Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Five Eyes cyber crackdown targets insecure software development

Cyber security bodies from nations in the Five Eyes alliance and more are cracking down on software firms that sell products with security flaws, only to then be patched later.

user icon Daniel Croft
Tue, 18 Apr 2023
Five Eyes cyber crackdown targets insecure software development
expand image

The Australian Signals Directorate and Australian Cyber Security Centre (ACSC), alongside cyber authorities from Canada, Germany, the Netherlands, New Zealand and the UK, joined the US’ FBI and NSA in developing a guidance report that pressures developers to release products that are secure-by-design and -default.

Fully titled “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default”, the new guidance publication outlines several core principles that “break the vicious cycle of creating and applying fixes”.

“This guidance, the first of its kind, is intended to catalyse progress toward further investments and cultural shifts necessary to achieve a safe and secure future,” said the US’ Cybersecurity and Infrastructure Security Agency.

============
============

“In addition to specific technical recommendations, this guidance outlines several core principles to guide software manufacturers in building software security into their design processes prior to developing, configuring, and shipping their products.”

Products that are secure-by-design and secure-by-default are designed to be secure foundationally and without any additional costs or effort, respectively.

Alongside stating that software development needs to follow the above principles, the guidance made a number of recommendations to software vendors, including the notion that “the burden of security should not fall solely on the customer” and that to achieve the goal of a secure product, organisations should “build organisational structure and leadership”.

“Cyber security cannot be an afterthought,” said Abigail Bradshaw, head of the Australian Cyber Security Centre.

“Consumers deserve products that are secure from the outset. Strong and ongoing engagement between government, industry and the public is vital to putting cyber security at the centre of the technology design process.”

Rob Joyce, cyber security director for the NSA, called insecure technology a potential risk to “individual users and our national security”.

“If manufacturers consistently prioritise security during design and development, we can reduce the number of malicious cyber intrusions we see. The international coalition partnering on this report speaks to the importance of this issue,” Joyce said.

The full guidance report and list of recommendations can be found on the CISA website.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.