Arm wants to wrestle industry into a seat on the UK.gov's £70m hardware security train Arm has declared that it feels the "weight of our responsibility" as it jumps on board with UK.gov's £70m plans to influence "hardware and chip designs" to enhance security. The Digital Security by Design project is "a combination of the best practice approaches to security laid out in the Digital Security by Design review in …
I have been in projects funded by Euro-projects and it quickly became painfully obvious that a lot of money went all other places than into actual project work. The project leader was British and he was outraged. Unfortunately for him the way the funding works there was nothing he could do about it.
Anonymous for obvious reasons, though I can state I am not British myself.
>I have been in projects funded by Euro-projects and it quickly became painfully obvious that a lot of money went all other places than into actual project work.
It's the same with all government funding. If you are outraged by Euro-project leakage, I suggest you take a look at UK government funding for the third-sector.
The EU Cybersecurity strategy earmarked 600million Euros of research and innovation.
For an EU population of 510m, so around 1.2 euros per capita, which is almost exactly the same as the UK's proposed £70m for 66m people.
But hey, they EU must be better, no matter what the facts are.
>For an EU population of 510m, so around 1.2 euros per capita, which is almost exactly the same as the UK's proposed £70m for 66m people.
Clearly written by someone who has never applied for research funding:
Going on previous experience with UK and EU funding, I can assure you, getting 10% of the EU fund assigned to your project is a much simpler undertaking than getting 10% of a UK government funding pot.
Isn't a good part of Softbank that owns ARM in turn owned by the Chinese and given the issues over other Chinese companies...???
I wish them well but I can't help but think that this money will have already been earmarked for the usual suspects who charge a lot and deliver very little if anything on time. I don't need to mention names as we all know of or have worked for them in the past.
Job? What job? ARM is in dire straits:
https://www.electronicsweekly.com/news/business/arm-failing-2018-08/
Arm’s Q2 EBIT fell 99% y-o-y from £82 million in Q2 2017 to £1 million in Q2 2018.
Not many companies take a hit like that and remain so eager to recruit they peruse this forum.
The new owners 'SoftBank' did some complex deal to give all ARM IP to a chinese subsidiary, which is owned 51% by the Chinese.
You've got to think this is what 'SoftBank' were planning on doing when they bought ARM for a price that was above the market value. They obviously had the deal lined up in the background with the Chinese government.
The Chinese government are trying to remove dependencies on foreigh IP and will go to almost any means to achieve that. They want Technology Transfer so they can cut out the west.
In 10 years time all phones will have chips designed by the Chinese subsidiary and Chine will be claiming that it has no ARM IP in it at all.
The British government does nothing to stop this sort of thing happening
This post has been deleted by its author
But IoT is a race to the bottom at the moment!
So many chips have a secure boot capability to at least ensure that the correct code is running at power-on. I use some IoT devices and none of them have this enabled, and I'm sure that this is reflective of the entire industry.
I had interviews last year with nearly a dozen IoT companies and their understanding of security was negligible, to the point that they couldn't really discuss it!
These proposed secure software initiatives may be great, in conjunction with secure booting, but it's all about take-up, and I don't think that the IoT understands security at all.
I sincerely hope to be proved wrong, but I won't be holding my breath :-(
With IoT "easy of use" is what sells them, and cheap is what makes a profit. Anything that makes them slightly harder to use will result in lower sales and the cost of security will lower the profits which are razor thin - nobody's going to pay more for security.
The most effective and cheapest method of securing IoT uses a 6lb lump hammer - works every time.
I was going to say much the same thing - how many security holes are the result of cunningly crafted attacks on good code that hardware measures might mitigate, versus those due to piss-poor design with the likes hard coded root passwords, no automatic patching, and shitty insecure web admin pages that are enabled by default?
If such initiatives are in any way more intent on protecting existing systems in defending and/or obscuring the indefensible and despicable, and their administrations/exclusive elite executive bit players, will they fail abysmally and surprisingly quickly in these days and spaces of alternative thought projections ...... you know, fake news promotions, Institute for Statecraft Integrity Initiatives and such like nonsense in applied madness and mayhem.
Such is only natural if one does not exercise and entertain genuine intelligence.
And one also creates overwhelmingly powerful enemies if one insists on pursuing and expanding on such nonsense
This post has been deleted by its author
That image at the top of the article really winds me up.
That's clearly an Intel CPU resting upside down in an AMD motherboard (S754 I think).
Yes I am feeling pedantic today.
There are a couple of simple things, and one more difficult thing that ARM could do for hardware and chip design:
1) Ensure that there is a physical jumper or DIP switch or other hardware equivalent that can inhibit or allow firmware writing.
2) Produce chipsets that can be operated with FLOSS firmware - that is, not requiring a 'binary blob', encrypted and/or cryptographically signed firmware from the manufacturer or other provider to operate.
3) More difficult: provide assurance that chip hardware offered to buyers has no back-doors, either in software, firmware, or hardware. This is a difficult problem that could easily suck up £70m.
The end result should be that end-users are able to obtain computing devices that they can be reasonably certain can be used to secure their data from unwanted exposure. The side effect is that it would probably make life more difficult both for people investigating crimes and for people maintaining national security.
“With businesses having to invest more and more in cyber security, ‘designing in’ security measures into the hardware’s fabric will not only protect our businesses and consumers but ultimately cut cybersecurity costs to businesses,” said Business Secretary Greg Clark MP, in a canned quote announcing the move. The project is led by a government body, UK Research and Industry (UKRI).
And what happens if it has problems like Intel? Software you can change, but hardware would need replacing. If someone makes a mistake, I can see another Intel patch coming to the ARM series....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
