Security by Default and Design Principle for the Global Economy
2019-11-13 Daniela Previtali
The UK government recently launched an initiative to make “Secure by Default and Design” a key element for technological innovation, announcing its intent to make the UK a world leader in eliminating cyber threats to businesses and consumers by developing more resilient IT hardware. The initiative was boosted by the Secure by Default standard that was introduced by the UK Surveillance Camera Commissioner.
The goal of “Secure by Default” standards, in this case, is to provide a guarantee for users that network video security products are as secure as possible in their default settings out of the box. The result of the initiative is a standard that has been written by manufacturers for manufacturers. It includes requirements such as ensuring that passwords must be changed from the manufacturer by default at start-up and have sufficient complexity, and it defines controls about how and when remote access should be given.
Encouraging manufacturers to ensure they ship their devices in a secure state is the key objective for the minimum requirements set forth in the standard. There is much to applaud about the hardware initiative and hopefully similar efforts will catch on globally.
In the software engineering world, Secure by Design is increasingly becoming the mainstream development approach to ensure security and privacy of software systems. In this concept, security is built into the system from the ground up and addresses the cyber protection considerations throughout a system’s lifecycle. This includes security design for the identification, protection, detection, response and recovery capabilities to strengthen the cyber resiliency of the system.
A number of global industry associations and security vendors, like Wibu-Systems, have proposed security standards and software development frameworks, all based on the core security by design foundation. Here are three examples of recent reference security frameworks:
- Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF), National Institute of Standards and Technology (NIST)
- Industrial Internet Security Framework, Industrial Internet Consortium
- Security by-Design Framework, Cybersecurity Agency of Singapore
Wibu-Systems will continue to work closely with organization like the IIC and others to share our expertise and develop best security practices for protecting connected devices around the globe. You can read more about our collaborations with several organizations to develop innovative security solutions in this brochure, Security 4.0 By Default and Growth 4.0 By Design
Wibu-Systems Global Marketing Director – IIC Marketing WG Co-Chair
Daniela is a marketing veteran who has dedicated more than twenty years of her career to the service of world-leading IT security vendors. Throughout her journey in this field, she has covered executive positions in international sales, product marketing, and product management and acquired comprehensive knowledge of both digital rights management solutions and authentication technologies. Working from the German headquarters of Wibu-Systems, she is currently leading both corporate and channel marketing activities, innovating penetration strategies, and infusing her multinational team with a holistic mindset.