Thursday 13 Apr 2023 @ 16:15
National Cyber Security Centre
Printable version

UK and international partners share advice to help turn the dial on tech product security

New guide calls on manufacturers to ensure technology products are made secure by design and by default.

The UK has today (Thursday) joined international partners in sharing new advice to help technology manufacturers put security at the core of how they design and develop their products.

In a new joint guide by the National Cyber Security Centre (NCSC) – a part of GCHQ – and agencies from the US, Australia, Canada, Germany, the Netherlands and New Zealand, software manufacturers are encouraged to embed secure-by-design and by-default principles into their products to help keep customers safe.

Devices and products where security is treated as an ‘additional technical feature’ or where users need to make configuration changes to stay secure can leave consumers open to malicious cyber intrusions and safety risks.

The ‘Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default’ guide represents a shared, international effort to lessen the burden of risk on customers by providing manufacturers with a roadmap of actionable steps they can take to prioritise security and reduce vulnerabilities. It is published on the US Cybersecurity and Infrastructure Security Agency (CISA) website.

It is recommended manufacturers follow the guide’s recommendations, which include strategies for engaging senior leaders with these security principles and more tactical steps such as eliminating default passwords and implementing single sign-on technology.

There is also advice aimed at organisations to help them hold their technology suppliers accountable for cyber security outcomes and encourages collaboration with industry partners to incentivise secure-by-design and by-default practices.

NCSC CEO Lindy Cameron said:

“As our lives become increasingly digital, it is vital technology products are being designed and developed in a way that holds security as a core requirement.

“Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer.

“We call on technology manufacturers to familiarise themselves with the advice in this guide and implement secure-by design and by-default practices into their products to help ensure our society is secure and resilient online.”

The NCSC has issued this guide with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), Germany’s Federal Office for Information Security (BSI), the Netherlands’ National Cyber Security Centre (NCSC-NL), New Zealand’s National Cyber Security Centre (NCSC-NZ) and New Zealand Computer Emergency Response Team (CERT-NZ).

It can be read on the CISA website.

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/uk-and-international-partners-share-advice-to-help-turn-dial-on-tech-product-security

Share this article

Latest News from
National Cyber Security Centre

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.