Safety by design: learning from the past to reimagine the future


Innovation “is about widening the range of our projected future to think about everything that might be possible,” observed Professor Genevieve Liveley, Professor of Classics, RISCS Fellow and Turing Fellow at the University of Bristol, Australia. UK, at the inaugural Digital Security Conference. by Design (DSbD) roadshow this week.

This feeling sums up the DSbD initiative, supported by the UK government in collaboration with universities and industry. The approach aims to revolutionize cybersecurity in the UK, moving away from the continuous cycle of patching and mitigating vulnerabilities that permeates all organisations. Instead, the initiative seeks to harness the current and future potential of technology to build computers that can block vulnerabilities by design.

This involves developing technologies that exceed current capabilities. To help harness this vision, part of the DSbD program is to promote the Morello boarda prototype system-on-chip (SoC) development board developed by Arms in collaboration with the University of Cambridge and SRI International. This prototype architecture adapts the hardware concepts of Hardware-enhanced RISC instructions (DEAR). Under the Morello program, hundreds of boards will be sent to academia and industry for experimentation, which, in turn, will provide feedback to better understand how to develop ways to enable security by design.

The strategy is ambitious and requires significant buy-in from across the cybersecurity industry. Consequently, it is promoted in a series of traveling events across the four UK countries, involving a range of expert speakers. The first of these took place in historic Bletchley Park in Milton Keynes, England, on February 21. It will be followed by events in Glasgow, Scotland on March 3, Caerleon, Wales on March 8 and Belfast, Northern Ireland on March 10.

Events will follow a narrative, starting with the origin of computers to understand why we face the cybersecurity challenges we face today, as well as trying to learn lessons from the past that can help facilitate future innovations. What better setting to undertake this task than Bletchley Park, the top-secret home of WWII codebreakers, a place where huge advances in computing have taken place.

The origins and development of computing

The roadshow began with a presentation by Sir Dermot Turing, who wrote many books on the work of his famous uncle Alan Turing, decoding and the history of computing. Turing noted that the work of his uncle and other early pioneers in this field was primarily motivated by a desire to improve mathematics and solve impossible equations with a human mind. He also pointed out that Alan Turing did not conceptualize computers in the 3D hardware form we see today. Regarding the theoretical article by Alan Turing On Computable Numbers in 1936, “what he was trying to do was to create a new part of number theory, which was to define a new class of numbers, the computable numbers”.

Turing went on to explain that computing became digitized in the post-war period and the first programming methods emerged.

The following presentation was made by Dr. Andrew Herbert, Chairman of the Board of Trustees of the National Museum of Computing at Bletchley Park, who described the evolution of computing performance over the decades. Notable advances included magnetic core storage memory, bit-sliced ​​implementation, cache memory, multiprogramming, and matrix processors. However, none of these developments were undertaken with security in mind. Herbert noted that while studying for his doctorate in computer science at the University of Cambridge from 1975 to 1978, “we had a big problem trying to do digital security by design; we didn’t have enough transistors, and that’s what’s different in the modern age.

This means that advances in computing have matched security concerns. Herbert explained, “As computers got bigger and faster, those of us who come from the software side of history had the vanity of writing larger programs and then were surprised that they go wrong and have bugs. This has created the challenges of cybersecurity.

Reinventing the future of cybersecurity

Changing the way we think about future possibilities will be crucial in DSbD’s ambition to radically improve future cybersecurity. This was Geneviève Liveley’s message during her presentation. She said it was crucial to avoid being constrained by what seems plausible in the present and “to avoid unduly emphasizing the predictability, certainty and clarity of DSbD’s future”. .

Instead, we should try to imagine technologies that haven’t been invented yet. This “requires questioning a whole range of different desired futures,” she pointed out. “It requires resisting the idea that current and historical trends are inevitable – we call this chronocentrism.”

Liveley said that mistake had been made too many times in the past, creating blind spots. For example, she pointed to IBM CEO Thomas Watson’s prediction in 1943 that there was only one world market for five computers.

She then showed a series of 19th and 20th century illustrations that depicted future life, “which showed a failure of the imagination”. These included radical ideas, like robots and flying cars. They were, however, limited by the technology of the time, such as steam propulsion.

Liveley thinks a number of lessons can be drawn from these historical examples about thinking about the future. “They inspire us to take seriously attempts to predict the future of DSbD in the year 2030 or perhaps 2050 without falling into the same pitfalls,” she said.

Liveley concluded, “We can learn from this remarkable story of thinking about the future to help improve our own future work in the present and in the context of the radical new innovation in digital security dreamed up by DSbD.

The final presentation of the session was made by Andrew Elliot, Deputy Director, Cybersecurity Innovation and Skills, DCMS, who discussed cyber challenges in the modern world and the DSbD initiative in more detail. He noted that there is a significant “tension” between technological innovation and security. “We are all connected today in more ways than ever before; Internet is not only accessible by our computers. We are adopting connected devices at an increasing rate and in more and more aspects of our lives,” he noted. “While this is positive, it also makes cybersecurity increasingly difficult.”

Today, cybersecurity focuses on mitigating threats and patching vulnerabilities, which “puts the primary responsibility on the users rather than those who build the systems.” Elliot pointed to the government’s efforts to require products to be developed with enhanced security built-in, for example, the proposed Product Security and Telecommunications Infrastructure (PSTI) Act, which will impose new security standards. cybersecurity to manufacturers, importers and distributors of Internet-connectable devices. However, he acknowledged that regulations like this alone would not solve cybersecurity problems.

The answer is to provide solutions to make products secure by design, preventing most vulnerabilities from appearing. With that in mind, “The DSbD program exists to unlock the market failure that was preventing the industry from producing new technologies to block vulnerabilities,” Elliot explained. This was the motivation for the government’s five-year research partnership with the software design firm, “to develop chip technology resistant to cyberattacks; this technology has the potential to defeat hacks such as buffer overflow and side channel attacks.

This includes the development of Morello hardware, which will be used “to design new secure products and services. We want to help support and create a new system for people using and adopting this new technology, and help them overcome any business or performance hurdles to improve the security of their project,” he commented. DSbD is now inviting interested organizations and individuals to experiment with the technology, with four cohorts planned over the next two years.

Elliot concluded by describing the significant growth of the cybersecurity sector in the UK, demonstrated by the findings of the DCMS Cybersector Annual Report 2022 released last week. “I am encouraged that our sector continues to evolve and innovate. We want to build on this success and take advantage of the fact that the UK is home to this new expertise to create safer products and services.


Comments are closed.