 Gweithio yn enw i â'r gwaith ar gyfan o hyffordd Llywodraeth. Gweithio yn ymddir i gyfer cymaint o'r gael yn rhywbeth digon yn hyffordd Llywodraeth. Yn oes ymddir i siaradau cyllid hynny, mae'n ddim ymddir i yw'r ddisgu wasu pan gweithio ffarae a'r ffordd bumer gydag amllunol. Arm's been around for 25 years and what we do is design microprocessors, we design other IP that semiconductor companies use to build the chips that are in all these mobile devices that we see around us. Over the last 25 years we have worked in partnership with many of the companies that display here at Mobile World Congress every year to grow our business and to help enable the computing platforms that we are now carrying around with us in our pockets. These super computers that we have permanently connected and giving us a window to the internet and all the data around us. So almost 25 years old last year and we've enjoyed this growth in our business through the expansion of mobile. And within Arm we spend a lot of time thinking about how computers can be used, how connectivity can be used and what's going to come next as mobile evolves and as we get to leverage all the technologies that have come from the growth of mobile. And one big area that we're thinking about a lot of the moment is the internet of things. And this is a technology that I'm sure you're going to be hearing a lot about over this week. It has huge potential to impact our lives, huge potential to impact businesses to create new ways to gain insight into what consumers do with products, how they are used and to gain efficiencies in their creation and efficiencies in business models. Huge potential of the internet of things and one which I'm sure you'll see many examples of around the exhibition this week. But when I think about the internet of things and when I think about the barriers to actually creating the adoption, driving the adoption of IoT, the big area that we spend a lot of time thinking about is security. Because unless we get security right in the internet of things I don't think we deliver on its true potential. Now around the internet of things right now you see lots of predictions about how big it's going to be. And what is I think fairly true to say over the course of history around predictions of computing and the size and scale of computing is that they're usually wrong. There are many, many predictions about IoT and forecasters are very good about getting predictions on computing wrong. You can see here a quote from the 1950s talking about how big physically computers could be. Now fortunately whoever wrote that did get it wrong. We don't have computers that weigh one and a half tonnes. We have computers that weigh almost nothing to the point where we can carry them around with us all the time as Nicola Tesla forecasted. You saw that in the quote in the little video, quote that I love. So fortunately the forecasters have been wrong, they usually get it wrong. And it's through the miniaturisation of computing that we're able to have smartphones. Through that miniaturisation, through the continued drive to improve power efficiency, we're able to have this supercomputer that runs off a battery and runs all day long off a battery. It's really quite phenomenal what improvements the miniaturisation of technology has enabled. So because we've made computing small, we're able to have smartphones and mobile computers. And because we're going further than that, because we're making computers tiny, we can have the internet of things. We can now put a microprocessor with a sensor, with some radio connectivity into a chip that is so small, it fits into the dimple of a golf ball. And when we make computing that small, that low power, it really can become ubiquitous and can get deployed into all sorts of applications. Whether it's enabling crops to be produced in a more efficient way, whether it's allowing us to sense data around traffic flows, around busy cities like Barcelona, whether it's allowing us to monitor our state of health, the internet of things is going to have many many applications. Now I'm not going to dwell on any of these right now, except to say that the potential is absolutely huge, so long as we get the security right. So the internet of things is going to be big. Connected cars, agriculture, even connected toys. And there are people using deploying sensors, deploying connectivity to make toys more interactive. So there are many many benefits of this technology. When we have this, when we have everything connected, it's going to be great. We're going to gain so much insight to the world around us. What could possibly go wrong with this? Well the moment you start connecting everything up, you really have to worry about security. And of course cybercrime and cyber security is very topical at the moment. But in the context of fairly conventional computing, we haven't yet seen the start of the issues that come when literally everything is connected and we get to tens of billions of connected devices. So we really have to start caring about security and we have to start thinking about security in different ways. Because in the internet of things the security issues are going to be different. So to explore security, I thought we'd start with some old-fashioned security issues. And let's talk for a few moments about a good old-fashioned bank job. Now this is the picture shown here is the very secure looking doors of a business called the Hatten Gardens Safety Deposit Limited. And this time last year they were happily in business looking after very valuable assets for their clients, diamonds and other jewellery. And this time last year as I stood here on the stage at Mobile World Congress, they were merrily going about their business. But little did they know they were being cased out to actually be robbed because in April last year they indeed got robbed. They got broken into and thieves made it away with what's estimated to be about £200 million worth of valuables of diamonds of jewellery. And when you look at the front doors in the previous picture, it looks pretty strong. You can see here from the vaults that there's big iron bars on the doors. You can see that the thieves made a right old mess when they broke in. The conventional security looked very, very strong. But of course anybody breaking into anything doesn't exploit conventional security. The guys that robbed this vault did not burst in the front doors with sawn-off shotguns demanding to be taken down and handed over the jewels. What they did was exploit a weakness. They studied this building. They looked for where the weak spot was. And what they actually did was get up onto the roof, break into a lift shaft, abseil down, and then with a big drill that cost about £3,500, ironically with a diamond tip drill bit, made their way through about two metres of concrete into the vault and spent all east of the weekend last year emptying the safety deposit boxes and making it away with the valuables. So the lesson from this is that conventional security might be great but you really have to think about the weaknesses and it's not often easy to spot the security weaknesses in any system. So that's a conventional security issue, a bank job. You don't hear too much about them anymore because people have moved on. Cybercrime is a lot safer it seems, a lot more fashionable, so let's talk about cyber issues for a moment. And I thought bad about picking out target but it's been one of the most publicised cybercrimes of recent times. And again, when you think about the issues that they faced, it all came down to exploiting a weakness. So here again the conventional security is good. There's cameras everywhere. There's secure front doors. There are safety guards walking around the stores at night. But that isn't, of course, what the hackers did. What they did was look for a security flaw. They looked for a weakness. What they actually did was, via a phishing email blast, managed to steal the login credentials of one of target's vendors. They got in for a website. They were able to exploit weaknesses within that website and eventually deploy malware on the point of sale terminals so that every time somebody bought something the credit card information was being stolen. So they didn't break into a database. They certainly didn't break in through the front doors with guns. What they did was put malware every time somebody was swiping their credit card and stole about 40 million credit card numbers as a result of this. So that was a pretty big theft. And again, there were parallels with that bank job. There was a weakness that was found in the system. That weakness was exploited. And just like the bank job, there was poor internal monitoring of what was going on within the network. And there were poor safeguards in place to actually spot what was happening. So though very different crimes, there were actually a lot of parallels between robbing a bank and robbing, in this case, target. Now it's easy to, with hindsight, look back at how these crimes could have been avoided. How could the security have been better? It's easy to look back with hindsight and identify the weaknesses. Well, with the Internet of Things, we've got to get on the front foot. Because when we come to deploying billions, tens of billions more connected devices, then the attack surface becomes huge. The way in which attackers might get in just grows and grows and grows. So let's go back to our connected teddy bear for a moment. And sadly, if it's connected, there is somebody out there who's going to want to try and hack into some connected thing. And in the case of our poor teddy bear here, there was actually a case earlier this year where one of the major toy manufacturers who had created a connected teddy bear had their device examined by, fortunately, a security researcher and a whole load of security issues found with it. And the person that did the analysis, fortunately, had been given one of these as a gift for his own child and thought, well, hang on a minute, before I hook this up, before I run the risk of a load of information about my family being exploited by someone, let's go and see if there are any weaknesses and lo and behold, there were. So, fortunately, a good guy found these issues. And fortunately, the company in question has fixed the product, so that is good. But it just goes to show how in something as innocuous as a connected toy, something you want to give kids to play with, to have fun with, there are potential security weaknesses. And it brings home how in a hyper-connected world, in a world of the internet of things, a lot of the data that is at risk becomes very, very personal. I'm sure none of us want to have that personal data stolen away. I'm as a parent myself, I don't want my kids playing with something which could end up turning out to be very, very dangerous. So, when it comes to personal data, nothing can be more personal than your healthcare records. And healthcare is one technology area, one industry that I think is going to benefit enormously from the internet of things. But nobody is going to want their health records stolen. Well, unfortunately, it's already happening. In the US alone, over 100 million healthcare records were stolen last year. That accounts to about one for every three people in the population. Globally, a billion health records were stolen. And when you think about the number of people who actually have health records in the world, a large proportion don't. Of the available number of records that could have been stolen, that's a large proportion. And that was in 2014. So health records are already being stolen. There was a case recently of a hospital in Los Angeles where hackers got in and were attempting to blackmail the hospital. Pay this amount of money or we'll wipe all your data away. So this is happening today. But again, it's happening with conventional computing systems. This is all happening before the internet of things starts to become a technology that is used in the deployment of healthcare. And personally, I think the deployment of IoT in healthcare is going to be a great thing. When you go to the doctors and they're taking your blood pressure or your temperature, there's an instantaneous amount of information that they can work from. They're going to diagnose you there and then. The deployment of wearable devices which can track your state of health relative to the environment in which you're in. There's the potential for a doctor to have so much more information about you and therefore be able to provide much more accurate diagnoses. But in that world, we really have to worry a lot about security because with all of these deployed devices, just the ways in which hackers might get into the data and what they might do with it subsequently just grows and grows and grows. So we really have to worry about this. Now another application slightly closer to home is the smart home. And at the moment, this is a very topical area. I'm sure there are lots of demos of smart home technologies out in the show today. And I personally get offered service having people come to my house and set up cameras and monitoring devices all the time. I'm sure we all do. And this should be a good thing. It should make our homes more efficient, allow us to control the energy consumption of our homes and it should make our homes much more secure as well. Having cameras around seems like it should be a good thing. But of course, a hacked camera does exactly the opposite. A hacked camera is going to make your house less secure. It's completely counterproductive. If somebody can work out when you're not home, then they can work out when to go and rob your home. And of course, nobody wants that as an unintended side effect of deploying IoT based security systems. So we have to get this right. We have to get the internet of things to be a very secure technology if it is to be trusted. And fundamentally trust is a really important thing when it comes to the internet of things. The good news is that this is a technology that's in its infancy. And now is the time where we can work to get it right before it is deployed. We cannot apply security to the internet of things as an afterthought. By then it will be much, much too late. So now is the time for us to act. Now there is lots, fortunately, that can be done and there is lots that is being done to enable secure systems to be built. We can work on providing somebody secure infrastructure down in the silicon devices. That's one thing that we're doing. We can ensure that secure software is built on top of that. What's really, really important is that security is designed in from the start. As I said a moment ago, this cannot be an afterthought. One of the reasons that so many computer systems right now suffer from security issues is because the fundamental technology grew up in a world before hyper-connectivity. So security is being laid on after the fact and that leads to weaknesses. So now is the time for us to get the internet of things right. We have to deploy security in a way that is very robust and it also has to be deployed in a way that's easy for consumers to adopt. The downside of security is that it can often make things just more difficult to use. In my own home I've forced my family amid groans and moans to use two-factor authentication on email. If you're not doing that, please after this speech go and do it because there's a key way to improve the security of your email but it does make it a little bit harder to use. And people don't like barriers being put up. Most people think that they won't be hacked. Most people think that the connected teddy bear or the connected refrigerator won't be hacked. But unfortunately someone somewhere will have a different view on life than you do and this is a risk and it's a risk that we have to address and we have to address it through robust security. So in order to build secure software and we're going to need a lot of security to make internet of things secure we really do need secure hardware and that goes right now into the architecture of that hardware. So in ARM we're working to deliver that. We are creating features in our processor architecture that are going to enable secure software to be built on top. ARM processors are already in billions of smartphones and we're expecting them to go into tens of billions, maybe hundreds of billions of connected IoT devices. So this is something that we take very, very seriously. We're expanding our products to enable a hardware root of trust to be built into the semiconductor devices themselves to create a software environment where these trusted features can be accessed only by trusted software and on top of which trusted applications can be built. We're advising ways in which keys can be stored in the chips that keys can be deployed easily within the chips to make these devices much more secure. And this really is a top priority for ARM. It's the kind of thing that our engineers love as well. This is intellectually hard. It's an intellectual challenge that we want to address and when our guys come to work every day this is exactly the sort of problem that they like to go and solve. But we can't do this alone. We need a lot of help and this really is an industry-wide issue. So my request is, as much as we're taking this seriously that you will do the same. If your business has any role to play in the deployment of internet of things devices then you have a role to play in helping make that secure. Where do you start? Well, just recently the GSMA published guidelines about security and my request is that you're going to take a look at that. It is a great starting point. It covers various aspects of devices, of the network, of the way to put systems together. We really recommend avoiding proprietary standards, working together on open standards that we can jointly secure and making sure that devices can be managed in the field. The security of the device is only any good at that moment in time. The security threats will change and therefore it's really important that we can manage devices after they have been deployed. So we're taking this really seriously. If anyone's shipping a device, one thing that's critical is that you get somebody to try and break it. I'm not the guy that designed it, but get somebody else and hire a hacker to come and try and break your products before they are shipped into the outside world because the ingenuity of hackers is really quite phenomenal and something that we have to spend a lot of time trying to get around. Fundamentally, this is all about trust. Security and trust go hand in hand. Without trust, the Internet of Things won't reach its full potential. We may have connected devices, but they will operate with very limited functionality and they will operate in silos. Without trust, things really do break down and businesses fail. The Hatten Gardens Safety Deposit Company actually went into liquidation a couple of months after that break-in because fundamentally their customers lost trust in that business and they took all their valuables away. Well, that same risk applies to Internet of Things devices. Without trust, consumers won't deploy them and we won't reach the full potential of IoT. Over the next couple of decades, we're going to see an explosion in the number of connected devices. We really are just getting started on this so now is the time to act and we need to act in partnership with this. We're working hard on this every day in our arm and we'd really like to work with you to deliver on the true potential of the Internet of Things through a secure, robust set of technologies. Thank you very much. I thought it would be topical to maybe ask all of our analysts one question this morning and it's obviously a very topical thing. There's nothing like having such things sprung on you when you're standing here in front of standing people but Apple in the US government is obviously an interesting conversation. When you secure these things, do you give up the keys when they're required to do so? Do you have any thoughts on that situation? It's obviously a very complex situation. There are rights and wrongs and wrongs and rights and it's going to be really interesting to see how this pans out over the next little while. With the Internet of Things, we've started when we consider these issues and I think there's going to be a lot more complex cases like this which crop over over the next few years. Now is actually pretty good time to be really exploring this in detail and really making sure that we have a legal framework that can rightly determine who owns data, how it can be used and who gets access to it. We fundamentally believe that users should own their data, should have control over who has access to it but obviously there's some extreme circumstances where sometimes you need to look through a different lens. So it's going to be fascinating to see this play out. Get a big ramification into the future. Thank you for answering it and thanks again Simon. Please make some applause.