Skip to content
A just published new guide asks manufacturers to ensure technology products are made secure by design, & also by default.
The UK has today (Thur. 13th) joined international partners in sharing new advice to help technology manufacturers place security at the centre of how they design & develop their products.
This new joint guide, by the National Cyber Security Centre (NCSC) – part of GCHQ – together with agencies from the US, Australia, Canada, Germany, the Netherlands & New Zealand, encourages software manufacturers to ‘embed’ secure-by-design & by-default techniques into their products to help keep their customers safe.
International Effort
Devices & products where security is treated as an ‘additional technical feature’ or where users need to make configuration changes to stay secure can leave consumers vulnerable to malicious cyber intrusions & safety risks.
The ‘Shifting the Balance of Cybersecurity Risk: Principles & Approaches for Security-by-Design & Default’ guide represents a shared, international effort to reduce risk to customers by providing manufacturers with a ‘roadmap’ of actionable steps they can take to prioritise security & reduce vulnerabilities.
It is published on the US Cybersecurity & Infrastructure Security Agency (CISA) website.
Recommendations
It is recommended manufacturers follow the guide’s recommendations, which include strategies for engaging senior leaders with these security principles & more tactical steps such as eliminating default passwords & implementing ‘single sign-on’ technology.
There is also advice aimed at organisations to help them hold their technology suppliers accountable for cyber security outcomes & encourages collaboration with industry partners to incentivise secure-by-design & by-default practices.
NCSC CEO Lindy Cameron stated:
“As our lives become increasingly digital, it is vital technology products are being designed & developed in a way that holds security as a core requirement.
“Our new joint guide aims to drive the conversation around security standards & help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer.
“We call on technology manufacturers to familiarise themselves with the advice in this guide & implement secure-by design & by-default practices into their products to help ensure our society is secure & resilient online.”
Joint Guide
The NCSC has issued this guide with the Cybersecurity & Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), Germany’s Federal Office for Information Security (BSI), the Netherlands’ National Cyber Security Centre (NCSC-NL), New Zealand’s National Cyber Security Centre (NCSC-NZ) & New Zealand Computer Emergency Response Team (CERT-NZ).
It can be read on the CISA website.
