Arm TechCon 2017 was held in Santa Clara, CA Last week I attended Arm Holdings TechCon 2017 in Santa Clara. Featuring over 100 speakers, the Arm Holdings’ multiday conference provided an opportunity for industry analysts and insiders such as myself to get a glimpse at the newest strategies and technologies the company has been developing—particularly in the realms of machine learning, IoT, and cybersecurity. Since the SoftBank Group acquisition, I am seeing a very different Arm who is more rapidly investing into new IP, services, and people. I wanted to go ahead and offer a rundown on the announcements that have come out of the event, as well as my quick take on them. Introducing Mbed Edge The first big announcement made at the event was an expansion of Arm’s Mbed Cloud IoT device management capabilities, called Mbed Edge. The edge is hot as I believe we will see 75B new devices on the edge by 2025 and those devices cannot all send their data directly to the cloud. That way would be too slow and inefficient and insecure and therefore drives the demand for edge compute. Arm already announced Mbed OS and Mbed Cloud. Mbed Edge will enable Mbed Cloud to onboard, control, and manage devices through IoT gateways (the bridges between local devices and the cloud). This is important, seeing as failed gateways can cause massive, expensive downtimes in manufacturing and other industrial settings. To address this, Mbed Edge is bringing three new functionalities to the table. Secondly, Mbed Edge attempts to increase the resiliency of IoT gateways, by adding diagnostic capabilities, alarm notifications, and process, resource, and interface management into the mix. Arm says this will cut down on costly downtime due to failed gateways. My take—I think Mbed Edge is a great move, but full of competition. The IoT edge is where all the industry action is happening right now, and there are many competitors. However, it also happens to be an area of strength for Arm. Arm is approaching this from the end-point in as most others are addressing it from the datacenter in. Time will tell, but I expect we will see major software partners (like Cisco’s Jasper, Microsoft Azure IoT, and VMware) sit on top of Mbed Edge or compete vigorously against Mbed Edge to take advantage of these new capabilities. A new, secure industry framework for IoT Another big announcement from Arm TechCon 2017 was the launch of the company’s new Platform Security Architecture (PSA), which seeks to provide a common industry framework for building secure IoT devices. Arm is preparing for a future that has approximately 1 trillion devices connected by the year 2035—and with more devices come more opportunities for cybercriminals to exploit. While I cannot vouch for the 1T devices by 2035, I do not have any data that suggests otherwise, but I love the aggressiveness and leadership. Arm says that these 1T devices “need to be secure without sacrificing the very diversity which makes them innovative and unique”—a goal that PSA is designed to accomplish and variables that can play against each other. Arm says Intel, RISC V, and MIPS are welcome to join if they like. The PSA consists of three different components: representative IoT Threat Models and Security Analyses, hardware and firmware architecture specifications (built on crucial security principles), and an open source implementation of a new firmware specification Arm are calling “Trusted Firmware-M.” Arm says these three aspects together will allow ecosystems to build devices on a common set of ground rules, which in turn will cut down on the time, money, and risk currently associated with IoT cybersecurity. At the conference, Arm also delineated what it sees as the four crucial steps to proper IoT security hygiene: device identity, trusted boot sequence, secure OTA software update, and certificate-based authentication. These steps are not new to smartphones and PCs and even now servers, but they are new to IoT. Surprisingly (and frustratingly), the industry is still debating on the merits of this, in a misguided (in my opinion) attempt to save money. Believe it or not, after the Mirai botnet disaster where 2M video systems were turned into a DDOS monster due to the lack of security, vendors still debate an extra ten to fifteen cents of BOM cost adder. Arm CTO Mike Muller talks about 4 security architecture principles Announcing new threat mitigation technology Arm also announced on the first day of the conference the availability of new “highly-efficient on-die threat mitigation technology” which it says will further secure the SoCs powering the next generation of connected IoT devices. Some of this sounds a bit like science fiction, but these prevention techniques are bring used today by governments around the world. There are two big categories of threats this technology claims to protect against. The first is Simple and Differential Power Analysis (SPA/DPA), in which an attacker attempts to compromise data by analyzing the power consumed by an integrated circuit during operation. The second is Simple and Differential Electromagnetic Analysis (SEMA/DEMA), in which the attacker tries to gain information via analyzing the electromagnetic field generated during integrated circuit operation. Science fiction? No- reality. Arm says this mitigation technology is cheap and easy to scale and implement and will do much to build trust for data-sensitive IoT applications such as autonomous cars, connected health, and mobile banking. On top of that, Arm says the technology is applicable across all silicon processes currently in use in the semiconductor industry. I see this as very similar to what is currently protecting the 2 billion smartphones in the world, but necessarily lighter for IoT devices. Hardware security—not just software security—is a requirement to secure Arm’s proposed 1 trillion devices. Arm CEO Simon Segars kicks off Day 2 TechCon A cybersecurity call to shared arms Speaking of taking security seriously, Day 2 of the event brought something I have been waiting a long time for a company to do: a security “digital social contract,” in the form of Arm’s first IoT Security Manifesto. Arm CEO Simon Segars explains the need for a digital, social contract for security The security Manifesto, presented by Arm CEO Simon Segars during his Day 2 keynote, calls for tech companies own up to their share of responsibility to consumers, and actively push security as a primary consideration in the hardware design of all connected devices. This manifesto maintains that the tech industry is ultimately responsible for the protection of users—makes sense, seeing as they are the experts after all. Arm says, and I believe this will require a new way of thinking that takes into account the reality of how humans use devices. For example, consumers should not have to bear the burden of updating device firmware and coming up with “strong” passwords, and companies should move away from using hacker-friendly default passwords like “PASSWORD” (which you would think should be a no-brainer). This is not just some “ignorant consumer” problem- half of the bi hacks the past year were from IT-trained individuals who just failed to update or never updated their systems. Good security factors in human mistakes Arm envisions a future with a network-wide “immune system,” in which AI reflexively quarantines and handles threats. This will require an industry-wide, good-faith effort to adhere to the principals outlined in Arm’s IoT security manifesto. Again, it is about time for this shift in perspective if you ask me. We have seen many high-profile data breaches this past year—it is clear the current strategy is not working.  I applaud Arm’s thought leadership in security and hope others will take the pledge to support this. Arm CEO Simon Segars explaining just how unsafe IoT is Wrapping up All in all, I think Arm Holdings is on an improved growth trajectory with all the announcements that came out of TechCon 2017 and the many conversations I had with senior management. Since their SoftBank acquisition, I have seen a very different Arm, and it is very positive. It is not risk-free with Arm entering SaaS with Mbed, but what was ever gained without risk? I think the company is very wise to finally get in on the edge compute bandwagon with Mbed Edge. There’s certainly a market for it right now, a giant one in the future, and with the end point expertise Arm brings to the table, I think we will see the company rise above many of its competitors to the top of the crop.