Can We Fix the Cybersecurity Mess?
December 12, 2017
|By: Christine Young
Blogger, Maxim Integrated
Sure, having a refrigerator that can order milk, juice, and eggs when it senses that you are close to running out is convenient. And so is having those ingredients delivered to your door—or even inside your home when you're not there, as Amazon recently announced with its new Amazon Key service.
But do you really trust that the wrong hands won't hack into your home network via a vulnerability in one of these smart, connected devices?
"Cybersecurity is a mess. There's this patchwork quilt of stuff glued together. Unless we do something, it's going to get worse," Arm CEO Simon Segars told attendees during his keynote talk at this year's Arm TechCon. "These threats are growing all the time and these threats are coming to our homes."
Segars cited a Lloyd's of London estimate that cyberincidents are costing businesses about $400 billion a year. Yet, in very few cases do electronic product developers take responsibility for their products once they're in consumers' hands. Customers expect better. So before any of us can truly benefit from the glory of what technology can do, Segars said, we must address security. To that end, Arm has issued a call to action in the form of its IoT Security Manifesto, a digital contract that explores human-centered approaches to security, such as a digital immune system and distributed artificial intelligence (AI).
As Arm marches toward its goal of creating one trillion chips for the IoT over the next 20 years, it is also acknowledging the role that technology providers have in ensuring that their products are safe in a world where hackers are becoming increasingly sophisticated. Now, this can be particularly difficult in markets where success is defined by who gets there first. In the manifesto, Segars writes, "The only way to make change possible, especially in a hot market like the IoT, is to think about how to enable a new more resilient business model that doesn't impact time to market. This will be possible by making secure-by-design technologies…readily available to developers."
Machine Learning to the Rescue?
In Segars' perspective, security is a problem that must be addressed at both the software and hardware levels. Designs should be developed with the assumption that a compromise will occur. Design with compartmentalization can be a smart strategy. Along these lines, Maxim offers an approach that delivers this type of system protection. Maxim's DeepCover® Security Framework protects IoT devices as well as payment terminals developed on an Arm® Cortex®-M architecture from local and remote attacks, even if weaknesses are exploited in the communications stack. The framework achieves this by separating the software architecture into protected "boxes" or containers.
Following his keynote, Segars invited to the stage Dr. Mary Aiken, a cyberpsychologist at the University of Dublin and academic advisor to the European Cyber Crime Cener (EC3) at Europol, and Don Clark, a longtime technology journalist and current contributor to the New York Times. Their topic for discussion, moderated by Clark: avoiding a hacker's paradise.
Simon Segars, Arm CEO, and Dr. Mary Aiken, a cyberpsychologist at the University of Dublin, discuss what's needed for effective cybersecurity.
The first line of defense against cyberthreats are people themselves, who need to be diligent about practicing good digital hygiene. But the desire for convenience often overshadows the consistent hard work that good digital hygiene requires. Said Aiken, "We are turning into lab rats, Pavlovian dogs being dragged into click-bait type behavior, which is really opposed to good cybersecurity behavior. We want people, ultimately, in terms of their behavior to be smarter than their smartphones." Segars noted that many people still take an old-fashioned view of security. While there's a greater trend toward detection within corporate networks, we must also tackle the larger number of devices on different parts of the network and look at it holistically.
In her work, Aiken pointed out that she does see the worst in the internet. Yet she remains optimistic because, she said, the solutions to the threats lie in technology itself. Artificial intelligence (AI) offers one answer, and she considers AI in terms of a symbiotic relationship with humans. In this world, intelligence augmentation places humans at the center, with machine intelligence helping them to do their jobs better. In its IoT Security Manifesto, Rob Elliot, director of Vision Architecture at Arm, asks, "What if our mobile devices could learn to know us so well that they could better protect us from hackers and thieves?" Machine learning and AI could make this scenario possible.
Beyond the technology, solving the cybersecurity problem will require a transdisciplinary approach. Said Segars, "We want this ecosystem to engage on this problem. Let's work together to solve these problems. It's going to enable opportunity."