May 16, 2024 at 05:42AM
NCSC CTO Ollie Whitehouse spoke at CYBERUK, criticizing the tech market for contributing to cybersecurity issues. He highlighted the increase in vulnerabilities, emphasized the need to address technical debt, and advocated for holding vendors accountable for security failings. He urged for reform in the market and emphasized the importance of incentivizing secure practices.
Key takeaways from the meeting notes:
1. CTO Ollie Whitehouse highlighted the tech market’s role in security problems, emphasizing the need for cyber-resilient technology.
2. He pointed to the increase in disclosed vulnerabilities and highlighted the gap between claimed security efficacy and reality.
3. Whitehouse stressed the prevalence of technical debt and the need for imposing a cost of negligence on failing vendors.
4. Both Whitehouse and CISA director Jen Easterly emphasized the need for government accountability in ensuring secure products.
5. Legislation and regulation are seen as potential tools to enforce accountability on vendors, but they may be slow to adapt to the changing tech industry.
6. Proactive vendors embracing security practices should be incentivized, while those evading punishments for bad practices should face negative consequences.
7. The market’s focus on value and cost was highlighted as a challenge, leading to cyber fatigue among business decision-makers.
8. Whitehouse also raised concerns about the industry’s readiness for upcoming technologies like human-machine interfaces, emphasizing the need for incentivizing cyber-resilience in the market.