ARM CEO Sounds Security Alarm

　　ARM Technology CEO Simon Segars called on the technology industry to come together to address security in a connected world, an issue he said threatens to undermine the impact of the Internet of Things and its potential for enhancing human capabilities.

　　"Cybersecurity is a mess if you ask me. Unless we do something, it's going to get worse," Segars said in a keynote address at the ARM TechCon here Tuesday (Oct. 25). "When everything has an IP address; when everything is connected; then everything can be hacked," he added.

　　In sounding the alarm on security, Segars joins a growing list of tech heavyweights calling for new software and hardware technologies for mitigating the risks posed by hacking and other forms of cyberattacks, which in aggregate cost industry and consumers billions of dollars each year. Security threats loom increasingly larger as the IoT — which already encompasses billions of devices and is expected to expand to include tens of billions more in coming years — continues to take shape.

　　A number of grassroots IoT security efforts are well underway, including several from ad hoc industry groups and agencies such as agencies such as UL, the former Underwriters Laboratories. ARM itself threw more weight by these efforts this week with the release of its "Security Manifesto" — a white paper that explores the risks posed by cyberattacks and the technology world's responsibility to address it — and the roll out of an architecture standard and three new products  to help implement it.

　　ARM has been a champion of security over the years, introducing several years ago its TrustZone secure extension environment. The company upped the ante with the introduction of its Platform Security Architecture (PSA), a set of hardware and software specifications based on an analysis of multiple IoT use cases.

　　In his 30-minute talk here, Segars outlined the growing opportunity for technology to influence the ways that we live, work and play with trends such as the growing focus on data generation, consumption and analysis on applications such as medical technology and transportation. The importance of improving security is only compounded with the rise of artificial intelligence and machine learning, he said.

　　Segars called on technology firms to take greater responsibility for the security of their products and honor a "digital social contract" to consumers.

　　"We've got to stand by our side of that contract and actually take responsibility for the products that we build," he said.

　　Not surprisingly, Segars, as the CEO of a processor IP firm, made it clear that software fixes alone would not be adequate to address security concerns. "I believe that security is not just a software problem," he said. "The underlying hardware is very important."

　　He also cautioned that security is not "a problem that can be solved" but a "live animal" as hackers adapt to new measures and take new avenues of attack.

　　Segars stopped short of calling for specific actions or the adoption of particular security standards. In the Security Manifesto, Segars said that while he doesn't dismiss the importance of stands, he acknowledges that hackers can pivot faster than product makers, so the approach must be "anticipatory, flexible and resilient."

　　"I think we all have a role to make this a reality," he said during the keynote. "If we can do that, can drive down the number of cyber incidents."

　　Following his keynote, Segars was joined onstage by Mary Aiken, a cyberpsychologist at the University of Dublin and an advisor to the European Cyber Crime Center. Aiken emphasized the importance of individual responsibility and the need to maintain "good digital hygiene" to maintain security.

　　"We want people, ultimately in terms of their behavior, to be smarter than their smartphones," Aiken said.