CISA, Energy Department Advocate for Private Sector Adoption of Secure-by-Design

The U.S. government is encouraging the private sector to adopt secure-by-design, which involves minimizing vulnerabilities in software and holding vendors responsible for keeping such products safe. The concept is a pillar of the White House’s national cybersecurity strategy and is endorsed by the Cybersecurity and Infrastructure Security Agency.

Jack Cable, senior technical adviser at CISA, shared that his organization conducted listening sessions with commercial firms and the open-source community. He added that there are plans to “work closely” with the private and public sectors to expand the secure-by-design ideas detailed in recent guidance.

In April, CISA released a framework of rules and technical recommendations for the concept. The guidance was the result of a collaboration with intelligence agencies and partner organizations from allied countries.

Another federal agency working to advance secure-by-design is the Department of Energy, which is helping industrial companies implement the concept into operational technology, CyberScoop reported Thursday. The agency’s Cyber-Informed Engineering program seeks to introduce risk reduction measures earlier in a system’s lifecycle.