Senior U.S. cyber officials had a strong message for big tech Thursday, saying that tech providers, not just buyers, must take responsibility for ensuring their products are protected from cyberattacks.
National Cyber Director Chris Inglis … accountability for security must be shared.
… the first and last line of defense can’t be the user at the end of that supply chain. We have to push some responsibility along that supply chain…”
… technology must be secure by design, so that even if situations such as the Log4j vulnerability do occur, they can be caught and contained at the earliest possible moment.
Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology, said “tech providers must make fundamentally secure products, starting at the earliest design phases, at no extra cost to buyers. Responsibility for securing products can’t be the user’s alone. If you’re a provider of tech, you’re responsible for providing a baseline of security in that tech,” she said.