CyberUK 2023: The Digital Security by Design Challenge and the Secure Networking by Design project: Part 1

CyberUK23, the UK’s National Cyber Security Centre’s flagship event took place on 19 – 20 April in Belfast. I represented the IoT Security Foundation (IoTSF) together with the Secure Networking by Design team, Professor Andrew Martin (University of Oxford), Dr. Nick Allott and Ant McCaigue, Nquiringminds, as part of the Digital Security by Design programme. It was highly organised and featured security leaders from across the globe who gave their insights into the complex area of cyber security and the threat landscape we face today. The welcome speeches from NCSC’s CEO Lindy Cameron CB OBE, Secretary of State for Northern Ireland The Rt Hon Chris Heaton-Harris MP, and BT emphasised just how important cyber security is to them and the world we live in.

On day 1 the venue was packed with people and there was an evident concern to protect the world we live in from cyber attacks. This was coupled with The Rt Hon Oliver Dowden CBE MP, UK Deputy Prime Minister’s speech which reflected that the Critical National Infrastructure is vulnerable to attack and that we must do all we can to ensure its safety and security. For the IoTSF, the importance of IoT and IIoT/ICS security is paramount because if a router, or a network device including physical security and building control systems are compromised there could be devastating consequences.

This issue featured in many of the talks that followed. As part of the Digital Security by Design programme, we were all immensely encouraged by Lindy Cameron’s welcome speech where she drew attention to it, saying,

“Secure-by-design and secure-by-default development practices must change if we are to alleviate the burden of cyber risk from the consumer. We need to be running faster towards automatically fixing those things that we know are important. If we don’t take this seriously now and keep pace with the rapid rate of tech development, then we are going to be in big trouble very soon.

Much of our digital architecture was never designed with security at its heart – you all know that better than anybody. It was built on foundations that are flawed and vulnerable. And, unless we act now those same flawed foundations will underpin tomorrow’s technology as well. The UK government is partly addressing this through the Digital Security by Design programme, which is pioneering UK academic research into real hardware that developers can actually use.”

The project partners on the Digital Security by Design stand welcomed delegates following Lindy’s speech and the team at NQuiringMinds joined forces with the other partners to explain our role in the programme.

Nquiringminds in collaboration with University of Oxford and IoTSF are progressing the SNbD project as part of the initiative.

The aim is:

“to reduce the threat and scale of remotely initiated cyber-attacks, securing the network against memory-based vulnerabilities.”

This method focuses primarily on router security for a number of reasons:

End point devices can only be attacked remotely through the network gateway, but a vulnerability in a router can have a magnifying effect as it connects to many devices and can be used as a launchpad to impact other devices on the network. Networking components often have kernel-level access, making them highly privileged. The SNbD project is developing the ManySecured® controller to defend against such attacks.

ManySecured is an open ecosystem designed to improve network security against IoT attacks through an intelligent defensive controller that provides real-time intelligence to monitor activity at the gateway, determine the threat level, and take appropriate action. The controller requires access to security device metadata to make informed decisions.

The team gave demonstrations to the delegates on how the controller works and enables better memory safety using CHERI Morello.

Find out what happened on Day 2 in our next blog, when the Digital Security by Design programme features in not just one but two sessions in the main auditorium.