Can We Ever Create Systems which are Secure-by-design?

I am lucky enough to be invited to discussions with government, and recently I was involved in a discussion around the “Secure by design” consultation [here]. It was perhaps fitting that our meeting was in the place which holds so much data on our past (The Dome in New Register House, Edinburgh):

There was a strange feeling, there we were talking about the next generation of electronic devices, and which had artificial intelligence built into them, whilst around as circulated the books of our previous generations.

So here are the 10 guiding principles that would be involved within a security marking scheme:

  1. No default passwords. All IoT device passwords must be unique and not resettable to any universal factory default value.

In the discussion we talked about whether consumers would actually want and care about cyber security marking on IoT devices, and whether they would actually be willing to pay extra for more security. For me, you can have guidelines, but you need to have proper testing too, and that consumers should be able to see that a device has been through some for of minimum standard for testing, and which can be replicated.


Go get involved in the debate!

Personally I know that vendors will always try to make it easy for things to get setup, and that Cyber Security just gets in the way. So we still have major hurdles to cross … can we make devices which are easy to setup and use, but which are secure by design.

Here’s some of the risks involved:

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Living by the sea. Old World Breaker. New World Creator.