The Business Plan of Cyber Criminals
In cybersecurity, 2005 is a year that looms large. It marked the moment when cybercrime graduated from a malicious and somewhat sophisticated sport to a business with money, information and strategic advantage as its goals.
The year started with a breach at George Mason University that exposed the records and Social Security numbers of students and 32,000 staffers.
A few months later, hackers exposed a million customer records from DSW Shoe Warehouse, marking the first million victim breach. Later, an estimated 40 million credit card numbers from the files of CardSystems Solutions got out. The rush of data breaches became so rapid that the Privacy Rights Clearinghouse began keeping a chronology of data breaches.
And, while the wider world may not have learned about the Stuxnet virus until 2010, development on it—and its lasting impact it has had on breaching the defenses of manufacturing system like robots and chemical furnaces—probably began in 2005. So did the $20 billion problem of ransomware.
The modus operandi of cybercrime
From a high level, cybercrime can be grouped into three categories:
- Data theft. Arguably the most common and lucrative form of cybercrime. Data breaches will cost an estimated $6 trillion this year in theft, embezzlement, loss of intellectual property and the associated damages that come with it. And as British Airways and Marriott learned, it can also mean multimillion fines.
- Falsification. Research into uncovering digital fakes started gaining momentum in 2005 as well. Since then, fake news and the problems it causes has become part of our lives. General Vincent Stewart (USMC) says falsified data will the foundation of the fifth generation of warfare where victory can be achieved by taking away a combatant’s ability to make rational decisions.
- Weaponization Ransomware experts have branched out from hijacking data to licensing tools to newcomers while the average ransom demand more than doubled to $170,000. Meanwhile, security firm Dragos says that hacker penetration into utilities and critical systems is becoming pervasive.
Compounding these problems is the uncertainty and doubt among businesses and consumers on how best to protect themselves. In a recent report by PSA Certified, 54% of respondents said the uncertain ROI and potential lack of buy in for security among their employees lead to an unwillingness to invest continuously in security measures. Only 47% said they carry out a threat analysis of new products (a figure that drops to 33% for smaller companies).
An architecture approach
Our goal at Arm is to provide defenses against these attacks and more by integrating strong, intelligent and pervasive security into architecture of devices and systems. Some security innovations are integrated into Armv9, our most recent architecture. Others are implemented through industry initiatives such as PSA Certified. Below are some of the ideas we are developing to combat the problems above.
Realms
A fundamental feature of our Arm Confidential Compute Architecture of v9, Realms effectively allows consumers or trusted application vendors to create highly secure, temporary enclaves for sharing critical data and prevent data theft. It is for protecting data in use, in contrast to encryption which protects data in transit or at rest in a storage system.
Let’s say a patient wants to share medical records with a disease researcher, but the patient is also rightfully concerned about copies of its medical records being inadvertently exposed by a breach at the research hospital. The patient might also want to separate his or her personal information from the medical file.
With realms, a virtual enclave—separated from the operating system and hypervisor—would be brought into being. The patient would un-encrypt her records. The researcher would then analyze the data, encrypt the results, and leave. The realm would dissolve. The patient records would never leave the host computer. The researcher, however, would have the data she needs. Even if her computer where compromised, hackers in all likelihood could not reconstruct it to obtain the original record.
The underlying technology and concepts for Realms grow out of TrustZone, a technology Arm first began including in processors over a decade ago. Realms expands the uses and use cases.
PSA Certified
PSA Certified, an initiative started by Arm, set outs standards and a certification process for chips, software, sensors and intelligent devices to overcome the paralyzing uncertainty of implementing better security. PSA Certified provides manufacturers and developers an established process for creating a foundational root of trust for their products. Additionally, the process gives businesses, which typically don’t have the time or expertise to evaluate risks, a foundation for choosing wisely.
Content authenticity
The coalition, whose members include the BBC, Microsoft and Adobe, seeks to address the problem of fake videos, photos and content through embedded mechanisms and standards. Imagine an app that would allow a photographer to conclusively prove that (1) a particular photo was taken with his or her phone, (2) it has not been altered and (3) if it has been altered, what those alterations are. It would create a chain of authenticity that could restore trust in what our eyes see.
The same technology could also potentially be employed to protect the intellectual property rights of artists.
Morello
Being developed by Arm in conjunction with the UK Research and Innovation, Google and Microsoft, Morello isolates attacks at their point on entry through a combination of hardware and software. Imagine a burglar breaking into your garage, but not being able to get into the house from the garage. Fine grain compartmentalization can prevent data theft, virus propagation and the zombie attacks that allow hackers to weaponize a system.
Arm’s Morello prototype architecture specifications are now available to download. If Morello can meet our goals, it could be included in v9 processors toward the middle of the decade.
Applications like ride sharing, electronic banking and ecommerce all depend on staying steps ahead of cybercriminals. New, emerging technologies like IoT that can play a potentially large role in combating climate change could seize up because of security and privacy concerns. Without trust, digital systems can’t scale. A broad-based approach that takes advantage of the processing power and capabilities inherent in the devices people already own will become one of the most effective ways to stem the tide and raise people’s confidence in computing.
Confidential Computing: A pulse survey on the future of security technology
Only 4% of organizations are completely confident in their security policy when it comes to protecting third-party data. You can find out more about the state of cybersecurity from the Arm/Pulse Confidential Compute Survey.
Any re-use permitted for informational and non-commercial or personal use only.
Editorial Contact
Latest on Twitter
🗓️ Join us on Wednesday July 31 for our next financial results conference call.
After market close, we'll report our earnings results for the first quarter of fiscal year 2025, followed by a conference call to review our results and business outlook: https://okt.to/koqGT0
The "Write Once, Deploy Everywhere" approach to code is key to seamless deployment for developers.
Through expert talks and demos @WeAreDevs, we demonstrated how this is a game-changer for building and deploying next generation apps at scale.
Thanks to everyone who joined us!🙌
With the escalating need for power-efficient systems, @FujitsuFNC's turned to Arm to build the FUJITSU-MONAKA CPU - a processor designed to help achieve energy savings of 40% in Japanese data centers by 2030.
+ That's without compromising AI innovation: https://okt.to/WM0F3A
Arm KleidiAI brings 30% performance improvements to @Google AI Edge's MediaPipe and XNNPACK running the Gemma 2B LLM. 💪
This is the first integration of many, as we enable more LLMs to run as effectively and efficiently as possible on Arm mobile CPUs: https://okt.to/qLW8He
Flooding can happen anytime, but early warning systems can help reduce its impact on communities and protect lives.
We're proud to work with @UNICEF_uk and support the team in Karonga, Malawi to bring the latest in flood alert technology to communities:
How can developers stay ahead in the age of AI?
Andy Wafaa shares details on the tools required to optimize code, increase accessibility, and shape the future of computing at @WeAreDevs World Congress: https://okt.to/wJakX3
Since 2012, Raspberry Pi's been changing the game for businesses in the ecosystem.🚀
Founder & CEO, Eben Upton shares the origin story of Raspberry Pi and why he chose Arm as the architecture of choice:
Interview recorded in Jan 2023.
Arm Education in Conversation with Eben Upton
In this episode, we interview Eben Upton, founder and CEO of Raspberry Pi (Trading) Ltd. Eben shares with us the...
okt.to
In the age of AI, collaboration is crucial to solve technological and societal challenges.
Together with a group of academics at our Cambridge office, we've developed a "Call for Action," identifying the steps needed to ensure AI adoption in both the public and private sectors.
Ready to upscale your mobile game development without losing performance?
👉 Say hello to Arm Accuracy Super Resolution
It's our open source solution derived from FSR2, designed to increase the resolution of images from low to high with our efficient shader code:
.@AWSCloud Graviton4 is here! 🙌
Announced in GA, Graviton4 uses Arm Neoverse V2 to provide the most powerful, energy efficient AWS processor to date.
It follows 5+ years of collaboration on Graviton to enable CPU silicon innovation in the Amazon Cloud: https://okt.to/UWM0FR
Proud to partner with @AlzheimersBRACE to support dementia research and foster community. 🤝
From running the Bristol Half-Marathon to raising £2K+ for charity and spreading awareness, shoutout to our team for making a real impact. 💙
Not sure where to start with running Llama models? We've got you. Our 🆕 learning path teaches you how to build and run a simple Android Chat app with different Llama models using ExecuTorch and XNNPACK.
Dive into the step-by-step guide in the link below.
⚡ Silicon is defining and revolutionizing technology.
With the help of our partners, we're at the forefront of its evolution, driving innovative new approaches to silicon design with CSS and chiplets to define the future of computing.
More in @WSJ. 👇
Paid Program: The Evolution of Silicon
From Moore’s Law to today’s modern designs for AI, silicon is defining technology markets now and in the future.
okt.to
Arm CSS for Client is unleashing the power of the Armv9 architecture for AI innovation.
CSS for Client delivers physical implementations across Arm CPUs and GPUs, simplifying SoC builds for the fastest path to production silicon.
Learn more👇 https://okt.to/Q3yLjc
The advancements in large multimodal models and GenAI herald a new era in AI robotics.
That’s why tomorrow's robotics are harnessing the power of LLMs to improve energy efficiency, security, and functional safety.
🦾 And it's all happening #onArm: https://okt.to/6nbZ9m
The world's leading AI companies are prioritizing data center efficiency to scale and grow. And they're doing it #onArm.
Arm CMO Ami Badani joined The Artificial Human Podcast to discuss why efficiency is crucial to driving AI innovation.
The Artificial Human - How green is my AI? - BBC Sounds
Aleks Krotoski and Kevin Fong ask, how green is my AI?
okt.to
Here's a glimpse of our #INWED24 celebrations in Kenya, Ghana and Switzerland.
The Arm-Ambassador-led events brought everyone together to celebrate the significant impact of women engineers and to inspire future innovators to help bridge the STEM gap: https://okt.to/9ZAuna
Find $ARM in the Nasdaq-100 Index from today. 🙌
As we go from strength-to-strength as a public company, we're excited to join industry leading companies on the @Nasdaq stock exchange, emphasizing the importance of Arm tech among the global ecosystem: https://okt.to/gpRsAe
Create the best possible AI experiences with KleidiAI. ⚡
KleidiAI provides a collection of highly optimized AI kernels that can be embedded directly into popular AI frameworks as part of Kleidi Libraries.
Ready to reap the benefits?
🥳 Our partners @HPE and @NVIDIA are making turnkey private-cloud AI a reality!
Announced this week, NVIDIA AI Computing by HPE brings the power and efficiency of Grace Hopper Superchips, built #onArm, to the HPE ProLiant Compute DL384 Gen12 server.
HPE ProLiant Compute DL384 Gen12 | HPE Store United Kingdom
okt.to
For #WorldRefugeeDay, we're celebrating our partnership with @Refugees & @UNRefugeesUK to ensure AI tools for humanitarian efforts are used responsibly.
By supporting @UNHCRinnovation, we can ensure diversity is built into tools from the ground up:
We're putting the foundations in place for a thriving, diverse, chiplet ecosystem in Automotive.
From participation in @imec_int's Automotive Chiplet Program, to our role in SOAFEE, here's how we're ensuring interoperability and performance for chiplets: https://okt.to/eBfYgd
Here's to our fantastic, award-winning Internal Comms team. 👏
At the #ICEAwards, the team took home 3️⃣ awards for:
⭐ Best event
⭐ Best Internal Comms from the tech, media and telecommunications sector
⭐ Best Internal Comms Campaign in a large business under 10,000 employees
Rene Haas joined the Samsung Foundry Forum to discuss our almost 30-year partnership and the possibilities of Arm CSS.
By removing the complexity from SoC development, Arm CSS enables our partners to move faster in the age of AI, with the support of partners like Samsung.
