UK and international partners share advice on tech product security
Image copyright Shutterstock
In a new joint guide by the National Cyber Security Centre (NCSC) – a part of GCHQ – and agencies from the US, Australia, Canada, Germany, the Netherlands and New Zealand, software manufacturers are encouraged to embed secure-by-design and by-default principles into their products to help keep customers safe.
Devices and products where security is treated as an ‘additional technical feature’ or where users need to make configuration changes to stay secure can leave consumers open to malicious cyber intrusions and safety risks.
The ‘Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default’ guide represents a shared, international effort to lessen the burden of risk on customers by providing manufacturers with a roadmap of actionable steps they can take to prioritise security and reduce vulnerabilities. It is published on the US Cybersecurity and Infrastructure Security Agency (CISA) website.
It is recommended manufacturers follow the guide’s recommendations, which include strategies for engaging senior leaders with these security principles and more tactical steps such as eliminating default passwords and implementing single sign-on technology.
There is also advice aimed at organisations to help them hold their technology suppliers accountable for cyber security outcomes and encourages collaboration with industry partners to incentivise secure-by-design and by-default practices.
NCSC CEO Lindy Cameron said: “As our lives become increasingly digital, it is vital technology products are being designed and developed in a way that holds security as a core requirement.
“Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer.
“We call on technology manufacturers to familiarise themselves with the advice in this guide and implement secure-by design and by-default practices into their products to help ensure our society is secure and resilient online.”
The NCSC has issued this guide with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), Germany’s Federal Office for Information Security (BSI), the Netherlands’ National Cyber Security Centre (NCSC-NL), New Zealand’s National Cyber Security Centre (NCSC-NZ) and New Zealand Computer Emergency Response Team (CERT-NZ).
It can be read on the CISA website .
