Brian Sims
Editor
Brian Sims
Editor
THE UK has joined international partners in sharing new advice specifically designed to help technology manufacturers put security at the core of how they design and develop their products.
An all-new joint guide issued by the National Cyber Security Centre (NCSC) – itself a part of GCHQ – and agencies from the US, Australia, Canada, Germany, the Netherlands and New Zealand encourages software manufacturers to embed ‘secure-by-design’ and ‘secure-by-default’ principles into their products in order to help keep customers safe.
Devices and products where security is treated as an ‘additional technical feature’, or where users need to make configuration changes to stay secure, can leave consumers open to malicious cyber intrusions and safety risks.
The new guide – entitled ‘Shifting the Balance of Cyber Security Risk: Principles and Approaches for Security-by-Design and Default’ – represents a shared international effort to lessen the burden of risk on customers by providing manufacturers with a roadmap of actionable steps they can take to prioritise security and reduce vulnerabilities.
The document has been published on the UK Cyber Security and Infrastructure Security Agency’s (CISA) website. It’s recommended that manufacturers follow the guide’s recommendations, which include strategies for engaging senior leaders with these security principles, and also more tactical steps such as eliminating default passwords and implementing single sign-on technology.
There’s also salient advice aimed at organisations to help them hold their technology suppliers accountable for cyber security outcomes. Further, the document encourages collaboration with industry partners to incentivise ‘secure-by-design’ and ‘secure-by-default’ practices.
Core requirement
NCSC CEO Lindy Cameron commented: “As our lives become increasingly digital, it’s vital for technology products to be designed and developed in a way that holds security as a core requirement. Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer.”
Cameron continued: “We call on technology manufacturers to familiarise themselves with the advice in this guide and implement ‘secure-by design’ and ‘secure-by-default’ practices within their products in order to help ensure our society is secure and resilient online.”
In addition to the NCSC and CISA, the guide has been produced with input from the Federal Bureau of Investigation, the National Security Agency, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, Germany’s Federal Office for Information Security, the Netherlands’ National Cyber Security Centre, New Zealand’s National Cyber Security Centre and the New Zealand Computer Emergency Response Team.