CISA explains how to apply secure-by-design principles


The Cybersecurity and Infrastructure Security Agency is moving forward in its mission to shift the onus of security responsibility from customers to vendors and manufacturers, and it wants receipts from all parties involved, nationwide. The concept of “juice-jacking,” in which malware infects mobile devices through public USB charging stations, was introduced by Lord in relation to secure-by-design principles. According to Lord, even though there isn’t much proof of juice-jacking and the reports aren’t verified, it’s still feasible because any programming could contain dangerous defaults and security flaws.

Bob Lord, senior technical advisor at CISA, outlined how these responsibilities fall on various hardware and software stakeholders in a blog post on Thursday. This is in response to CISA’s revised guidance, which calls on technology companies to demonstrate they are incorporating security into their products with detailed data and logs.

Read More…