September Update: Ransomware, Apple, Zero Trust, and More

It's only September 24, but this is the last Friday of the month so it's time for my monthly update. This month: ransomware, Apple's new A15 chip, the US government and zero trust, plus more Designed with Cadence videos.

Ransomware

Ransomware is the big security threat of 2021, apparently generating literally billions of dollars in ransoms for the bad guys. I wrote about ransomware in:

• Evolving Maturity in Ransomware
• Update: CadenceLIVE India, Ransomware, 2nm, and More (covering Colonial Pipeline)
• June Update: PCIe 6.0, Ransomware, Mars, Turing Award...and CadenceLIVE (more on Colonial Pipeline)
• July Update (covering the combination of supply-chain attacks and ransomware)

One hope was that Russia would clamp down on cybercriminals working out of the country. But just last week:

Hope that Russian authorities were cracking down on ransomware gangs has proved to be a false dawn: FBI deputy director Paul Abbate yesterday told Intelligence and National Security Summit what o'clock it was. The Bureau has seen no evidence of Russian cooperation or unilateral action against the cybergangs. The Washington Post quotes Abbate as saying the criminal groups are still “operating in the permissive environment that they've created there,”

I also ran across a fascinating piece in The Register Confessions of a ransomware negotiator: Well, somebody's got to talk to the criminals holding data hostage. You should read the whole thing, but here's a bit of his advice:

Shah's first advice is that: "A negotiator should never reveal that they are a 'trained negotiator'. Ideally we purport to just be another member of staff.

"It is important to indicate to the attackers that you (the negotiator) are not a senior member of staff that can make decisions," reducing their ability to put pressure on you whilst you "purport to be administrative level staff and need to refer upwards for decisions."

He added: "Should the incident require longer term negotiations, we could at some point – to keep the attacker's interest – suggest we have escalated it to a manager. Again this manager would not be senior. In reality, it could just be the same negotiator, using a different name and conversation style."

I have never negotiated any ransomware deal, nor anything similar. But when negotiating commercial deals, I have also always found it better to negotiate from a position of weakness, even if  I am, in fact, the decision-maker. I'm sure when the car salesman goes to the back to talk to the sales manager, often he or she is doing the same thing. Coffee is drunk, but no sales manager is visited.

Apple A15 Chip

Apple had its autumn event where it traditionally announced new iPhone models. This was no exception and Apple announced the iPhone 13 family (and iPad, Apple Watch, and other developments). You can read about all of this from a consumer point of view all over the net and in mainstream press, and I don't have any unique perspective.

For those of us in the industry, the details of the new chip are always interesting and tend not to make it into the mainstream press. During the event, Hope Giles, VP Engineering Program Management for Hardware Technologies revealed some of the details of the new A15 Bionic chip that powers the new phones:

• 5nm technology
• 15 billion transistors
• 6-core CPU with 2 high-performance cores and 4 high-efficiency cores
• 4 core GPU (5 in the pro models)
• 16-core neural engine delivering 15.8 TOPS

Zero Trust

I wrote about zero trust in my earlier posts:

• From Castles and Moats to Zero-Trust Networking
• Embracing a Zero Trust Security Model

The US Government is getting serious about zero trust. Recently, CISA, the Cybersecurity and Infrastructure Security Agency, published Zero Trust Maturity Model. CISA is a relatively new agency (2018) and is expected:

to improve cybersecurity across all levels of government, coordinate cybersecurity programs with U.S. states, and improve the government's cybersecurity protections against private and nation-state hackers.

A quote from the abstract to the new publication:

CISA’s Zero Trust Maturity Model is one of many roadmaps for agencies to reference as they transition towards a zero trust architecture. The goal of the maturity model is to assist agencies in the development of their zero trust strategies and implementation plans and present ways in which various CISA services can support zero trust solutions across agencies.

The maturity model, which includes five pillars and three cross-cutting capabilities, is based on the foundations of zero trust. Within each pillar, the maturity model provides agencies with specific examples of a traditional, advanced, and optimal zero trust architecture.

NIST, the National Institute of Standards and Technology, has also been providing guidelines, such as the draft white paper Planning for a Zero Trust Architecture: A Starting Guide for Administrators.

These developments are likely to end up in rules and recommendations for government agencies, but historically this sort of thing has had a major effect on private industry, too. And since, these days, security starts from a hardware root-of-trust embedded in silicon, it is likely to affect some aspects of chip design.

Work in progress.

Badges

I wrote about Cadence's Digital Badges in a couple of post:

• Badges—Not Just for Scouts Anymore
• Take a Cadence Masterclass and Get a Badge

This seems like a good moment to remind you that you can become Cadence Certified with Digital badges added to our courses. Start here. These badges indicate proficiency in a certain technology or skill and give you a way to validate your expertise to managers and potential employers. You can highlight your expertise by adding these digital badges to your email signature or any social media platform, such as Facebook or LinkedIn. And yes, if you leave your current employer, your badges go with you.

Designed with Cadence Videos

Back in July, I wrote about the Designed with Cadence Video Series. Since then, there have been lots more. Here are a few for your viewing pleasure.

Imagination with Digital Full Flow:

Renesas and Cerebrus:

Samsung Foundry and Cerebrus:

Randomized Controlled Trials

I wrote about RCTs, randomized controlled trials, in my post Statistical Power...or Why You Shouldn't Be Allowed to Turn Right on Red. Here is a spoof paper from the British Medical Journal Parachute use to prevent death and major trauma related to gravitational challenge: systematic review of randomised controlled trials.

Conclusion of the paper:

We were unable to identify any randomized controlled trials of parachute intervention.

There is actually a serious point behind the paper, that RCTs are not the only way to test things because sometimes it is unethical to have an untreated control group.

Sign up for Sunday Brunch, the weekly Breakfast Bytes email.

.