Technology Companies Need to Play a Bigger Role in Cybersecurity
In today’s increasingly connected world, cybersecurity has become a critical concern. Cyber-attacks are becoming more sophisticated and frequent, with potentially devastating consequences. Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Agency (CISA), recently spoke at Carnegie Mellon and urged the tech sector to take more responsibility for their role in cybersecurity.
One of the key challenges in cybersecurity is that technology is being developed and taken to market in a unique way. Unlike other industries where there are strict controls in place to protect consumers, the technology ecosystem operates on a “buyer beware” approach. This means that half-baked products with known vulnerabilities can make it into the mainstream.
The lack of security by design is a major concern, particularly given the growing reliance on technology for critical infrastructure. If a car were to occasionally catch fire or if food contained poison, these products would not be allowed in the market. However, no such restriction exists in the technology ecosystem. This is not only a risk to consumers but also to national security.
Vulnerabilities should be a major concern for everyone
Software and hardware with security vulnerabilities are everywhere; your local grocery store, the gas pipelines, the waterways, and the telecommunication systems and they are not unknown! The concern is that they are being inventoried and classified for later action.
Attacks against our critical infrastructure in the event of a Chinese invasion of Taiwan is unfortunately not farfetched.
Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Agency (CISA)
Easterly highlighted the threat of a major cyber-attack on U.S. infrastructure that used known vulnerabilities could be used to distract from geopolitical events. She stated that “Attacks against our critical infrastructure in the event of a Chinese invasion of Taiwan is unfortunately not farfetched.” This sobering warning highlights the importance of cybersecurity and the need for the tech sector to take it seriously.
Technology companies need to step up
Easterly emphasized the need for technology companies to put security of design into practice. She called for them to adopt a framework similar to the Open Web Application Security Project (OWASP), which provides a set of best practices for designing and testing software for security vulnerabilities. By incorporating security into the design process from the outset, companies can prevent vulnerabilities from making it into the final product.
Easterly’s call to action for the tech sector is timely and important. It is crucial that technology companies prioritize cybersecurity and adopt best practices to ensure that their products are secure. This will require a shift in mindset. The technology sector is based on “develop fast, be first, fix it later” and often leads to a patch mentality or vulnerabilities never being fixed. Moving away from a focus on speed and innovation at all costs to a more measured and thoughtful approach that puts security first. While an argument could be made that vulnerabilities are found in even well designed products, this this is often just an excuse to justify a disregard for security.
In conclusion, cybersecurity is a critical concern in today’s world, and the tech sector must take it seriously. Jen Easterly’s call to action for technology companies to prioritize security of design is an important step towards protecting consumers and national security. By adopting best practices like the OWASP framework, companies can prevent vulnerabilities from making it into the final product and ensure that their products are secure. With the pending release of the new Biden national cybersecurity strategy, the U.S. may take a more hardline approach to cybersecurity. White House cyber director defends ‘tough’ national cybersecurity strategy ahead of release | CyberScoop
Paul Bergman runs a business strategy and cybersecurity consulting company in San Diego. He writes on cybersecurity and board management for both corporate and nonprofit boards.
- The Imperative for Cyber Talent on Corporate Boards - March 29, 2024
- Talking CMMC preparation - March 12, 2024
- Protecting Your Business: Strategies to Combat DNS Attacks - February 20, 2024
