UK invests £36m in hack-resistant chips as part of £50m cyber-security boost
The UK government has announced that it will work with chipmaker ARM Holdings as it pumps more than £50 million into a new programme to improve the country’s cyber-security. This is the first tranche of funds allocated to implement new cyber-security laws.
As part of the plan, the Cambridge-based chipmaker will get £36 million to set up a new, hacker-resistant chip technology. This is the next phase of the government’s Digital Security by Design initiative, also backed by Google and Microsoft, said the announcement.
Another £18 million will be used for a new programme established to tackle disinformation, online fraud and the misuse of personal data, said the announcement.
"This will help to prevent incidents of online fraud, phishing emails, impersonating organisations online and viruses or other malware like ransomware, which cost the UK economy millions of pounds in lost productivity," said the announcement.
"Cyber-attacks can have a particularly nasty impact on businesses, from costing them thousands of pounds in essential revenue to reputational harm," said business secretary Andrea Leadsom.
"Investing in our world-leading researchers and businesses to develop better defence systems makes good business and security sense."
The association with Arm was announced at a time of growing hostility towards foreign takeovers. Japan's Softbank bought ARM Holdings in 2016.
The government has also announced a new ‘Prosperity Partnership’ between Toshiba Research Europe, University of Bristol and GCHQ to "develop more resilient wireless networks through new techniques to detect future threats and mitigate their effects".
Cyber-attacks can damage businesses significantly, from costing millions of pounds to causing reputational damage, making it critical to get ahead of the attackers, commented Robert Ramsden Board, VP EMEA at Securonix.
"Increased connectivity and digitalisation have made us more vulnerable to cyber-attacks, leading to a growing urgency to build a more cyber-resilient world. Therefore, cooperation between the UK Government, technology vendors and businesses is an important step in ensuring British businesses and the public are protected against cyber-attacks and online threats," he said.
Collaborations like these, between Industry100 and NCSC, will help form an important part of reducing cyber-attack exposure for many SMEs and larger organisations most at threat, said Rob Norris, enterprise and cyber-security VP at Fujitsu.
"The message is clear from the government: they recognise the threat from foreign and domestic actors and the havoc that it could play on businesses up and down the country. As the threats evolve, so must the funding and increased importance on awareness to combat those attacks. This is a big step in the right direction," he said.
However, this particular deal between the government and ARM Holdings has limited scope in tackling the problem, said ImmuniWeb founder and CEO Ilia Kolochenko.
"First of all, the number of attacks and exploitation vectors that are reliably addressable on a hardware level remains pretty narrow. In addition, the time UK business require to migrate to the new hardware platforms will be quite long, making attackers enjoying their impunity for the time being," he said.
Most of the cyber-attacks are caused by an incomplete or outdated inventory of digital assets, and a vast majority of businesses in the UK and abroad is unaware of the location of their data, the number of applications or APIs they have, or the number of mobile devices connected to their internal networks, he explained.
"That is a root cause of the problem and deserves urgent attention and mitigation. Therefore, I’d urge investing in a supplementary cyber-security initiative that's aimed at bringing visibility of data and assets to UK businesses."
Industry: Cyber Security
- DevSecOpp- Security design / review consultant. SC Clearance. London
CH7838 London £70,000 DevSecOpp- Security design / review consultant. DevSecOpp- Security design / review consultant will ensure that newly created, public facing apps are secure by design and by default by aligning them to current / best practice security policies and standards into the design phases. The individual must have a technical software / application development background with specalist experinece in secure architecture design. (Frameworks, processes, best practice etc) Practical experience translating and ensuring that the OWASP top 10, ISO27001, HMG frameworks requirements are reviewed and embedded into project designs which are implemented is essential. Experience working projects through a full development lifecycle is key. You will work along side the design and project teams to idenitfy and mitigate risks throughout the design phases. This is a permanent role. SC clearance is essential as is the ability to get to the London office. (When appropiate #covid) Security DevSecOps consultant. To arrange a discreet call book via https://calendly.com/chris-holt/devsecopp--security-design-review-consultant
- SPLUNK SOC Analyst level 3, London.
SPLUNK SOC Analyst level 3, Must be able to commute to the City of London. Onsite role. Security clearance needed. The SPLUNK SOC Analyst level 3 must have current experience working within a SOC environment with specific experience using a range of tools and techniques to investigate security incidents. Current experience with Splunk is essential. any additional experience Individuals with Elastic Security SIEM are highly desirable. Any of the following certifications are desirable Splunk Phantom certified admin, Splunk Core Certified Power User / Advanced, Splunk Certified Enterprise Security Admin, etc The role will include, but not be limited to working with sophisticated information security tools, investigating security incidents, incident management, technical escalation, process improvement, research into the latest threats, reporting etc The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) This is a permanent role To arrange a call with Chris Holt https://calendly.com/chris-holt/arranged-call-with-chris-holt-elastic-siem-engineer-soc Chris.Holt@dclsearch.com
- ISO 27001 & Business Continuity Security Specialist, End User
- United Kingdom
CH7828 ISO 27001 & Business Continuity Security Specialist, End User, £70,000 United Kingdom ISO 27001 & Business Continuity Security Specialist needed to join a Cyber team within an end user. The ISO 27001 & Business Continuity Security Specialist will have end to end responsibility for the information security and Business Continuity management system. ISMS/BCMS. Both from an information security and technical security perspective working alongside the CISO. Experience must include, but not be limited to; a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling to achieve compliance. ISO 22301, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. Experience taking a company through accreditation is highly desirable Experience managing internal stakeholders, technical teams and external third parties essential Flexible working, very occasional travel to London office This is an exclusive role to DCL Search & Selection. Looking to interview immediately. https://calendly.com/chris-holt/iso-27001-business-continuity-security-specialis
- PCI- DSS Security Consultant, End User
PCI- DSS Security Consultant needed to join a Cyber team within an end user. The PCI- DSS Security Consultant will have end to end responsibility for PCI - DSS and its continuing certification. Both from an information security and technical security perspective working alongside the CISO. Experience must include, but not be limited to; a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling to achieve compliance. PCI objectives / 12 key requirements, OWASP top 10, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. PCI Cloud compliance, specifically someone with experience taking PCI-DSS from on premise into the cloud is HIGHLY desired. However, someone with Solid PCI experience with a strong technical background which include Cyber / Secure by design etc would be considered. Experience managing internal stakeholders and external third parties essential. Flexible working, but with the ability to get into London. This is an exclusive role to DCL Search & Selection. 1st stage interviews to happen the week of the 14th September Arrange a call with Chris on https://calendly.com/chris-holt/arrange-a-call-chris-dcl-pci-compliance