonymous Coward

      Re: But...

      I, for one, welcome our new Chinese overlords.

      ps can I have a job ?

      1. Anonymous Coward
        Anonymous Coward

        Re: But...

        Job? What job? ARM is in dire straits:

        https://www.electronicsweekly.com/news/business/arm-failing-2018-08/

        Arm’s Q2 EBIT fell 99% y-o-y from £82 million in Q2 2017 to £1 million in Q2 2018.

        Not many companies take a hit like that and remain so eager to recruit they peruse this forum.

    2. Spazturtle Silver badge

      Re: But...

      Softbank only owns 75% of ARM, the other 25% is owned by the House of Saud.

    3. soulrideruk Bronze badge

      Isn't .. Softbank that owns ARM .. owned by the Chinese and given the issues ..???

      Hey Steve, stick to snooker!!!

      Softbank, the 75% owners of ARM, are a Japanese based company. I am not sure they would like to be called Chinese.

      Cultural quarrels and all that...

      1. Anonymous Coward
        Anonymous Coward

        Re: Isn't .. Softbank that owns ARM .. owned by the Chinese and given the issues ..???

        The new owners 'SoftBank' did some complex deal to give all ARM IP to a chinese subsidiary, which is owned 51% by the Chinese.

        You've got to think this is what 'SoftBank' were planning on doing when they bought ARM for a price that was above the market value. They obviously had the deal lined up in the background with the Chinese government.

        The Chinese government are trying to remove dependencies on foreigh IP and will go to almost any means to achieve that. They want Technology Transfer so they can cut out the west.

        In 10 years time all phones will have chips designed by the Chinese subsidiary and Chine will be claiming that it has no ARM IP in it at all.

        The British government does nothing to stop this sort of thing happening

    4. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    Wonderful

    But IoT is a race to the bottom at the moment!

    So many chips have a secure boot capability to at least ensure that the correct code is running at power-on. I use some IoT devices and none of them have this enabled, and I'm sure that this is reflective of the entire industry.

    I had interviews last year with nearly a dozen IoT companies and their understanding of security was negligible, to the point that they couldn't really discuss it!

    These proposed secure software initiatives may be great, in conjunction with secure booting, but it's all about take-up, and I don't think that the IoT understands security at all.

    I sincerely hope to be proved wrong, but I won't be holding my breath :-(

    1. Version 1.0 Silver badge

      Re: Wonderful

      With IoT "easy of use" is what sells them, and cheap is what makes a profit. Anything that makes them slightly harder to use will result in lower sales and the cost of security will lower the profits which are razor thin - nobody's going to pay more for security.

      The most effective and cheapest method of securing IoT uses a 6lb lump hammer - works every time.

    2. Paul Crawford Silver badge

      Re: Wonderful

      I was going to say much the same thing - how many security holes are the result of cunningly crafted attacks on good code that hardware measures might mitigate, versus those due to piss-poor design with the likes hard coded root passwords, no automatic patching, and shitty insecure web admin pages that are enabled by default?

    3. Def Silver badge
      Coat

      Re: Wonderful

      ...to the point that they couldn't really discuss it!

      That sounds pretty secure to me. :D

  4. amanfromMars 1 Silver badge

    You pays your money and you takes your choice

    If such initiatives are in any way more intent on protecting existing systems in defending and/or obscuring the indefensible and despicable, and their administrations/exclusive elite executive bit players, will they fail abysmally and surprisingly quickly in these days and spaces of alternative thought projections ...... you know, fake news promotions, Institute for Statecraft Integrity Initiatives and such like nonsense in applied madness and mayhem.

    Such is only natural if one does not exercise and entertain genuine intelligence.

    And one also creates overwhelmingly powerful enemies if one insists on pursuing and expanding on such nonsense

    1. Anonymous Coward
      Anonymous Coward

      Re: You pays your money and you takes your choice

      That was almost coherent. Keep it up.

  5. This post has been deleted by its author

  6. phuzz Silver badge
    Flame

    Stock images

    That image at the top of the article really winds me up.

    That's clearly an Intel CPU resting upside down in an AMD motherboard (S754 I think).

    Yes I am feeling pedantic today.

    1. Deckard_C

      Re: Stock images

      Very secure combination that.

      CPU looks like a socket 775 to me so core2 duo era

    2. Yet Another Anonymous coward Silver badge

      Re: Stock images

      It's definitely secure though !

  7. John Roberts

    That LGA CPU isn't going to work in a ZIF socket. ;)

    #JustSayin'

  8. Norman Nescio Bronze badge

    Formally Validated open hardware designs

    There are a couple of simple things, and one more difficult thing that ARM could do for hardware and chip design:

    1) Ensure that there is a physical jumper or DIP switch or other hardware equivalent that can inhibit or allow firmware writing.

    2) Produce chipsets that can be operated with FLOSS firmware - that is, not requiring a 'binary blob', encrypted and/or cryptographically signed firmware from the manufacturer or other provider to operate.

    3) More difficult: provide assurance that chip hardware offered to buyers has no back-doors, either in software, firmware, or hardware. This is a difficult problem that could easily suck up £70m.

    The end result should be that end-users are able to obtain computing devices that they can be reasonably certain can be used to secure their data from unwanted exposure. The side effect is that it would probably make life more difficult both for people investigating crimes and for people maintaining national security.

  9. gnarlymarley
    WTF?

    Intel reborn?

    “With businesses having to invest more and more in cyber security, ‘designing in’ security measures into the hardware’s fabric will not only protect our businesses and consumers but ultimately cut cybersecurity costs to businesses,” said Business Secretary Greg Clark MP, in a canned quote announcing the move. The project is led by a government body, UK Research and Industry (UKRI).

    And what happens if it has problems like Intel? Software you can change, but hardware would need replacing. If someone makes a mistake, I can see another Intel patch coming to the ARM series....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019