Abstract image of a padlock on a keyboard, signifying cyber security

NCSC working with global partners to ensure security by-design

Technology manufacturers are being urged to centre the design and development of their products around security, as part of a new guide produced by cyber security agencies across a group of partner nations.

The National Cyber Security Centre – part of GCHQ – has partnered with agencies from the United States, Australia, Canada, Germany, the Netherlands, and New Zealand to produce the guide, to encourage software manufacturers to embed principles of being secure-by-design as default into products to ensure that customers remain protected. Where security is treated as an add-on, customers are left vulnerable to malicious cyber-attacks.

A woman using a computer with two monitors. She is writing code.

Titled ‘Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default’, the report has been published on the website of the US Cybersecurity and Infrastructure Security Agency (CISA). It also contains information and advice for organisations to hold the companies that provide their software to account, as well as encouraging industry to collaborate with organisations to provide incentives for the provision of secure-by-design practices.

The overview to the report introduces how modern society is becoming more reliant on technology, and critical systems are being connected to internet-facing systems. It goes on to say:

“To create a future where technology and associated products are safer for customers, the authoring agencies urge manufacturers to revamp their design and development programs to permit only Secure-by-Design and Default products to be shipped to customers. Products that are Secure-by-Design are those where the security of the customers is a core business goal, not just a technical feature.”

Agencies that contributed to the guide include:

  • National Cyber Security Centre (UK)
  • Cybersecurity and Infrastructure Security Agency (USA)
  • Federal Bureau of Investigation (USA)
  • National Security Agency (USA)
  • Australian Cyber Security Centre (Australia)
  • Canadian Centre for Cyber Security (Canada)
  • Federal Office for Information Security (Germany)
  • National Cyber Security Centre (Netherlands)
  • National Cyber Security Centre (New Zealand)
  • New Zealand Computer Emergency Response Team (New Zealand)

Lindy Cameron, NCSC CEO, said:

“As our lives become increasingly digital, it is vital technology products are being designed and developed in a way that holds security as a core requirement.

“Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer.

“We call on technology manufacturers to familiarise themselves with the advice in this guide and implement secure-by design and by-default practices into their products to help ensure our society is secure and resilient online.”

A woman using a laptop and a phone, with the phone showing a padlock on the screen.

Cyber security is constantly growing in importance across the public sector. With  the furthering of digital transformation missions comes the risk that highly important systems and information fall foul of cybercrime, so it is imperative that organisations in the sector follow any guidance available to secure their systems.

To read more about some of the human threats to cyber security being faced by public sector organisations, you can access Professor Steven Furnell’s article in the Public Sector Executive Magazine from October/November 2022. Professor Steven Furnell is the head of the Cyber Security Research Group at the University of Nottingham.

PSE December/January 2024

PSE December/January 2024

Northumberland’s climate change resource is empowering the next generation

Dive into our latest edition for December/January. Discover insightful articles on climate change, innovation in nuclear decommissioning, fostering collaboration, and more.



View all videos
#PSE365: Public Sector Events

Be A Part Of It!

PSE365: Public Sector Virtual Events

PSE has created a full calendar of events to address the most important issues that influence the delivery of public sector services. 


Over 365 days you’ll have the opportunity to hear from a range of highly motivating, informative and inspirational speakers. These speakers will equip you with knowledge and unique insight to enable you to overcome the challenges that you face.


See our full events calendar and register now! 

Public Sector Executive Podcast

Ep. 46
Loyalty, Covid pressures, and crucial transport connections
Tom Riordan

In 2020, most of the world stopped. People were forced to stay at home and many people were furloughed. This episode's guest, however, was thrown into the forefront of the government's response to to the Covid-19 pandemic, leading the tracing system and working alongside local and central government bodies.

Host Dan Benn is joined by Tom Riordan, Chief Executive of Leeds City Council, to discuss loyalty, the pressures of Covid-19, and the importance of transport to a city like Leeds.

More articles...

View all