The Cybersecurity and Infrastructure Security Agency plans to release Security by Design principles this week to implement secure coding practices that are a central part of the Biden administration’s recently released National Cybersecurity Strategy.
The document isn’t intended to be the “holy grail” of security by design, CISA director Jane Easterly said Tuesday at the CrowdStrike government summit in Washington, but it’s an important step toward shifting the burden to software companies. Individual Users and Small Businesses” regarding cyber security.
A secure-by-design approach to building software products is not a new idea, but it is gaining more interest. Prior to the release of the National Cybersecurity Strategy, Easterly and Eric Goldstein, the CIA’s Assistant Director for Cybersecurity, wrote an op-ed calling for software vendors. “Stop Passing the Money on Cyber Security.” Easterly, speaking at a recent Carnegie Mellon University event, made a call for three to keep it safe by design. “Main Principles” For technology manufacturers.
At the CrowdStrike meeting, Easterly reiterated the principals of software vendors, which are to take ownership of security outcomes for their customers, provide “radical transparency” to their customers, and improve product quality by focusing on building secure products. “It’s incredibly important to focus on making sure the software that runs our lives is secure by design and secure by default,” she says.
Early implementation of Safe by Design comes from the Department of Energy. Cyber information engineering strategyA framework that aims to incorporate cyber security into engineering practices.
CISA, known in the East, will focus on open source software used in industrial control systems in the coming months. In addition, she said, CISA works on A high risk community protection initiative was announced At the end of March.
Easterly spoke of the need for greater resilience in the face of growing cyber threats, and pointed out that one big lesson from the Ukraine war is “the resilience of society”.
“I don’t think our country has shown this during the colonial pipeline, and I don’t think it has shown us under a high-altitude balloon recently,” she said, referring to Chinese spy balloons that floated over the US. .
In the early days of the Colony Pipeline ransomware incident, after the company shut down the pipeline during recovery, Fear of gas loss They lead to long lines at the pump. “At the end of the day, I think our ability to stay calm and bear the brunt is going to be key to dealing with the most significant national threats,” Easterly continued.