Cybercrime costs the global economy an estimated half a trillion dollars a year in economic losses, ransom payments and dealing with the resulting chaos, writes Arm CEO, Simon Segars.
But while the advantages of a fully-connected world vastly outweigh the threats, achieving a digital world anchored in security needs all companies to accept their share of the responsibility to create a foundation of trust.
In effect, all companies need to sign up to the Digital Social Contract (Social Contract) that obliges them to protect users.
Social Contract adherence will require companies to go well beyond the legal language in their terms and conditions and regard robust security as a prerequisite in all design decisions.
It will mean them taking full account of how people are likely to use their technology, not how they’d like them to use it. While the contract also places a duty of care on users to protect themselves by behaving responsibly, technology designers will always carry the major burden as we are the experts.
It will require a swift departure from the mindset in which companies ship products with device passwords as simple as 12345 or PASSWORD and consider that acceptable.
The subject of IoT security is fundamental to the Internet of Thing’s development. The Economist survey on commercial IoT adoption co-sponsored by us and IBM last year showed investment was continuing and many sectors were already in early scale deployment. But despite progress the IoT is still immature and trust is being built. If, as technology industry companies, we consider ourselves architects of the connected device world, then we must also consider ourselves as architects of trust.
This means treating the currency of the IoT – data, connectivity and control – as carefully as a national bank treats its currency. This is the focus of the Security Manifesto we have published at Arm TechCon in Santa Clara.
We discuss how the technology industry can meet its Social Contract obligations and protect products over their design lifetime. The Manifesto authors assess the evolving threat and describe some of the advanced security features and directions Arm and others are considering.
We examine new silicon chip architectural paths that compartmentalise the central brain, the CPU, making it harder for an attack to spread. Also, we explore how the industry can use artificial intelligence running on devices rather than in the cloud to look for irregularities and learn the unique patterns of device users to improve security and authentication.
Another interesting concept is based on the creation of a network-wide immune system and health service. The idea, based on human biology, may only be 3-5 years from first rollout and it would see artificial intelligence used to assess and then target attacks.
The system, like human white blood cells, would attack infections by reflex, and quarantine devices to ensure the wider network could continue operating.
If the immune system failed to cope, there would be an option to bring in more intensive health care services to rehabilitate devices or take them offline permanently.
With cybercrime costing the world $500 billion a year, more than the individual GDP of all but nine countries, we must act – expecting the unexpected and launching counterattacks before we have been attacked.
It is tomorrow’s issue but it must be tackled creatively today, and success can lead to a world where hackers are put out of business.