We’re all painfully aware that cybercrime incidents have soared in recent years, targeting individuals, governmental organizations, hospitals and utilities. The good news is that our industry has accelerated its efforts to combat cybercriminals to ensure a more secure, trusted digital world.
But there’s still work to do. As Arm CEO Simon Segars has said, technologists have a particular duty of care to not rely on how we dealt with past threats but to relentlessly prepare to deal with the next ones.
Four years ago, we published our first Arm Security Manifesto in this spirit. It detailed some of the key vulnerabilities that security experts were grappling with and mapped out a vision of how the industry was responding – from security compartmentalization techniques at the IP and chip levels to the need to design in functionality that takes into consideration the human factor. Our second manifesto, published in 2018, included lessons technologists had learned from the Spectre and Meltdown attacks to a new device “health system” for scale deployments that would act as a digital immune system.
The 2021 Arm Security Manifesto
Today, we’ve published our third Arm Security Manifesto, which surveys the threat landscape today and its recent evolution but also details the tremendous strides the industry has made in the past four years. In it, you’ll find:
- A futurist’s view of the security threats that might lie ahead as cybercriminals try to stay one step ahead of improving security schemes.
- New architectural and chip-level innovations involving compartmentalization and memory tagging that aim to prevent or minimize damage from device-level cyberhacks.
- Expanding certification and attestation efforts, such as PSA Certified, that solidify trust in hardware and software.
- A fascinating overview of how the insurance industry is working with technologists to better quantify risk so it can offer sustainable insurance and keep premiums manageable.
- A call to action for technologists and policy makers to work more closely together to develop strategies that will enable us to leap ahead of cybercriminals.
- A look into the future of post-quantum cryptography, a prime example of visionary work being done today to prepare for tomorrow.
In addition to its call to arms around multidisciplinary cooperation, the 2021 Arm Security Manifesto was written in the spirit of Segars’ call to action: How do we deal with threats we might not even be able to imagine today? For instance, robo-hackers that can probe your company’s defenses and engineer and evolve their own exploits millions of times faster than any human hacker could or autonomous polymorphic malware that could dynamically wreak havoc?
When Arm unveiled its inaugural security manifesto in 2017, the widely respected technology analyst Patrick Moorhead had this to say:
“It is about time for this shift in perspective (on security) if you ask me. We have seen many high-profile data breaches this past year—it is clear the current strategy is not working. I applaud Arm’s thought leadership in security and hope others will take the pledge to support this.”
Today, we can point to the success of bank and government eID cards with virtually impenetrable security defenses all the way to multi-factor authentication and device-level compartmentalization as stepped-up industry efforts in the fight against cybercrime.