An aspirational movement to shift the responsibility for security in technology products and services to manufacturers and vendors got a major boost Thursday. Cyber authorities in the U.S. and six other nations issued recommendations and tactics to ensure products are secure by design and default from the get-go. The principles, as outlined by the Cybersecurity and Infrastructure Security Agency and its peers in the U.K., Germany, Canada, Australia, New Zealand and the Netherlands, put more connective tissue and action behind the Biden administration’s recently revealed national cybersecurity strategy. The joint guide encapsulates many recommendations previously shared by CISA and other authorities, including technical recommendations for software and infrastructure design and best practices for default security measures. Laws and regulations that impose greater responsibility on the technology sector aren’t likely to come quick or easy. For now, there are not enforcement mechanisms tied to the principles. The agencies behind the effort are strongly encouraging every technology manufacturer to build products in a way that prevents the need for customers to constantly perform monitoring, routine updates and damage control on their systems to mitigate cyber intrusions. The status quo, described as vulnerable by design, bears constant weaknesses, the agencies said. Meaningful change requires technology manufacturers and vendors to revamp design and development programs, and place a much greater priority on security. “Only by incorporating secure-by-design practices will we break the vicious cycle of creating and applying fixes,” the agencies said in the joint guide.
https://www.cybersecuritydive.com/news/secure-by-design-default-tactics/647546/
Customer Reviews
You must log in to post a comment.
Thanks for submitting your comment!