Cybersecurity and Infrastructure Security Agency Director Jen Easterly, renewed calls for private industry to develop more secure technology products, weeks after a major address at Carnegie Mellon University.
The transition to secure-by-design will require a major shift in how technology products are developed, Easterly said, and that will include changes in the code used to develop software.
After meeting with students and faculty at CMU last month, Easterly is calling on universities to include security as a standard feature in computer science coursework, she said in a blog post released Friday.
“Students need to be well educated on security – including on memory safety and secure coding practices, and professors have a major role here,” Easterly wrote in the blog post. “Steps taken today at universities around the country can help spur an industrywide change towards memory safe languages and add more engineering rigor to software development which in turn, will protect all technology users.”
Tech manufacturers need to change the way they develop new products so less time will be spent fixing defective products. This will leave more time for innovation and growth, she said.
- The burden of safety should never fall on customers.
- Tech manufacturers should embrace radical transparency and quickly disclose safety concerns.
- Tech manufacturers should lay out a road map showing plans for how products will be developed and updated to make sure they are secure-by-design and secure-by-default.
The Easterly speech in late February laid the groundwork for the release of the Biden administration’s National Cybersecurity Strategy. It serves as a comprehensive blueprint for how government and private industry hopes to tackle the rise of malicious cyber activity from both criminal gangs and nation-state adversaries.
The strategy calls on a major shift to hold software developers and other manufacturers accountable for the safety and security of their products, including the expectation that Congress will enact new legislation to support some type of enforcement mechanism.