.png?width=1816&height=566&name=brandmark-design%20(83).png "brandmark-design (83)")
As part of the U.S. government’s efforts to shift cybersecurity responsibilities toward technology developers and away from users, 68 software manufacturers have voluntarily agreed to commit to a Secure by Design pledge, according to an announcement this month from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
Participants in CISA’s program will have a year to exhibit quantifiable progress towards meeting seven key objectives that will help secure their products from the early planning stages of the software development lifecycle. These goals are: introducing multifactor authentication, eliminating default passwords, targeting entire classes of vulnerabilities for reduction, promoting customer implementation of security patches, publishing a vulnerability disclosure policy, achieving transparent vulnerability disclosure practices via improved CVE reporting, and improving users’ ability to gather evidence of cybersecurity intrusions.
Manufacturers are encouraged to publicly document their progress, as well as explain to CISA what steps they have taken and what obstacles may have impeded further progress.
“More secure software is our best hope to protect against the seemingly never-ending scourge of cyberattacks facing our nation. I am glad to see leading software manufacturers recognize this by joining us at CISA to build a future that is more secure by design,” said CISA Director Jen Easterly in a press release that went public during the RSA Conference. “I applaud the companies who have already signed our pledge for their leadership and call on all software manufacturers to take the pledge and join us in creating a world where technology is safe and secure right out of the box.”
This was not the federal government’s only announcement that took place during the world’s largest cybersecurity conference.
On May 6, the U.S. State Department also debuted its U.S. International Cyberspace and Digital Strategy, which encourages global cooperation among government entities and private-sector companies as they engage in threat sharing, combat ransomware and nation-state threats, develop standards and frameworks, and create best practices for AI and other emerging technologies.
“Our ability to design, to develop, to deploy technologies will determine our capacity to shape the tech future. And naturally, operating from a position of strength better positions us to set standards and advance morals around the world,” said Secretary of State Antony Blinken at the RSA conference. “But our advantage comes not just from our domestic strength. It comes from our solidarity with a majority of the world that shares our vision for a vibrant, open and secure technological future. And from an unmatched network of allies and partners, with whom we can work in common cause…”
Additionally, Homeland Security Secretary Alejandro Mayorkas said at RSA that his department held the first meeting of its AI Safety and Security Advisory Board, kicking off a new effort to manage how the emerging technology is responsibly deployed, and how critical infrastructure providers can defend themselves against the malevolent use of AI.
Composed of thought leaders from the technology sector and civil society, the board is “focused on the safe, secure and responsible implementation of AI in our nation’s critical infrastructure,” said Mayorkas, including the “systems and services upon which Americans rely every day.”
The focus of the initial meeting, he continued, was to establish the basic “principles that will ground our work,” but the ultimate intention is to “develop a national plan.”
