68 manufacturers commit to CISA's Secure by Design pledge

0 12

By Matthew Griffin Security and Privacy 23rd May 2024

WHY THIS MATTERS IN BRIEF

As cyber attacks increase exponentially global software manufacturers are now committed to baking security into all of their products by default.

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced that 68 software manufacturers have voluntarily committed to its “Secure by Design” pledge. The initiative aims to enhance product cyber security by incorporating security measures during the products design phase. By participating in the pledge, these manufacturers are dedicated to working towards the outlined goals. The Secure by Design pledge represents a significant advancement in CISA’s initiative to promote secure product design which it will help reduce and limit the impact of increasingly catastrophic cyber attacks.

Skies beckon as NASA takes delivery of it's first all electric X-Plane

The seven goals of the pledge are Multi-Factor Authentication (MFA); default passwords; reducing entire classes of vulnerability; security patches; vulnerability disclosure policy; CVEs; and evidence of intrusions. Each goal has core criteria that manufacturers are committing to work towards, in addition to context and example approaches to achieve the goal and demonstrate measurable progress.

Participating software manufacturers are pledging to work over the next year to demonstrate measurable progress towards seven concrete goals. To enable a variety of approaches, software manufacturers participating in the pledge have the discretion to decide how best they can meet and demonstrate the core criteria of each goal, but progress should be demonstrated in public.

Launched last year, the CISA’s global Secure by Design initiative implements the White House’s National Cybersecurity Strategy by shifting the cybersecurity burden away from end users and individuals to technology manufacturers who are most able to bear it. CISA urges software manufacturers to review CISA’s Secure by Design guidance and Secure by Design alerts to build security into their products.

Scientists find a way to supercharge lasers by a million fold

“More secure software is our best hope to protect against the seemingly never-ending scourge of cyber attacks facing our nation. I am glad to see leading software manufacturers recognize this by joining us at CISA to build a future that is more secure by design,” Jen Easterly, CISA director, said in a media statement. “I applaud the companies who have already signed our pledge for their leadership and call on all software manufacturers to take the pledge and join us in creating a world where technology is safe and secure right out of the box.”

“A more secure by design future is indeed possible. The items in the pledge directly address some of the most pervasive cybersecurity threats we at CISA see today, and by taking the pledge software manufacturers are helping raise our national cybersecurity baseline,” Jack Cable, CISA senior technical advisor, said. “Every software manufacturer should recognize that they have a responsibility to protect their customers, contributing to our national and economic security. I appreciate the leadership of those who signed on and hope that every technology manufacturer will follow suit.”

The Secure by Design pledge has been signed by 68 companies, including vendors such as AWS, Cisco, Google, IBM, Microsoft, Palo Alto Networks, and Trend Micro. Other signatories include cybersecurity firms like Claroty, CrowdStrike, Cybeats, Finite State, Forescout, Fortinet, Rapid7, SentinelOne, Sophos, Tenable, Trend Micro, and Zscaler, among others. This collective commitment aims to enhance product security and promote a culture of secure design practices across the industry.

Malvertising steps up a gear as criminals use Google Ads to con victims

The Secure by Design pledge requires signatories to show tangible progress within one year of signing. This includes increasing the use of MFA, reducing default passwords, and addressing vulnerability classes in their products. The pledge emphasizes measurable actions to enhance product security and reduce common security risks within the specified timeframe.

The pledge also aims to demonstrate actions within one year of signing, such as increasing security patch installations by customers, establishing a vulnerability disclosure policy (VDP) allowing public testing, providing clear channels for reporting vulnerabilities, and enabling public disclosure in line with best practices.

Additionally, transparency in vulnerability reporting includes accurate CWE and CPE fields in every CVE record, timely issuance of CVEs for critical vulnerabilities, and enhancing customers’ ability to gather evidence of cybersecurity intrusions affecting the manufacturer’s products.

Aembit unveils Workload IAM to secure every company workload

Earlier this week, the Department of Homeland Security (DHS) and the CISA announced changes to the Cyber Safety Review Board (CSRB) membership. Jamil Jaffer, venture partner at Paladin Capital Group and founder and executive director, National Security Institute, George Mason University Scalia Law School; David Luber, director, cybersecurity directorate at National Security Agency (NSA); Katie Nickels, senior director of intelligence operations at Red Canary; and Chris Krebs, chief intelligence and public policy officer at SentinelOne will be joining the CSRB.

Matthew Griffin / About Author

Matthew Griffin, multi-award winning Futurist and named Futurist of the Year 2024, has been described as a "Walking encyclopaedia of the future" by NASA and a futurist polymath. One of the world's most renowned futurists and strategic foresight experts Matthew is the 15 times author of the blockbuster "Codex of the Future" series, and is the Founder and Futurist in Chief of the 311 Institute, a global Futures and Deep Futures advisory firm working across the next 50 years, XPotential University, the world's first free futures and foresight university, and the World Futures Forum which works with the United Nations to solve the worlds greatest challenges. Matthew is an in demand international keynote, acclaimed university lecturer and mentor, and host of the hit Fanatical Futurist podcast.

A rare talent in his past Matthew helped build and run several multi-billion dollar business units for Atos, Dell-EMC, and IBM, and his ability to identify, track, and explain the impacts of hundreds of emerging technologies and trends on global business, culture, and society has earned him a powerful reputation and a roster of clients that include royal households, world leaders, G7, G20, and G77+ governments, and many of the world's most respected brands including ABB, Accenture, Adidas, AON, ARM, BCG, Centrica, Citi Group, Coca Cola, Dentons, Deloitte, Disney, Dow, EY, KPMG, Lego, Legal & General, LinkedIn, Microsoft, PepsiCo, Qualcomm, RWE, Samsung, T-Mobile, UBS, VISA, and many others. He was also the only futurist invited to talk at the UN COP28 held in Dubai alongside world leaders.

Regularly featured in the global media including the AP, BBC, Bloomberg, CNBC, Discovery, Forbes, Khaleej Times, Telegraph, TIME, ViacomCBS, WIRED, and the WSJ, Matthews mission is to help organisations create a fair and sustainable future whose benefits are shared by everyone irrespective of their ability, background, or circumstances.