Abstract image of a padlock on a keyboard, signifying cyber security

NCSC working with global partners to ensure security by-design

Technology manufacturers are being urged to centre the design and development of their products around security, as part of a new guide produced by cyber security agencies across a group of partner nations.

The National Cyber Security Centre – part of GCHQ – has partnered with agencies from the United States, Australia, Canada, Germany, the Netherlands, and New Zealand to produce the guide, to encourage software manufacturers to embed principles of being secure-by-design as default into products to ensure that customers remain protected. Where security is treated as an add-on, customers are left vulnerable to malicious cyber-attacks.

A woman using a computer with two monitors. She is writing code.

Titled ‘Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default’, the report has been published on the website of the US Cybersecurity and Infrastructure Security Agency (CISA). It also contains information and advice for organisations to hold the companies that provide their software to account, as well as encouraging industry to collaborate with organisations to provide incentives for the provision of secure-by-design practices.

The overview to the report introduces how modern society is becoming more reliant on technology, and critical systems are being connected to internet-facing systems. It goes on to say:

“To create a future where technology and associated products are safer for customers, the authoring agencies urge manufacturers to revamp their design and development programs to permit only Secure-by-Design and Default products to be shipped to customers. Products that are Secure-by-Design are those where the security of the customers is a core business goal, not just a technical feature.”

Agencies that contributed to the guide include:

  • National Cyber Security Centre (UK)
  • Cybersecurity and Infrastructure Security Agency (USA)
  • Federal Bureau of Investigation (USA)
  • National Security Agency (USA)
  • Australian Cyber Security Centre (Australia)
  • Canadian Centre for Cyber Security (Canada)
  • Federal Office for Information Security (Germany)
  • National Cyber Security Centre (Netherlands)
  • National Cyber Security Centre (New Zealand)
  • New Zealand Computer Emergency Response Team (New Zealand)

Lindy Cameron, NCSC CEO, said:

“As our lives become increasingly digital, it is vital technology products are being designed and developed in a way that holds security as a core requirement.

“Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer.

“We call on technology manufacturers to familiarise themselves with the advice in this guide and implement secure-by design and by-default practices into their products to help ensure our society is secure and resilient online.”

A woman using a laptop and a phone, with the phone showing a padlock on the screen.

Cyber security is constantly growing in importance across the public sector. With  the furthering of digital transformation missions comes the risk that highly important systems and information fall foul of cybercrime, so it is imperative that organisations in the sector follow any guidance available to secure their systems.

To read more about some of the human threats to cyber security being faced by public sector organisations, you can access Professor Steven Furnell’s article in the Public Sector Executive Magazine from October/November 2022. Professor Steven Furnell is the head of the Cyber Security Research Group at the University of Nottingham.

Public Sector Executive, Feb/March, Cover

PSE Feb/March, 23

Greater choice, greater results

Our February/March 2023 edition of PSE brings you expert comment and analysis on a range of key public sector topics, from EV infrastructure to Digital transformation and reducing carbon emissions. Learn how the UK Government is investing in highway and freight innovation or read Cllr Matthew Hicks discuss the first step towards an exciting future for Suffolk, alongside so much more…

Videos...

View all videos
#PSE365: Public Sector Decarbonisation

Be A Part Of It!

PSE365: Public Sector Decarbonisation Virtual Event | 21 Mar 2023

PSE has created a full calendar of events to address the most important issues that influence the delivery of public sector services. 

Over 365 days you’ll have the opportunity to hear from a range of highly motivating, informative and inspirational speakers. These speakers will equip you with knowledge and unique insight to enable you to overcome the challenges that you face.

Industry Survey

What are the biggest issues facing the Public Sector?

 Public Sector Executive is undergoing some in-depth research around the issues the Public Sector is facing and the importance of deploying and using new technology within Public Sector organisations. 

We are asking for your help to better understand how public sector organisations are utilising technology to support their digital strategy and your opinion on what the biggest issues facing the public sector are.

This survey only takes a couple of minutes to complete and to thank you for your time and for filling out our survey, we'll enter you into a prize draw to win a £50 Amazon voucher.

In order to assist public sector organisations with improving their existing technology estate, we hope to leverage our findings to share best practises and innovations across the public sector.

More articles...

View all