The Cybersecurity and Infrastructure Security Agency (CISA) has recently announced a significant new initiative known as “Secure by Design,” which has garnered the commitment of 68 leading technology providers. This initiative is part of a broader strategy to integrate more robust security features directly into software products at the design stage. Announced by CISA Director Jen Easterly, the initiative aims to address the relentless challenges posed by cyberattacks and enhance the overall security of digital infrastructure. The pledge taken by the companies involves a commitment to achieving seven specific security goals within a year, which include measures like implementing multi-factor authentication and eliminating default passwords.
The Secure by Design initiative is a proactive measure to shift the responsibility of cybersecurity from end-users to manufacturers, who are better equipped to implement effective security measures. By embedding security features from the outset, the initiative aims to reduce the prevalence of vulnerabilities and make software products inherently safer. This approach not only aims to protect critical infrastructure but also to raise the national cybersecurity baseline, as emphasized by CISA Senior Technical Advisor Jack Cable. The participating companies are expected to demonstrate measurable progress in enhancing security across their products, thereby contributing to the national and economic security.
Among the specific goals set by the initiative are the enhancement of security patch installations, the publishing of a comprehensive vulnerability disclosure policy, and increased transparency in vulnerability reporting. These measures are intended to make it easier for users to secure their systems and for the public to understand and trust the security measures being taken. Companies are also expected to improve their capabilities to detect and report cybersecurity intrusions, further strengthening defenses against potential cyber threats.
This initiative is part of the implementation of the White House’s National Cybersecurity Strategy, which emphasizes the importance of building security into technology products right from the design phase. CISA has also been actively urging software manufacturers to adhere to its Secure by Design guidance and alerts, aiming to standardize security practices across the industry. With the backing of numerous prominent companies, the initiative marks a critical step forward in the collective effort to mitigate the risks associated with cyberattacks and protect sensitive information and infrastructure.
