Technology manufacturers are being urged to centre the design and development of their products around security, as part of a new guide produced by cyber security agencies across a group of partner nations.
The National Cyber Security Centre – part of GCHQ – has partnered with agencies from the United States, Australia, Canada, Germany, the Netherlands, and New Zealand to produce the guide, to encourage software manufacturers to embed principles of being secure-by-design as default into products to ensure that customers remain protected. Where security is treated as an add-on, customers are left vulnerable to malicious cyber-attacks.
Titled ‘Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default’, the report has been published on the website of the US Cybersecurity and Infrastructure Security Agency (CISA). It also contains information and advice for organisations to hold the companies that provide their software to account, as well as encouraging industry to collaborate with organisations to provide incentives for the provision of secure-by-design practices.
The overview to the report introduces how modern society is becoming more reliant on technology, and critical systems are being connected to internet-facing systems. It goes on to say:
“To create a future where technology and associated products are safer for customers, the authoring agencies urge manufacturers to revamp their design and development programs to permit only Secure-by-Design and Default products to be shipped to customers. Products that are Secure-by-Design are those where the security of the customers is a core business goal, not just a technical feature.”
Agencies that contributed to the guide include:
- National Cyber Security Centre (UK)
- Cybersecurity and Infrastructure Security Agency (USA)
- Federal Bureau of Investigation (USA)
- National Security Agency (USA)
- Australian Cyber Security Centre (Australia)
- Canadian Centre for Cyber Security (Canada)
- Federal Office for Information Security (Germany)
- National Cyber Security Centre (Netherlands)
- National Cyber Security Centre (New Zealand)
- New Zealand Computer Emergency Response Team (New Zealand)
Lindy Cameron, NCSC CEO, said:
“As our lives become increasingly digital, it is vital technology products are being designed and developed in a way that holds security as a core requirement.
“Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer.
“We call on technology manufacturers to familiarise themselves with the advice in this guide and implement secure-by design and by-default practices into their products to help ensure our society is secure and resilient online.”
Cyber security is constantly growing in importance across the public sector. With the furthering of digital transformation missions comes the risk that highly important systems and information fall foul of cybercrime, so it is imperative that organisations in the sector follow any guidance available to secure their systems.
To read more about some of the human threats to cyber security being faced by public sector organisations, you can access Professor Steven Furnell’s article in the Public Sector Executive Magazine from October/November 2022. Professor Steven Furnell is the head of the Cyber Security Research Group at the University of Nottingham.