Abstract image of a padlock on a keyboard, signifying cyber security

NCSC working with global partners to ensure security by-design

Technology manufacturers are being urged to centre the design and development of their products around security, as part of a new guide produced by cyber security agencies across a group of partner nations.

The National Cyber Security Centre – part of GCHQ – has partnered with agencies from the United States, Australia, Canada, Germany, the Netherlands, and New Zealand to produce the guide, to encourage software manufacturers to embed principles of being secure-by-design as default into products to ensure that customers remain protected. Where security is treated as an add-on, customers are left vulnerable to malicious cyber-attacks.

A woman using a computer with two monitors. She is writing code.

Titled ‘Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default’, the report has been published on the website of the US Cybersecurity and Infrastructure Security Agency (CISA). It also contains information and advice for organisations to hold the companies that provide their software to account, as well as encouraging industry to collaborate with organisations to provide incentives for the provision of secure-by-design practices.

The overview to the report introduces how modern society is becoming more reliant on technology, and critical systems are being connected to internet-facing systems. It goes on to say:

“To create a future where technology and associated products are safer for customers, the authoring agencies urge manufacturers to revamp their design and development programs to permit only Secure-by-Design and Default products to be shipped to customers. Products that are Secure-by-Design are those where the security of the customers is a core business goal, not just a technical feature.”

Agencies that contributed to the guide include:

  • National Cyber Security Centre (UK)
  • Cybersecurity and Infrastructure Security Agency (USA)
  • Federal Bureau of Investigation (USA)
  • National Security Agency (USA)
  • Australian Cyber Security Centre (Australia)
  • Canadian Centre for Cyber Security (Canada)
  • Federal Office for Information Security (Germany)
  • National Cyber Security Centre (Netherlands)
  • National Cyber Security Centre (New Zealand)
  • New Zealand Computer Emergency Response Team (New Zealand)

Lindy Cameron, NCSC CEO, said:

“As our lives become increasingly digital, it is vital technology products are being designed and developed in a way that holds security as a core requirement.

“Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer.

“We call on technology manufacturers to familiarise themselves with the advice in this guide and implement secure-by design and by-default practices into their products to help ensure our society is secure and resilient online.”

A woman using a laptop and a phone, with the phone showing a padlock on the screen.

Cyber security is constantly growing in importance across the public sector. With  the furthering of digital transformation missions comes the risk that highly important systems and information fall foul of cybercrime, so it is imperative that organisations in the sector follow any guidance available to secure their systems.

To read more about some of the human threats to cyber security being faced by public sector organisations, you can access Professor Steven Furnell’s article in the Public Sector Executive Magazine from October/November 2022. Professor Steven Furnell is the head of the Cyber Security Research Group at the University of Nottingham.


PSE April/ May 2024

Alarming decline in UK costal water quality

Dive into our latest edition for April/May 2024!


More articles...

View all
Online Conference


2024 Online Conferences

In partnership with our community of public sector leaders responsible for procurement and strategy across local authorities and the wider public sector, we’ve devised a collaborative calendar of conferences and events for leaders of industry to listen, learn and collaborate through engaging and immersive conversation.

All our conferences are CPD accredited, which means you can gain points to advance your career by attending our online conferences. Also, the contents are available on demand so you can re-watch at your convenience.

Public Sector Executive Podcast

Ep. 53 Compassion and Co-operation - Dr Nik Johnson

For the 53rd episode of the Public Sector Executive Podcast, Mayor of Cambridgeshire and Peterborough, Dr Nik Johnson, spoke to host Dan Benn about some of the most important issues facing his region, as well as what drives him as a leader.