Security by design needs to be ingrained in software development and innovative thinking is required to help secure society against cyberattacks as technology become a bigger part of our everyday lives, the chief of the US Cybersecurity & Infrastructure Security Agency (CISA) has warned.
CISA director Jen Easterly said that, while it's important to focus on the cybersecurity issues of today, it's also important to think about the challenges of tomorrow.
"The stakes in the decade ahead could not be any higher, particularly for those of us in technology and cybersecurity," she said, warning that it's "critical" to focus on the overriding values that must underpin cyber defense over the next decade.
SEE: A winning strategy for cybersecurity (ZDNet special report)
Alongside the current challenges facing cybersecurity – such as ransomware and supply chain attacks – emerging technologies could bring new threats. For example, the rise of Internet of Things (IoT)-connected smart cities could provide cyber criminals and other hostile attackers with a direct means to disrupt and tamper with services people use every day – unless these cities are designed properly from day one.
But cybersecurity wasn't the only challenge Easterly pointed to, noting the need to make sure that democratic states beat authoritarian regimes to the foundational technologies of tomorrow, the challenges of facial recognition and the race for cryptographically relevant quantum computers, and the growth of artificial intelligence and the fracturing of the internet.
"The emerging technology of today will define the shape of the world tomorrow and it's not an exaggeration in my view to assert the next 10 years could truly determine whether the liberal world order of the post-World War II period will survive or more optimistically whether we as like-minded democratic nations will continue to thrive," she said.
"Will we lead on the development of smart tech and the growth of smart cities in a way that is not just secure by design but engineered for privacy by design?" asked Easterly, speaking via video at the National Cyber Security Centre's (NCSC) Cyber UK conference in Newport, Wales.
The same can be asked of software and supply chains. Many major cybersecurity incidents begin with newly discovered zero-day cybersecurity vulnerabilities – and while once these are disclosed, patches are made available, organisations can be slow to roll them out, making them vulnerable to attackers.
By implementing secure by design – a process where applications and software are built with cybersecurity in mind first – technology can be safer and more secure against cyberattacks.
"Will we work together finally to lead the effort to shape the tech ecosystem to ensure that our software and our systems and our networks - and yes, the supply chains that underpin it all - are secure and resilient by design that a decade from now a major intrusion or a new severe zero-day vulnerability is the exception not the norm?" said Easterly – who emphasised that this reality is possible, but only with a coordinated effort.
"The answer to all of these questions can be, indeed, they must be yes, but only if we invest aggressively in our alliances, in our people, in global standards that reflect core values that we hold dear across our nations and that bind us together," she added.
MORE ON CYBERSECURITY
- Want to boost your cybersecurity? Here are 10 steps to improve your defences now
- CISA: Here are 66 more security flaws actively being used by hackers - so get patching
- This sneaky hacking group hid inside networks for 18 months without being detected
- CISA publishes guide with free cybersecurity tools, resources for incident response
- A security researcher easily found my passwords and more: How my digital footprints left me surprisingly over-exposed