Introduction

A shared responsibility to meet increasing cybersecurity threats

_{It’s been four years since Arm published its first Security Manifesto in 2017, and digital security has rarely been out of the news.}

Whether it’s a new hack or a ransomware attack, serious incidents seem to be happening with increasing frequency and involve higher stakes. And those are just the ones we know about. On the flipside, the world’s response to cyberattacks also has intensified, reflecting the innovation and dedication of countless global players, including technology companies, governmental bodies, and risk regulators.

Everyone shares a responsibility to ensure trust from cloud to endpoint."

Today, the world’s digital infrastructure is composed of a complex and vibrant network of devices, software, services, and systems designed to sense, compute, and act on data. The scale we’ve reached has shone a brighter spotlight on security across all computing arenas – for datacenters, edge, and endpoint devices. Any vulnerability alongthis powerful compute continuum threatens to seed distrust among users, compromise valuable data, and quite frankly, imperil our digital future.

Everyone shares a responsibility to ensure trust from cloud to endpoint. That includes business and personal computing users, as it’s up to all of us to learn and embrace best practices to avoid creating side doors for cybercriminals, as Mary Aiken pointed out in our first manifesto. Technologists, though, have a particular duty of care, as Arm CEO Simon Segars said, to not rely on how we dealt with past threats but to prepare relentlessly to deal with the next ones.This third Arm Security Manifesto was created in that spirit. You’ll read about new and expanding threat surfaces, and detailed explanations of new security solutions and strategies: From the technical foundations of devices all the way to the datacenter; explanations of risk-management strategies between technologists and other industries, as well as technology certification and attestation efforts to ensure trust among end users.  We'll explore questions including:

How will innovations in hardware compartmentalization further frustrate hackers?

What’s the role of post-quantum cryptography in the overall scheme of improved security? 

How can the insurance industry better quantify cyber risk and then lead their customers toward stronger cyber-defense strategies?

What steps can technologists take today with lab-validated security to protect this ecosystem tomorrow?

We need all these elements in a multidisciplinary drive to maintain and improve trust going forward.  

Result from PSA Certified industry survey.

This manifesto discusses how security efforts have accelerated and expanded over the past four years and how the approach taken has been holistic – across diverse industries, consumer platforms, and governmental stakeholders.  On the next page, you'll find an updated series of principles that we hope will inform and inspire you to continue to partner with the Arm ecosystem in this stepped-up battle for digital security. Together, we will never stop innovating.