CISA Director Jen Easterly testifying before the House Homeland Security Subcommittee in April.Photo: Kevin Ditsch/Getty Images
The top cybersecurity executive said in a speech on Monday that it’s long overdue for tech companies to incorporate cybersecurity into their product designs.
What they say: Cybersecurity and Infrastructure Security Agency Executive Director Jen Easterly said in a speech at Carnegie Mellon University: .
- “We have normalized the fact that technology products enter the market with tens, hundreds or even thousands of defects. You won’t be able to,” she added.
Important reasons: The remarks will spawn a much-anticipated National Cybersecurity Strategy expected of the White House and will boost tech companies to create more secure products.
Big picture: An organization’s security usually depends on the performance of the company’s security team or the employees themselves.
- However, this strategy is expected to reverse that view and target common vulnerabilities found in technology vendors’ products.
Line spacing: Technology companies regularly release security patches for their products. For example, Microsoft releases such fixes on the first Tuesday of each month at an event known as “Patch Tuesday.”
- However, not all security flaws are immediately discovered, and malicious hackers often use these flaws to break into organizations.
- Rather than continue the trend of blaming victim organizations for failing to stay safe, the Biden administration aims to crack down on the existence of these security flaws in the first place.
Yes, but: Making security a top priority requires systematic changes to how major technology companies produce and create new products, including changing the coding languages developers use to create software.
conspiracy: Eastly also encouraged organizations to adopt stricter requirements that technology vendors must meet in order to be awarded a contract.
Sign up for the Axios cybersecurity newsletter Codebook here.