Implementing Security by Design

The internet was not built with security in mind. Today’s cybersecurity and artificial intelligence (AI) experts have the opportunity to make their technologies secure by design.

So said Michael Sikorski, chief technology officer at Palo Alto Networks during a homeland security committee hearing on artificial intelligence in May.

The current market is geared toward speed rather than security, Lauren Zabierek told SIGNAL Media in an interview. Zabierek currently serves as a senior advisor to the cybersecurity division at the Cybersecurity Infrastructure Security Agency (CISA).

“Security has never really been a priority and so we’re trying to change that,” she said. With no policy currently in place, CISA’s Secure by Design initiative aims to encourage software manufacturers of all sizes to raise the collective level of security.

The voluntary pledge includes seven goals to be met within one year of signing:

1. Increase the use of multifactor authentication.
2. Reduce default passwords.
3. Reduce entire classes of vulnerability.
4. Increase the installation of security patches by customers.
5. Public a vulnerability disclosure policy.
6. Demonstrate transparency in vulnerabilities.
7. Increase customer ability to gather evidence of cybersecurity intrusions.

As of July, 169 companies, including Amazon Web Services and Microsoft, have taken the pledge.