The UK’s National Cyber Security Centre (NCSC) has joined with its counterparts in Australia, Canada, Germany, the Netherlands, New Zealand and the US to launch a guide containing advice to help technology manufacturers keep customers safe by embedding secure-by-design and secure-by-default principles into their products during the development phase.
Titled Shifting the balance of cyber security risk: principles and approaches for security-by-design and -default, the guide is available to download via the US Cybersecurity and Infrastructure Security Agency (CISA).
The group said that devices and products where security has been treated as an additional technical feature, or where users need to make potentially complex configuration changes to keep themselves safe after purchase, leave people needlessly exposed to security risks and potentially cyber attacks.
The guide is presented as an attempt to lessen the burden of risk on ordinary users by providing manufacturers with a roadmap of actionable steps they can, and should, be taking.
“As our lives become increasingly digital, it is vital technology products are being designed and developed in a way that holds security as a core requirement,” said NCSC CEO Lindy Cameron.
“Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer. We call on technology manufacturers to familiarise themselves with the advice in this guide and implement secure-by-design and secure-by-default practices into their products to help ensure our society is secure and resilient online.”
CISA director Jen Easterly said: “Ensuring that software manufacturers integrate security into the earliest phases of design for their products is critical to building a secure and resilient technology ecosystem.
“These secure-by-design and secure-by-default principles aim to help catalyse industry-wide change across the globe to better protect all technology users. As software now powers the critical systems and services we collectively rely upon every day, consumers must demand that manufacturers prioritise product safety above all else,” said Easterly.
Abigail Bradshaw, head of the Australian Cyber Security Centre (ACSC), added: “Cyber security cannot be an afterthought. Consumers deserve products that are secure from the outset. Strong and ongoing engagement between government, industry and the public is vital to putting cyber security at the centre of the technology design process.”
Among the guide’s contents are strategies for engaging senior leadership with security principles; and tactical steps that development teams can undertake to help organisations take ownership of the security outcomes of their products, such as eliminating default passwords and implementing single sign-on (SSO) features, creating a default baseline of security whereby products automatically enable the most important security controls needed to protect enterprises from malicious cyber actors.
It urges organisations to practice “radical transparency and accountability”, such as by ensuring vulnerability advisories and newly-identified common vulnerability and exposure (CVE) records are complete, accurate and public.
It also contains advice for organisations on holding their own technology suppliers accountable for cyber security outcomes, and suggestions on improved collaboration across supply chains to incentivise secure practices.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
