Security by Default and Design Principle for the Global Economy

The UK government recently launched an initiative to make “Secure by Default and Design” a key element for technological innovation, announcing its intent to make the UK a world leader in eliminating cyber threats to businesses and consumers by developing more resilient IT hardware. The initiative was boosted by the Secure by Default standard that was introduced by the UK Surveillance Camera Commissioner.

The goal of “Secure by Default” standards, in this case, is to provide a guarantee for users that network video security products are as secure as possible in their default settings out of the box. The result of the initiative is a standard that has been written by manufacturers for manufacturers. It includes requirements such as ensuring that passwords must be changed from the manufacturer by default at start-up and have sufficient complexity, and it defines controls about how and when remote access should be given.

Encouraging manufacturers to ensure they ship their devices in a secure state is the key objective for the minimum requirements set forth in the standard. There is much to applaud about the hardware initiative and hopefully similar efforts will catch on globally.

In the software engineering world, Secure by Design is increasingly becoming the mainstream development approach to ensure security and privacy of software systems. In this concept, security is built into the system from the ground up and addresses the cyber protection considerations throughout a system’s lifecycle. This includes security design for the identification, protection, detection, response and recovery capabilities to strengthen the cyber resiliency of the system.

A number of global industry associations and security vendors, like Wibu-Systems, have proposed security standards and software development frameworks, all based on the core security by design foundation. Here are three examples of recent reference security frameworks:

• Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF), National Institute of Standards and Technology (NIST)
• Industrial Internet Security Framework, Industrial Internet Consortium
• Security by-Design Framework, Cybersecurity Agency of Singapore

Wibu-Systems will continue to work closely with organization like the IIC and others to share our expertise and develop best security practices for protecting connected devices around the globe. You can read more about our collaborations with several organizations to develop innovative security solutions in this brochure, Security 4.0 By Default and Growth 4.0 By Design