Why we need ‘secure by design’ software/hardware

‘Secure by design’ radically improves product security

What is secure by design?

The term secure by design applies to many things—ranging from software product engineering to bridge construction. Bridge designers, for example, need to factor in future traffic, ‘outlier event’ winds, flooding, and fire. To date, few companies incorporate security into their hardware/software. However, this needs to change as there are now, on average, two internet-connected devices for every person on the planet.

Hackers are increasingly targeting the growing number of IoT (Internet of Things) products ranging from home security systems to garage door openers. These devices are almost always on unsecured networks that leave them highly vulnerable to attack. Pressure is building to get device and software manufacturers to incorporate secure by design practices into product development.

Creating built -in security architecture

To date, most organizations add security after product development, as a patchwork of software fixes. Complete redevelopment is expensive, of course, and customers aren’t likely to tolerate the delays or glitches involved in that kind of overhaul. But chronic vulnerability to attack is more costly in the long term. The best option for reducing this threat is for companies to invest in upfront product security integration. Removing vulnerabilities early in the development cycle in design and coding, etc., requires in-depth defenses with secure coding, multi-level validation, and strict user access controls.

Security architects need to construct designs that include everything from routine to extreme attack. Companies whose customers’ private information is hacked can no longer get away with saying that they ‘just didn’t know’ such a serious attack was possible. They almost always ‘knew’ but didn’t want to incur the expense of taking comprehensive preventative measures.

More on secure by design for IoT appliances and other products

We’ve already seen significant IoT threats. In 2015, for example, Chrysler recalled 1.4 million cars after two independent cybersecurity researchers proved they could remotely hijack a jeep’s digital systems over the internet, taking complete control of the vehicle. –Also, the U.S. Food and Drug Administration has alerted healthcare professionals that medical devices connected to hospital networks and smartphones are at risk of remote hacking (including, for example, heart monitors). To protect their reputations, manufacturers need to incorporate kill switches, safe modes, and encryption into their products.

For many years Apple has been at the forefront of digital product secure by design. iPhone customers benefit from having multiple layers of built-in encryption and having Apple approve all apps to avoid the threat of hackers posing as third party providers. We can only hope that such procedures become standard for all industries in the years ahead. Developing secure by design intelligent cybersecurity systems will take time, as security architects learn by trial and error.