Nuala Kilmartin, Innovation Lead, Digital Security by Design, UKRI, was delighted to be at GovSec UK on the 23 May. She lifted the audience with a cybersecurity solution to all the problems they had heard about. She outlined the context of the UKRI Digital Security by Design Challenge and how it is making a difference.

The Challenge together with ARM and Cambridge University, seeks to address the market failure of vulnerabilities in computer hardware – a market failure that was never addressed from back in the 70’s.

CHERI (Capability Hardware Enhanced RISC Instructions) is a processor architecture security technology aimed at addressing the insecurity of mainstream computer systems. Conventional hardware instruction sets and the C/C++ programming languages, dating back to the 1970s, provide only coarse-grained memory protection. This turns many coding errors into exploitable security vulnerabilities.

CHERI revises the hardware/software architectural interface with hardware support for capabilities that can be used for fine-grained memory protection and scalable software compartmentalisation. DSbD is a UKRI / Industrial Strategy Challenge Fund (ISCF) research programme contributing to the creation of the Morello board, and CHERI is the Digital Security by Design Technology that underlies the programme.

TechWorks and the IoTSF have played a vital part in the project working with the University of Oxford and NQuiringMinds to help validate and disseminate a real time monitoring solution. This is essentially a cherified gateway providing continuous assurance so that network security is enhanced. It achieves this by reducing memory vulnerabilities and determining whether a device can be onboarded securely or not.

Nuala explains, “In 2024 the project has seen a lot of progress. The programme is aligned with the US CISA and the UK Government’s semiconductor and cybersecurity strategies and objectives and referenced in these reports. We are now at the stage of collating the impact and evidence of academic research from leading UK Universities and Industry partners such as Thales and Southern Gas Networks. We have also provided UK SMEs who have applied to the DSbD Technology Access Programme with Morello Boards to investigate the technology and exploit the CHERI architecture.

If this can block up to 70% of memory vulnerabilities, then we are making progress in reducing the risk of the legacy systems we have heard so much about today. The Economic Social Research Council is one of our key delivery partners and the commissioned research collated from the DiscribeHub.org has been highlighting the barriers to adoption and the associated legislative/regulation issues. The “Futures” research area of this work has referenced an understanding of what cybersecurity will look like in 2030, and why people will want to be safe online.

TechWorks has supported ground changing work that forms an essential part of the US NIST and DSbD projects. NIST published its draft Trusted IoT onboarding practise guide on May 31st. Several IoTSF members have contributed a key part in the continuous assurance monitoring software of one of the builds. TechWorks is also soon to publish a global marketing report on the impact of CHERI on IoT and connected devices. It will demonstrate its economic benefits to the semiconductor industry and the security of the IT infrastructure on which we all rely. It points to the need for a long term view of the project as it will take time for the industry to adopt and realise the many benefits it offers.

Nuala explained to GovSec UK, “We’re now seeing many emerging benefits across various use cases, primarily memory safety but also productivity increases, and reduction in costs. There will be less time spent on looking for attackers if you have blocked the legacy code vulnerabilities. The project is coming to an end in March 25, but we are hoping to align additional funding support to keep driving this transformational step change in computing. We meet as an ecosystem bi-annually, whereby government, academia and industry collaborate to address key steps forward. We are now looking for key industry support to help ‘create the demand’ for adoption and move towards a more prosperous and resilient future for all.

Nuala continued, “From an International reference, we are just back from Mobile World Congress in Spain and we are now taking this message out globally and collaborating with global Government, Industry and Academia partners, and distributing Morello boards to other industry applicants. We recognise we require the Use Case backing, specifically across critical industries to advocate on the rationale for adoption.

TechWorks has demonstrated its vision to work with industry and academia, notably with Dr Nick Allott, NQuiringMinds, Peter Davies, Thales, Professor Andrew Martin, University of Oxford and Haydn Povey, SCI. These global thought leaders help ensure the DSbD project will realise many of its objectives.

The Digital Security by Design Challenge is contributing to UK National Cyber Strategy :- Taking the lead in the technologies vital to cyber power”.

All recent news and DSbD programme updates can be found on https://www.dsbd.tech

TechWorks and the IoTSF continue to play a major part in these global initiatives. We urge you to consider how you can participate in the future of IoT cyber security and the stability of the global IT infrastructure by joining one of our projects!

James Willison, Project and Engagement Manager, IoT Security Foundation, TechWorks.