Read my reflection on CISA Director Jen Easterly’s lecture at 卡耐基梅隆大学 on the designed-in dangers of technology.
作为匹兹堡技术委员会的一员, I receive invitations for many informative technology events within the 匹兹堡 community.
2023年2月27日,我参加了由 卡耐基梅隆大学, featuring the honorable Jen Easterly, Director of the 网络安全 & 基建保安局(CISA). 她的演讲题目是: Unsafe at any CPU Speed: The Designed-in Dangers of 技术 and What We Can Do About It.
As someone with minimal computer science or software engineering experience, 我觉得伊斯特利主任解释了她的关键话题, including the normalization of technology risk acceptance and deviance, 在某种程度上引起了我的共鸣.
She discussed her belief that unsafe technological design is often rooted in the manufacturing process. 大多数科技产品, 正如她所描述的, “危险是故意的吗?,” meaning 产品 are not necessarily safe to use out of the box.
Director Easterly discussed the security issues caused by technology manufacturers that knowingly prioritize speed-to-market, flashy features and cost-savings over safety and security when developing new 产品 and services. 因此, 这些制造商可能在“事故边界”线上运营, knowingly pushing product safety and user security against the limit.
展望未来, Director Easterly advocates that safety and security must be crucial components of technology software design. If we continue to blame end-users rather than the “accident boundary” 产品 themselves, we’re wrongly placing blame and not addressing the actual problem at hand. 在她看来, end-users are often treated as “crash test dummies” for these new 产品, 这是不可持续的. 技术 manufacturers need to commit to prioritizing safety and security in whatever they do.
帮助制造商优先考虑安全问题, Director Easterly shared CISA’s recent development of three core principles for them to abide by, 包括:
- 采取的心态是 安全的负担不应该落在顾客身上
- 拥抱 激进的透明度 围绕产品的安全与保障
- 明确地关注 设计安全,默认安全 产品
记住这一点, Director Easterly also says it is important to remember the burden does not entirely fall on manufacturers. The government has a role to play and so do the future generations of software engineers and computer science majors, who will be the next generation of technology product designers and developers.
那么终端用户呢? We should make our demands for safer and more secure 产品 known.
When a holistic culture of safety and security ubiquitously underpins technology product quality, we will have made significant strides in uplifting the security of our technological world.
Director Easterly’s message was clear – let’s make tech even better, and more importantly, safer!
关于施耐德唐斯网络安全
The bet9游戏平台 cybersecurity practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, vulnerability assessments and a robust digital forensics and incident response team. 此外,我们的 数字取证和事件响应 teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
想要了解情况? 订阅我们的双周通讯, 关注网络安全, at 4oyu.faithfulwebdesign.net/subscribe.
要了解更多信息,请访问我们专门的 网络安全 页面.