Can We Ever Create Systems which are Secure-by-design?

I am lucky enough to be invited to discussions with government, and recently I was involved in a discussion around the “Secure by design” consultation [here]. It was perhaps fitting that our meeting was in the place which holds so much data on our past (The Dome in New Register House, Edinburgh):

Image for post
Image for post

There was a strange feeling, there we were talking about the next generation of electronic devices, and which had artificial intelligence built into them, whilst around as circulated the books of our previous generations.

So here are the 10 guiding principles that would be involved within a security marking scheme:

  1. No default passwords. All IoT device passwords must be unique and not resettable to any universal factory default value.

In the discussion we talked about whether consumers would actually want and care about cyber security marking on IoT devices, and whether they would actually be willing to pay extra for more security. For me, you can have guidelines, but you need to have proper testing too, and that consumers should be able to see that a device has been through some for of minimum standard for testing, and which can be replicated.

Conclusions

Go get involved in the debate!

Personally I know that vendors will always try to make it easy for things to get setup, and that Cyber Security just gets in the way. So we still have major hurdles to cross … can we make devices which are easy to setup and use, but which are secure by design.

Here’s some of the risks involved:

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store