National Cyber Security Centre
UK and international partners share advice to help turn the dial on tech product security
New guide calls on manufacturers to ensure technology products are made secure by design and by default.
The UK has today (Thursday) joined international partners in sharing new advice to help technology manufacturers put security at the core of how they design and develop their products.
In a new joint guide by the National Cyber Security Centre (NCSC) – a part of GCHQ – and agencies from the US, Australia, Canada, Germany, the Netherlands and New Zealand, software manufacturers are encouraged to embed secure-by-design and by-default principles into their products to help keep customers safe.
Devices and products where security is treated as an ‘additional technical feature’ or where users need to make configuration changes to stay secure can leave consumers open to malicious cyber intrusions and safety risks.
The ‘Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default’ guide represents a shared, international effort to lessen the burden of risk on customers by providing manufacturers with a roadmap of actionable steps they can take to prioritise security and reduce vulnerabilities. It is published on the US Cybersecurity and Infrastructure Security Agency (CISA) website.
It is recommended manufacturers follow the guide’s recommendations, which include strategies for engaging senior leaders with these security principles and more tactical steps such as eliminating default passwords and implementing single sign-on technology.
There is also advice aimed at organisations to help them hold their technology suppliers accountable for cyber security outcomes and encourages collaboration with industry partners to incentivise secure-by-design and by-default practices.
NCSC CEO Lindy Cameron said:
“As our lives become increasingly digital, it is vital technology products are being designed and developed in a way that holds security as a core requirement.
“Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer.
“We call on technology manufacturers to familiarise themselves with the advice in this guide and implement secure-by design and by-default practices into their products to help ensure our society is secure and resilient online.”
The NCSC has issued this guide with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), Germany’s Federal Office for Information Security (BSI), the Netherlands’ National Cyber Security Centre (NCSC-NL), New Zealand’s National Cyber Security Centre (NCSC-NZ) and New Zealand Computer Emergency Response Team (CERT-NZ).
It can be read on the CISA website.
Latest News from
National Cyber Security Centre
UK and allies support Ukraine calling out Russia's GRU for new malware campaign31/08/2023 16:15:00
Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.
Categorising UK cyber incidents23/08/2023 16:20:00
Explaining the NCSC and UK law enforcement categorisation model for cyber incidents.
NCSC Cyber Incident Response scheme now available to more organisations16/08/2023 13:10:00
Help investigating and recovering from cyber attack now available from a larger pool of assured providers.
NCSC and allies reveal most common cyber vulnerabilities exploited in 202203/08/2023 16:30:00
New advisory highlights how threat actors exploited a larger number of older software vulnerabilities rather than more recently disclosed flaws last year.
Support from British businesses crucial in removing over 235,000 scams, new figures reveal07/07/2023 10:20:00
The sixth annual report from Active Cyber Defence (ACD) highlights success of a “whole-of-society" approach in preventing millions of cyber attacks from reaching UK organisations and citizens each year.
NCSC CEO at UK-INDIA Week 202329/06/2023 10:25:00
Lindy Cameron discusses the shared opportunities and threats to both nations in cyberspace at UK-INDIA Week 2023.
Legal firms urged to strengthen cyber defences with latest guidance from experts23/06/2023 09:20:00
Updated report from the NCSC highlights the key threats that the UK legal sector face and how to improve their cyber security.
The UK-Singapore Cyber Dialogue19/06/2023 14:20:00
The UK-Singapore Cyber Dialogue was held in London on 13 June 2023 to discuss cyber priorities and deliverables for both countries.