“Radical transparency” required for revamp of US cyber model

Strong security should be a standard feature of virtually every tech product, says Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency

A senior US government cybersecurity leader has called for universities around the country to help spur an industry-wide change to denormalise potentially dangerous technology developments.

“As we’ve integrated technology into nearly every facet of our lives, we’ve unwittingly come to accept as normal that such technology is dangerous-by-design,” says Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA). “The situation is not a sustainable one. Rather, we need a new model where consumer safety is front and centre in all phases of the technology product lifecycle — with security designed in from the beginning — and strong safety features enabled right out of the box, without added costs.”

Virtually all technology products, especially those that support critical American infrastructure, must come equipped with strong security features as a standard, says Easterly. Achieving this goal will require a significant shift in the way technology is produced, including the code used to develop software. 

However, transitioning to secure-by-default and secure-by-design products will benefit both organisations and technology providers, allowing them to focus more on innovation and growth rather than fixing security problems, she says, and will make it harder for adversaries to carry out attacks.

Manufacturers must take responsibility

During a recent speech at Carnegie Mellon University in Pittsburgh, Easterly outlined three core principles that technology manufacturers should follow in order to integrate product safety into their processes. Firstly, technology manufacturers should take responsibility for ensuring the security outcomes of their customers, rather than placing the burden solely on the customers themselves. 

Secondly, manufacturers should adopt “radical transparency” to disclose and better understand consumer safety challenges, as well as commit to being accountable for their products. 

Finally, technology leaders should explicitly focus on building safe products and provide a roadmap outlining how products will be developed and updated to be secure-by-design and secure-by-default.

“Encouragingly, an increasing number of technology manufacturers are taking important steps in the right direction — from adopting secure programming practices to enabling strong security measures by default for their customers,” says Easterly. “Companies are realising not only strong security benefits from these steps, but also time and cost savings and improved efficiency.”

A major part of this equation also lies with universities which can play an important role by weaving security through all computer science coursework. Students need to be well-educated on security, including on memory safety and secure coding practices, and professors have a major role here. 

“Steps taken today at universities around the country can help spur an industry-wide change towards memory safe languages and add more engineering rigour to software development which in turn, will help protect all technology users,” she says.

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI