{"id":3489,"date":"2024-05-08T20:00:28","date_gmt":"2024-05-09T01:00:28","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80393"},"modified":"2024-05-08T20:00:28","modified_gmt":"2024-05-09T01:00:28","slug":"dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/05\/08\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech\/","title":{"rendered":"Dozens of tech companies pledge to build safer, more secure tech"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Dozens of tech companies pledge to build safer, more secure tech | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisa-secure-by-design-commitments-tech-companies\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Dozens of tech companies pledge to build safer, more secure tech\"> <meta property=\"og:description\" content=\"The commitments are voluntary, but CISA officials said they are committed to measuring progress by the signatories across key commitments over the next year.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisa-secure-by-design-commitments-tech-companies\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-05-09T01:00:28+00:00\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1715117951g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1713212360g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1715025738g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80393\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80393\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-secure-by-design-commitments-tech-companies%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-secure-by-design-commitments-tech-companies%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80393 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisa-secure-by-design-commitments-tech-companies\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.170560747664\">\n<div class=\"single-article__header-content\" readability=\"30.320895522388\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The commitments are voluntary, but CISA officials said they are committed to measuring progress by the signatories across key commitments over the next year. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"422\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech.jpg?resize=640%2C422&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg 5373w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg?resize=300,198 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg?resize=768,507 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg?resize=1024,675 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg?resize=1536,1013 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg?resize=2048,1351 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg?resize=600,396 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg?resize=255,168 255w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg?resize=511,337 511w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg?resize=1023,675 1023w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-2.jpg?resize=1278,843 1278w\" sizes=\"(max-width: 1023px) 100vw, 1023px\"><figcaption> CISA Director Jen Easterly testifies before a House Homeland Security Subcommittee on April 28, 2022, in Washington, D.C. (Photo by Kevin Dietsch\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"44.240722560377\"><body readability=\"91.138669673055\"><\/p>\n<p><strong>SAN FRANCISCO \u2014 <\/strong>More than 60 private-sector companies publicly promised to make cybersecurity a larger focus in their technology design process, including tech heavyweights like Google, Microsoft, Cisco, IBM and Amazon Web Services.<\/p>\n<p>The <a href=\"https:\/\/www.cisa.gov\/securebydesign\/pledge\">pledge<\/a> was formally unveiled Wednesday during a signing event at the RSA Conference hosted by the Cybersecurity and Infrastructure Security Agency. CISA has waged a massive public campaign to prod technology companies to do more to create more resilient products as foreign nations, ransomware actors and cybercriminals have feasted on governments and companies over the past decade, largely by exploiting insecure software, hardware and products where security features either aren\u2019t enabled by default or are sold as premium features.<\/p>\n<p>\u201cThere is a real urgency that everybody in this room not only feels but is highly aware of, and it is all about developing new and retrofitting older technologies and software with security as a core consideration,\u201d CISA Director Jen Easterly said.<\/p>\n<p>In addition to major tech companies, dozens of prominent software, hardware and cybersecurity businesses have also signed onto the commitment, including Palo Alto Networks, Lenovo, BlackBerry, Hewlett Packard, GitHub, Ivanti and CrowdStrike.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The signatories commit to taking a series of actions over the next year to reduce the vulnerability of their products, including building default multifactor authentication and other forms of phishing-resistant authentication protections and reducing the use of default or hardcoded passwords. The pledge also presses software providers to make dedicated efforts to reduce the prevalence of commonly exploited types of vulnerabilities and increase the number of customers who are quickly installing security patches.<\/p>\n<p>The companies also committed to being more transparent about disclosing security vulnerabilities through official channels, publish vulnerability disclosure policies to assist third-party security researchers who probe their systems and increase logging capabilities to help customers better detect when they\u2019ve suffered a breach or intrusion.<\/p>\n<p>The <a href=\"https:\/\/fedscoop.com\/only-3-agencies-have-hit-deadline-for-cyber-event-logging-standards-gao-finds\/\">increase in logging capabilities<\/a> is particularly relevant for the federal government. A breach of Microsoft last year by a Chinese-linked threat actor group known as Storm 0558 resulted in the theft of emails from <a href=\"https:\/\/cyberscoop.com\/china-hackers-email-us-government\/\">high-level officials at the Departments of State and Commerce<\/a> ahead of high-level talks between the White House and China.<\/p>\n<p>The extent of that breach was obscured by the lack of logging capabilities built into Microsoft\u2019s standard commercial offerings, <a href=\"https:\/\/www.scmagazine.com\/news\/microsoft-backtracks-security-logging-is-now-free\">with enhanced logging<\/a> only available to premium customers. That breach was the subject of a <a href=\"https:\/\/cyberscoop.com\/microsoft-csrb-china-hacking\/\">scathing review<\/a> by the Cyber Safety Review Board last month, which concluded that the incident was preventable and caused by the company\u2019s failure to appropriately prioritize security.<\/p>\n<p>But the problem extends well beyond a single company or provider. Referencing the breach at an RSA presentation Wednesday, former NSA Cybersecurity Director Rob Joyce said that as more companies have moved their data to cloud environments, it\u2019s become harder to monitor for signs of malicious behavior, as many providers have policies in place that wipe security logs after 90, 60 or even 15 days.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe\u2019ve got to now have the trust in the cloud, because frankly we lose some of our visibility into the environment,\u201d Joyce said. \u201cSometimes you don\u2019t have access to all the logs that a provider would have.\u201d<\/p>\n<p>The pledge is voluntary, leading to some skepticism about how far some companies will go in implementing its principles, but CISA officials said they are committed to measuring progress by the signatories across key commitments over the next year.&nbsp;<\/p>\n<p>Other officials said gaining broad-based consensus on the issue is an important and necessary step toward building a more durable security culture within the American technology industry. Lauren Zabierek, a senior cybersecurity policy adviser at CISA, said the agency views the commitments as the beginning, not the end, of a collaborative process between government and industry, likening it to early efforts by automobile safety advocates to make seatbelts and other safety features standard.<\/p>\n<p>\u201cBefore a safer car could be made, we had to believe in the idea of a safer car,\u201d Zabierek said. \u201cAnd that\u2019s what we\u2019re asking with technology.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.0015220700152\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/dozens-of-tech-companies-pledge-to-build-safer-more-secure-tech-1.jpg?w=640&#038;ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/cisa-secure-by-design-commitments-tech-companies\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dozens of tech companies pledge to build safer, more secure<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[757,78,452,1291,625,1396,1276,2026],"tags":[759,86,454,1297,630,1397,1278,2027],"class_list":["post-3489","post","type-post","status-publish","format-standard","hentry","category-cyber-safety-review-board","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-enhanced-logging","category-microsoft","category-multi-factor-authentication-mfa","category-secure-by-design","category-storm-0558","tag-cyber-safety-review-board","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-enhanced-logging","tag-microsoft","tag-multi-factor-authentication-mfa","tag-secure-by-design","tag-storm-0558"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cyber-safety-review-board\/\" rel=\"category tag\">Cyber Safety Review Board<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/enhanced-logging\/\" rel=\"category tag\">enhanced logging<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/multi-factor-authentication-mfa\/\" rel=\"category tag\">multi-factor authentication (MFA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/secure-by-design\/\" rel=\"category tag\">secure-by-design<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/storm-0558\/\" rel=\"category tag\">Storm 0558<\/a>","tag_info":"Storm 0558","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3489","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3489"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3489\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}