15 Jun 2024

Digital Security by Design Technology Access Programme set to revolutionise cybersecurity standards

Cyber security

A further eight leading UK technology companies have joined Digital Catapult’s Digital Security by Design (DSbD) Technology Access Programme (TAP), a UK Government backed initiative set to revolutionise cybersecurity standards in modern-day computing. They join the 27 companies already experimenting with the Arm Morello Board, the prototype cybersecurity technology designed by Arm and based on the CHERI (Capability Hardware Enhanced RISC Instructions) protection model created by the University of Cambridge.

The news comes as companies already involved with the TAP initiative shared their early results after a year of experimentation with the prototype technology. The findings were presented in March at a Demo Day event held at Digital Catapult’s London office and was attended by representatives from the Government as well as the cyber industry.

Digital Catapult, the UK authority on advanced digital technology, was appointed in 2021 by UK Research and Innovation to run the programme, designed to involve UK tech companies in trialling the Arm Morello board. The Arm Morello board is a groundbreaking prototype cybersecurity technology that is ‘secure- by-design’, meaning that it is built with security features that do not rely on software updates or patches to protect against malicious actors.

Onboarded companies will be using the Arm Morello board, powered by a system on a chip (SoC), for six months to learn how to leverage the hardware and software features that are unique to this technology. The cutting-edge technology is also capable of preventing and mitigating memory-related cyber attacks, which currently constitute two thirds of cyber attacks globally. During the trial period, companies will receive both expert support from Arm and the University of Cambridge, as well as funding.

The latest companies joining the programme include Ultra Cyber, which has a decade of experience offering solutions for critical national infrastructure, Goldilock, which specialises in secure management of connected digital assets, and Configured Things, a consultancy with vast expertise in large scale distributed systems management and security.

While applications to join Digital Security by Design through the Technology Access Programme are currently closed, companies interested in taking part can register their interest on the DSbD website and be notified when applications open again.

Complete list of participants below:


TelWAI delivers video surveillance built on wireless networks with integrated edge AI for targeted detection.

Aim: TelWAI is planning to integrate CHERI, run edge detection algorithms and test data integrity across wireless networks.


Instantly, remotely, physically disconnect or connect anything anywhere. Without using the Internet.

Aim: Goldilock is planning to transition its secure layer-1 network devices from Intel architecture to the ARM Morello/CHERI architecture, enhancing its underlying application codebase’s security. This move will allow for a more secure, scalable, and customisable network device that meets the unique demands of critical infrastructure environments.

SCI Semiconductor

Secure Compute Institute (SCI) Semiconductors is a startup looking at how RISC-V and CHERI extensions can impact secure computing at a truly global level. The company goal is to enable widespread adoption of security technologies, and ensure national leadership in critical infrastructure.

Aim: The organisation is interested in helping the industry with mapping and portability of existing RTOS and applications from mainstream platforms, such as ThreadX / Azure RTOS to leverage the CHERI extensions. While RTOS ports have already been achieved there is a significant gap in enabling the broader market to adopt, and adapt, to the new technology.

ScienceScope Ltd

ScienceScope provides a collection of IoT tools, devices, and resources to users around the world across multiple sectors including Education, Industry and Academic Research.

Aim: The organisation is planning to create a system whereby CheriBSD on Morello boards form the gateway to the BMS system, securely linked to the ScienceScope IoT platform, built on the Azure network. The Morello board will control all aspects of the BMS, supporting data import from external systems and data export to the ScienceScope IoT platform and additional systems requiring integration.


rtegrity’s mission is to deliver data agility and resilience through software development, research, consultancy and training.

Aim: The organisation is planning to investigate the viability and impact of applying library compartmentalisation to an NVMe over Fabrics storage stack based on the Storage Performance Development Kit (SPDK).

Ultra Cyber Ltd

Ultra I&C Cyber protects the most critical infrastructures with wired, wireless, and embedded encryption solutions forged by decades of cryptographic engineering accomplishments.

Aim: The organisation is planning to apply CHERI to enhance the assurance of their mission critical software

Configured Things

Configured Things specialises in cross-domain configuration management solutions for managing systems across trust boundaries.

Aim: The organisation will be porting their cross-domain serialisation parsers to take advantage of CHERI’s capability-based memory protections.

Systems Security Consulting

Systems Security Consulting provides consulting and R&D services in the areas of systems security, trusted/confidential computing, and embedded systems.

Aim: System Security Consulting is planning to implement pure-cap cloud orchestration support for Intravisor – a intra-process hypervisor that uses capabilities as isolation and sharing technology.

Company info: Digital Catapault