Secure by Design, Secure by Default It's time to build cybersecurity into the design and manufacture of technology products. Find out here what it means to be secure by design and secure by default. “Consumer Safety must be front and center in all phases of the technology product lifecycle- with security designed in from the beginning.’ Jen Easterly CISA What is Secure by Design? Secure by Design products are those where the security of the customers is a core business requirement, not just a technical feature. Secure by Design principles should be implemented during the design phase of a product’s development lifecycle to dramatically reduce the number of exploitable flaws before they are introduced to the market for broad use or consumption. What is Secure by Default? Secure by Default products are those that are secure to use out of the box, with little to no configuration changes and are available at no additional cost, such as multi-factor authentication (MFA), gather and log evidence of potential intrusions, and control access to sensitive information. As a nation, we have allowed a system where the cybersecurity burden is placed disproportionately on the shoulders of consumers and small organizations and away from the producers of the technology and those developing the products that increasingly run our digital lives. Americans need a new model to address the gaps in cybersecurity—a model where consumers can trust the safety and integrity of the technology that they use every day.
The Smart Cog, 2023, Lynne Gardner Source: CISA.com