Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community
CISA’s Secure by Design Initiative at 1: A report card
In April, the Cybersecurity and Infrastructure Security Agency’s Secure by Design initiative celebrated its first birthday. CISA marked the moment with a blog post outlining its achievements over the last year.
2 Min Read
In April, the Cybersecurity and Infrastructure Security Agency’s Secure by Design initiative celebrated its first birthday. CISA marked the moment with a blog post outlining its achievements over the last year.
One year ago, advocates of secure design welcomed the launch of the initiative, particularly as it followed so quickly behind the National Cybersecurity Strategy, which made secure design a critical tenet of the Biden Administration’s approach to dealing with insecure software.
CISA says the overall goal of the initiative is to “shift the responsibility of security from end users to technology manufacturers.” So, how well has it done?
This is its first-grade report card.
Raising Awareness
CISA’s focus on secure design and its concerted effort to keep it on the cyber agenda has significantly raised awareness of its importance. The agency has set out principles and guidance for the implementation of secure design for technology providers and software developers and provided regular updates through its blog and alerts, ensuring a steady drumbeat of news and information.
In addition, eye-catching global initiatives that have seen alignment on secure design principles with 16 other nations have extended beyond the US borders and helped focus media attention on the issue.
CISA’s influence, reach, and the resources it has put into raising the awareness of secure by design have made a big difference, and it is now much more a part of day-to-day conversations about software and product security. An undoubted success.
Grade: A
Practical Action
The big secure by design headline stemming from the National Cybersecurity Strategy was the announcement that liability for security would be introduced for software providers. In a February update, National Cyber Director Harry Coker reportedly said that his office is working with academics and legal experts to develop a liability regime.
Introducing liability will require legislation and political support — it cannot be done by CISA alone. However, truly shifting responsibility from end users to manufacturers so that when software comes to market it is designed securely will require manufacturers to be made liable. This is the game changer — without it, progress won’t be as fast as we need it to be.
To read the rest of the article, visit Dark Reading.
