U.S. cybersecurity officials implores firms to adopt “secure by design”
U.S. cybersecurity authorities have met with tech leaders and industry groups to advocate for the use of “secure by design” concepts in commercial software. The Cybersecurity and Infrastructure Agency (CISA) and the Department of Energy (DOE) are spearheading the effort to spread these concepts across several industries.
The objective is to limit the amount of vulnerabilities in commercial software and move the cost of cybersecurity maintenance away from customers and onto technology firms. It also intends to keep small and medium-sized organizations, schools, water utilities, and hospitals from having to manage cybersecurity risks on their own if they become victims of ransomware or other assaults.
The CISA’s activities are supplemented by the Department of Energy’s Cyber Informed Engineering Program, which assists industrial enterprises in implementing secure by design principles in their operational technology. The DOE’s Cyber Informed Engineering Program supplements the mission by assisting industrial firms in implementing secure by design solutions in their operational technologies.
The initiative was primarily created for the energy industry and was unveiled last year after Congress approved a strategy to lessen the danger of cyberattacks on physical plants. It has, however, now been broadened to incorporate additional physically designed systems such as structures, space systems, and weapons platforms.
CISA recently organized two listening sessions, one with business partners and one with the open-source community, to examine the concepts contained in the agency’s white paper. Eric Goldstein, CISA’s executive assistant director for cybersecurity, argued in one of them that those who can shoulder the responsibility should be held accountable for delivering secure services by design by default.
According to Cherri Caddy, deputy assistant national cyber director at the Office of the National Cyber Director, the efforts are linked as the United States works toward a future of interconnected infrastructure. She underlined the importance of shifting responsibility for software and system security from end users to manufacturers.
The sources for this piece include an article in CyberScoop.