Share this article on:
Australia and New Zealand co-sign new guidance in Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default white paper.
The Cybersecurity and Infrastructure Security Agency (CISA) announced the new guidance overnight, at the Singapore Cyber Week conference.
The updated document is based on both constructive criticism and feedback from a wide range of stakeholders, including a raft of international agencies.
“Ten US and international partners co-sealed the first version of the white paper,” said four of CISA’s senior executives in a blog post. “This version includes an incredible eight additional countries and international organisations.”
Both the Australian Cyber Security Centre and the Computer Emergency Response Team New Zealand are signatories, as well as New Zealand’s National Cyber Security Centre.
“This scale of feedback and partnership underscores that the industry is keen to have this conversation and that the time to shift the responsibility for security is now,” CISA said. “We have been honoured by how generous people have been with their time and expertise.”
Three design summits helped with providing additional feedback. The first was an internal event called Summit Zero, which focused on the basic challenges for the software industry when it comes to baking in secure-by-design principles.
Another summit looked at educational technology in the K-12 sector.
“A number of edtech companies, ranging from small to large, participated to share their experiences in serving their customers while trying to improve their secure development practices,” CISA said.
“This goal is a significant challenge for smaller software companies, and one the industry needs to address: How can we democratise the “well-lit paths” that some larger software companies have created to ensure the path of least resistance for their software developers is also the most secure one?”
This led to a pledge from K-12 software manufacturers to focus on secure-by-design principles.
A third summit focused on tertiary education and related science programs.
“At this event, we heard about the challenges facing faculty who are trying to satisfy many goals as they prepare the nation’s software workforce for their careers,” CISA said.
CISA representatives also attended events such as the DEF CON hacking conference in Las Vegas this year, asking hackers at the conference to go over the initial April white paper with a red pen.
The next step for CISA will be a Request for Information concerning secure-by-design engineering, released sometime in the next month.
You can find the full version of the latest white paper here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.