Software should have cybersecurity protection before release.
New cybersecurity guidelines from the US, Australia, Canada, UK, Germany, the Netherlands, and New Zealand emphasize this.
These governments have issued united recommendations for the first time, asking software manufacturers to prioritize security and cybersecurity in their products. The report below provides guidance: Security-by-Design and -Default: Shifting Cybersecurity Risk.
Who issued this cybersecurity advice?
Three US federal agencies and eight international partners support the software cybersecurity guidance.
The US agencies are the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA), America’s cyber defense agency.
CCCS, BSI, CERT NZ, and NCSC-UK are their international partners.
Why secure-by-design guidance?
Cyberattacks have canceled operations worldwide. Cybersecurity experts say this is one example of how technological intrusions may harm key systems that affect us all.
“Insecure technology products pose risks to individual users and our national security,” said NSA Cybersecurity Director Rob Joyce. “If manufacturers consistently prioritize security during design and development, we can reduce malicious cyber intrusions,” he said.
Due to global geopolitical instability, 93% of cyber leaders and 86% of business executives expect a “far-reaching, catastrophic cyber event” in the next two years, according to the World Economic Forum’s Global Cybersecurity Outlook 2023.
The Forum argues the danger landscape is more dynamic. “Professionalized cybercriminal groups have grown and created more new attack types.”
What should software makers do?
The Shifting the Balance in Cybersecurity Risk paper recommends programming languages without vulnerabilities for software secure-by-design.
Software makers have other fundamentals. These feature preconfigured software with the most important security controls.
Software makers must “embrace radical transparency and accountability”. For instance, discussing consumer adoption of default cybersecurity protections.
To prioritize security in software development, companies need the correct organizational structure and leadership.
The CISA principles, recognized by various national cybersecurity authorities, give software producers the motivation to improve product security and can help bolster ecosystem cybersecurity and resilience.