Advanced Cyber Defence Systems (ACDS) has today joined the US Cybersecurity & Infrastructure Security Agency’s (CISA) and UK National Cyber Security Centre’s (NCSC) Secure by Design pledge, becoming one of the first 100 companies, alongside AWS, Microsoft, Google, Cisco, and IBM, to commit to enhancing product security within a year.
The pledge, focused on enterprise software products and services in the US, involves achieving seven key security goals, including increasing multi-factor authentication, reducing default passwords, eliminating certain classes of vulnerabilities, enhancing security patch installation, publishing a vulnerability disclosure policy, ensuring transparency in incident and vulnerability reporting, and making intrusion detection easier for customers.
Increased threats to US critical infrastructure from Chinese government-backed cyber groups, such as Volt Typhoon, have heightened the focus on such initiatives and it has been one of the main topics of discussion at CyberUK this week, including prominent mentions by US National Cyber Director Harry Coker and GCHQ Director Anne Keast-Butler. Developing more secure software from the outset aims to thwart these and other threats, from nation state actors as well as criminal groups.
Participating software manufacturers have the discretion to determine how best to meet and demonstrate progress toward each goal. This may involve taking action on all products or starting with a selected set and publishing a roadmap for others.
Elliott Wilkes, CTO at Advanced Cyber Defence Systems, says: “For ACDS, signing the Secure by Design pledge underscores our dedication to cybersecurity and commitment to protecting clients and the broader community. I’m proud to publicly commit to, and be an early adopter of, these principles and actions. Cyber resilience can only be achieved by technology vendors taking steps like these to ensure minimum security measures are in place to defend against attacks that are growing in frequency, sophistication, and number. This initiative enhances trust, aligns us with industry leaders to shape what baseline security should be. It contributes to national security and global stability, improves product security, and demonstrates our corporate responsibility.”
