Due to a recent surge of cybersecurity infiltrations, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, believes the technology industry must advance computer software manufacturing processes to better protect against such attacks, CyberScoop reported Friday.
The 2024 Wash100 awardee relayed her beliefs during the Black Hat security conference on Thursday. Easterly said, “We don’t have a cybersecurity problem. We have a software quality problem.”
“We have a multi-billion dollar cybersecurity industry because for decades, technology vendors have been allowed to create defective, insecure, flawed software,” Easterly added.
In March, Easterly and CISA unveiled a Secure by Design pledge, the main principles of which include multi-factor authentication, lessening default passwords, reducing vulnerability classes and increasing customer security patch installation to secure product development.
The Streamlining Federal Cybersecurity Regulations Act also seeks to implement an interagency committee within the Office of the National Cyber Director to mobilize a program to improve cybersecurity and information security regulations and compliance requirements.
Easterly emphasized the importance of Congress playing its part in improving software vulnerabilities.
“Congress can also have a transformative impact by establishing a software liability regime with an articulable standard of care and safe harbor provisions for those vendors that innovate responsibly, prioritizing secure development processes,” Easterly stated.
Since the Secure by Design pledge launch, Easterly said 200 companies have signed on.