Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, highlighted the need to adopt a new cybersecurity model where technology providers build in security from the start of the development process and “in which responsibility for technology safety is shared based upon an organization’s ability to bear the burden and where problems are fixed at the earliest possible stage.”
“In sum, we need a model of sustainable cybersecurity, one where incentives are realigned to favor long-term investments in the safety and resilience of our technology ecosystem, and where responsibility for defending that ecosystem is rebalanced to favor those most capable and best positioned to do so,” she said during a speech Monday at Carnegie Mellon University in Pittsburgh.
To advance the sustainable cybersecurity model, Easterly, a 2023 Wash100 awardee, said there are three core principles tech manufacturers should take to integrate product safety into their processes for designing, implementing and maintaining their products and one is taking ownership of security outcomes for their customers.
The CISA director noted that tech providers should adopt “radical transparency” to help better understand the challenges related to consumer safety and develop a roadmap that outlines the company’s plan for how tech offerings will be “developed and updated to be both secure-by-design and secure-by-default.”
Easterly stated that security-by-design calls for manufacturers to adopt secure coding practices, implement a transparent vulnerability disclosure policy and migrate to memory-safe languages.