A clarion call has gone out on both sides of the Atlantic for digital technologies to be made secure by design rather than by default.
At San Francisco’s RSA cyber conference earlier this month, Jen Easterly, the director of CISA, the US Cyber Defense Agency, called for software to be made far more secure. This week, Ollie Whitehouse, the CTO of the NCSC, the UK’s National Cyber Security Centre, also echoed her thoughts, demanding that the technology industry make its products more cyber-secure from the start.
The views expressed by both Easterly and Whitehouse represent a growing groundswell of frustration and anger on the part of all types of organizations at coping with the current worldwide Blitzkrieg of cybercrime. Faced with rising cyber-insurance premiums and increasingly audacious and inventive cybercriminals, firms across all sectors, as well as public bodies, are now starting to ask for how much longer they are expected to carry the can for Silicon Valley’s shortcomings. Easterly, nominated as CISA director by President Biden in April 2021, demands that software be written with cybersecurity in mind from the start.
Make sure technology is more secure
“The only way we can make ransomware and cyberattacks a shocking anomaly is to ensure the technology is much more secure,” said Easterly.
Easterly also cited national security as another reason why the technology industry needs to get its house in order. She spoke of the ongoing problem of international cyber espionage on the part of China and Russia. She pointed to a recent example of cyber-spies breaking into Microsoft’s cloud and stealing email accounts belonging to US government officials.
“How do we make up for decades and decades of no technology minimum standards for cybersecurity? Well, it has to be recognized across the entire ecosystem that we need to do this together for the collective defense of the nation,” said Easterly.
Only days later, at the CYBERUK conference, Whitehouse demanded that the technology industry start building cybersecurity into its devices from its inception.
Silicon Valley is sitting on a simmering volcano
“We know how to build cyber-resilient technology…there’s a mechanism of addressing memory safety and legacy codebases through to rust and similar. We know how to do it technically. The challenge we actually have …is producing the level of cyber-resilient technology we actually want and we need…why is it that it’s not being realized in practice?” said Whitehouse
The stark condemnations voiced by Easterly and Whitehouse are just the first sputtering of a volcano of years of pent-up user frustration now waiting to explode under Silicon Valley. Users in all sectors and walks of life are now increasingly fed up with endless time-consuming software security patches and so-called ‘zero-day’ vulnerabilities created due to the technology industry’s innately flawed products being prematurely released onto the market. It looks as though the technology industry may finally be forced to listen to its long-suffering users’ long-standing security grievances.
