Full Report
NCSC CTO Ollie Whitehouse discussed a UK government-backed project designed to secure underlying computer hardware, preventing most vulnerabilities from occurring
Analysis Summary
# Main Topic
UK Government-backed Digital Security by Design (DSbD) Initiative Utilizing CHERI Hardware Concepts to Systematically Address Rising Cyber Risks.
## Key Points
- The DSbD initiative, championed by NCSC CTO Ollie Whitehouse, aims to secure underlying computer hardware.
- The technology is based on the hardware concepts of the Capability Hardware Enhanced RISC Instructions (CHERI) project.
- The primary objective of leveraging CHERI is to develop hardware capabilities that *prevent* memory safety software vulnerabilities from occurring.
- Memory safety issues are currently responsible for approximately 70% of all patched security vulnerabilities assigned a CVE number.
- Memory safety vulnerabilities often stem from software bugs related to memory access, such as buffer overflows, and frequently affect security appliances.
## Threat Actors
- No specific threat actors or state-sponsored groups were mentioned in direct relation to the security project's findings or context. The focus is on preventing systemic hardware vulnerabilities rather than responding to a specific campaign.
## TTPs
- The focus is on preventing a common class of software vulnerability: **Memory Safety Issues** (e.g., buffer overflows).
- This addresses a foundational TTP used by almost all threat actors when they exploit software flaws to achieve system compromise.
## Affected Systems
- The initiative targets securing **underlying computer hardware**.
- Specifically mentioned "edge security appliances" are noted as frequently containing the systemic memory safety issues the project aims to resolve.
- The scope is broad, affecting any system built upon hardware susceptible to memory safety errors.
## Mitigations
- **Hardware Mitigation:** Implement hardware capabilities derived from the CHERI project concepts.
- **Design Principle:** Embrace the Digital Security by Design (DSbD) approach to build security directly into hardware foundations.
- **Vulnerability Reduction:** The goal is to eliminate the root cause of software memory safety vulnerabilities at the hardware level.
## Conclusion
The DSbD initiative represents a critical, proactive governmental effort to harden the UK's digital foundations by fundamentally changing how hardware handles memory access, thereby insulating future systems against the largest category of software vulnerabilities. Success in this program is deemed essential for mitigating systemic national cyber risks.