Transparency pledge to change cybersecurity

The technology industry has traditionally been characterized by a lack of transparency regarding security. That could change with a new “Secure by Design” pledge overseen by the Cybersecurity and Infrastructure Security Agency.

“This is an unregulated solution where you can say, 'I can drive progress.'” Jim Richburg (Photo right) Director of Cyber ​​Policy and Global Field Chief Information Security Officer, Fortinet. This is part of a national strategy to move away from victim blaming and shift more responsibility to manufacturers. ”

richburg and Suzanne Spalding (pictured left), former Under Secretary of Homeland Security and Fortinet team member, I spoke with theCUBE Research Dave Bellante Principal Analyst at ZK Research, Zeus Kerabarain, RSA Conference, broadcast exclusively on theCUBE, SiliconANGLE Media's live streaming studio. They discussed the details of the new pledge and how cybersecurity has evolved over the past decade. (*Disclosure below.)

At the Fortinet Security Panel at RSAC 2024, experts will discuss the need for greater transparency in the security industry.

Pledge to better protect our customers

Creating standards for transparency in the technology and manufacturing industries has been difficult because companies are rarely willing to admit vulnerabilities to give competitors an advantage, but Spalding and Richburg argues that it is necessary.

“Disclosing that information is critical, not only to protect our customers and help them respond quickly, but also to strengthen the marketplace and improve our understanding.” Spalding said. “The reality is that until we find a way to write code that is 100% secure, everyone is going to be vulnerable. That's where we are today. Everyone is vulnerable. ”

generative artificial intelligence The situation only becomes more complex and dangerous as it provides attackers with new ways to compromise business infrastructure. As stated in the pledge, companies can better protect themselves and their customers by addressing vulnerabilities from the beginning.

“Not only is this the right thing to do, it's more efficient to run the process securely from within,” Richberg says. “We're addressing vulnerabilities that have existed for a long time. It's like saying it doesn't make sense to rely on individual customers or small businesses to do these things.”

Shifting the industry to a “safe to market” mindset

The Secure by Design pledge provides companies with robust cybersecurity and transparency standards, but it is not mandatory. However, CISA will now be able to report on which companies are complying with this pledge.

“We need to publicly report on how we've done in terms of implementation. And this pledge has clear goals,” Richberg said, adding that there is a flexible extension section for companies to fill out their security strategies. I explained that there is. “They're not telling the companies that signed the pledge, 'You have to do this.'”

Knowing which companies are rigorous and transparent about cybersecurity will help customers make more informed decisions. Spaulding said it's important to change the culture around cybersecurity so that companies have a “safe to market” mindset instead of a “first to market” mindset.

“We don’t have to live with this level of anxiety in our networked systems, and we don’t have to take it for granted,” she said. “In fact, we can strive to write safer code and create more secure development and operations processes. We have players who meet that standard and can set best practices.”

Below is the full video interview. Part of coverage from SiliconANGLE and theCUBE Research. RSA Conference:

https://www.youtube.com/watch?v=2Mo7TKn9tso

(*Disclosure: Fortinet, Inc. sponsors this segment on theCUBE. Neither Fortinet nor any other sponsor has editorial control over the content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE