The multinational and interagency Security-by-Design and -Default guidance represents a paradigm shift that aims to make IT defense a basic right for users, said Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency.
Goldstein on Tuesday participated in a forum hosted by the Washington Post and sponsored by CrowdStrike, giving an overview of an updated version of the guidance, which CISA intends to release in the coming weeks.
Security-by-Design was jointly developed by CISA, FBI and the U.S. National Security Agency, as well as the cybersecurity authorities of Australia, Canada, Germany, Netherlands, New Zealand and the United Kingdom. The guidance includes technical recommendations to ensure that products are manufactured with reliable security features, instead of letting defects appear after shipment to customers.
“If you are purchasing a technology product as a customer, you deserve to be secure. You deserve to have the features in that product that are going to keep you safe, and we need customers across sectors, including government, to demand that right,” Goldstein stressed.
CISA will soon issue a request for public comment to gain external insight on its new version of the guidance.
On Nov. 15, the Potomac Officers’ Club will gather homeland and national security leaders who will share their modernization and digital transformation initiatives and plans. The 2023 Homeland Security Summit will be held at the Hilton-McLean Virginia, and registration is now open.