“At Arm, we … believe that standards and government regulations generally describe yesterday, and … we need to describe tomorrow.” —Simon Segars, CEO, Arm At the Arm ® TechCon last week, the theme of the day was security, as I mentioned in my last post . At Simon Segar’s keynote, Arm distributed what they’re calling the “ Arm IoT Security Manifesto ”, which is a new line in the sand about where the responsibility lies in being responsible for the security for our connected world. At the keynote, Segars said that while users may be the first line of defense against hacking ( as Jessica Barker, another security keynote speaker at the conference, said: “You can’t patch stupid,” ), all technology companies have the responsibility under a social contract to protect users from cyber predators. When an attack happens, is it the fault of the organization that performed the hack, or the organization that was hacked? The answer seems obvious, but as I pointed out in my last post, Equifax is being sued over their security breach, not the company that did the breaching. This is a new world of crime, law, and technology, all rolled up in the not-so-tidy ball of emails from Nigerian princes and data being held hostage by who knows who. Whom. …What. Ever. A Matter of Trust I wrote a while back about how important it is for an industry to be able to trust in its leadership . Humanity can’t rely on legal regulations to control all the baby steps that lead to the future. These advances move too quickly for any government, no matter how benevolent, to keep up. Advances in one field invariably lead to innovations in another field, and we can’t rely on Big Brother (or Big Government or Big Industry or Big Whatever-the-most-powerful-organization-is-you-can-think-of) to ensure that the decisions about how to use these innovations will the most beneficial to the world. We rely on individuals to make a pitch for their own innovation, and, at least in this capitalist system, we must have faith that the successful companies are also making the most “moral” choices. That’s all we have: the hope and faith that the future will be more Star Trek than Mad Max . (It’s no mistake that the name of the ship is the Enterprise ). I believe that Simon Segars is promoting that kind of decision-making, and will be fostering that kind of trust. He says, “I know Arm must uphold the social contract every time a company or individual relies on our technology.” He has taken the first step in drawing that line in the sand, and say that cybersecurity is our problem, not their problem. With this kind of manifesto, he is encouraging the entire industry to step up and build a security infrastructure that is structured like a human immune system, with the ability to “…ship, analyze, self-heal or quarantine, and treat.” We’re not talking about standardizing the use of a single USB cable, we’re talking about building a model for the entire industry. This model pushes the “…powerful compute capability now found mainly in the cloud to the edge of the device network. This will move us from rigid command-and-control structures to a more flexible, dispersed security model.” This new direction fits right into what Cadence is trying to do in all its products, using our tools , our IP , solutions , services , and support —total system design enablement —for the most optimal and efficient designs, particularly those embedded within devices. Cadence’s goal is to empower engineers at semiconductor and systems companies to create innovative, highly differentiated electronic products that transform the way people live, work, and play. A Crossroads of Lines in the Sand In summary, I would like to quote the actual manifesto here: As an industry, we stand at a crossroads. In one direction lies more of the same confounding and costly cat-and-mouse games of rapid technical progress followed by breach and patch. In the other direction, we submit a new way illuminated by a series of common beliefs: We must inspire trust as we scale the connected world No company is exempt from the Social Contract with users Security is a collective industry responsibility and is both an opportunity and challenge Advanced security intelligence should be distributed throughout the IoT Security must be a primary design consideration and be focused on lifetime protection We must build security systems that deal with potential human error In other words, inspire trust, take responsibility, distribute intelligence, start at the beginning, and make it easy. Sounds good to me. —Meera![]()
↧