Managing Security Is More Realistic Than Solving It, Says ARM’s Chief Executive
Last year, ARM infused its hardware security technology called TrustZone into fraction-of-a-millimeter-sized chips to be used in connected bandages or package trackers. But on Tuesday, the chief executive of the chip designer underscored another vital form of security.
“I don’t think you can solve security in the short term, but you can manage it in the short term,” Simon Segars said Tuesday in a video call for a panel discussion at the Design Automation Conference in Austin. “And you don’t manage by tightening up the software and hardware."
To maintain the security of embedded sensors and other devices – with lifespans ranging from ten to twenty years – companies will need over-the-air updates to respond to new threats, he said. Many security researchers have said that the “infrastructure” is vital for repelling hackers prying into both hardware and software defenses.
“The nature of the attack is going to change, so the nature of the device will have to change,” Mr. Segars said.
That has not escaped the view of cloud computing firms and start-ups. When it is released this year, Google’s new operating system called Android Things will contain “infrastructure” to refresh firmware in household devices, though the company has said little about how it works. Other companies like Resin and Particle are also tackling the problem.
In October, ARM introduced a software platform called mbed Cloud that lets developers manage, monitor, and update firmware inside devices remotely. The mbed operating system that ARM created for everything from sensors to wearables can isolate sensitive parts of embedded software and provide cryptographic components.
These forays into embedded software complement ARM’s security hardware. TrustZone creates a mirror-image of an insecure operating system in the same ARM core. The twin is separated from the other operating system by walls erected in ARM’s hardware, making it more secure against hackers.
Masayoshi Son, the chief executive of Softbank, has had harsh words for the security inside chips created by ARM, which he bought for $32 billion last year. In a keynote at the Mobile World Congress in Barcelona this year, he shared his vision for the Cambridge, U.K.-based company, whose chips are the beating hearts of most smartphones.
Referring to ARM’s microcontrollers used inside things like cars and security cameras, Mr. Son said that “none of them are secure today." The troubling assessment came after he predicted that four out of every five chips sold in the next twenty years would capture, process, and share data about their surroundings would use ARM technology.
That translates into a trillion chips for cars, televisions, and wearable devices, Mr. Son said.
ARM is increasingly of the mind that companies need the ability to make automatic repairs to the security inside Internet of Things devices. It will be impossible to make manual changes to billions of chips inside everything from trash cans and traffic lights to cars and industrial sensors, Mr. Segars said.
“You have to take the human element out,” he said.