Would You like a feature Interview?
All Interviews are 100% FREE of Charge
Jen Easterly, the nominee for Director of the Homeland Security Cybersecurity and Infrastructure Security Administration, testifies at the confirmation hearing before the Senate Homeland Security and Government Affairs Committee on June 10, 2021 in Washington, D.C. To do.
Kevin Deitch | Getty Images
A senior U.S. cybersecurity official has proposed a new law urging companies to take more of the burden of protecting services for their customers and holding them accountable for creating and maintaining secure software.
Jen Easterly, Director of Cybersecurity and Infrastructure Security Agency, said: apple As a good example of accountability and transparency in security practices, in a speech delivered Monday at Carnegie Mellon University.
She pointed to Apple’s disclosure that 95% of iCloud users have multi-factor authentication (MFA) enabled. Multi-factor authentication (MFA) is a highly recommended security measure that requires users to enter a code sent to another device or account during sign-in to protect themselves from hackers. Eastly said the high adoption rate was a result of her Apple defaulting on her MFA.
In doing so, Easterly said, “Apple is taking ownership of your security work.”
In contrast, Easterly says MFA adoption is low. microsoft and Twitter. She said about a quarter of Microsoft’s enterprise customers using MFA and her less than 3% of her Twitter users using it were “disappointed.”
Still, she praised the company’s transparency in disclosing numbers.
“By providing radical transparency regarding the adoption of MFA, these organizations are helping to shed light on the need for security by default,” Easterly said following her prepared remarks. I was. “Their precedent should be followed more. Indeed, all organizations should demand transparency regarding the practices and controls employed by technology providers, and respect such practices as a fundamental standard of acceptability before procurement or use. We need to request adoption.”
Eastly said the new law “prevents technology manufacturers from waiving liability by contract, establishes higher standards of care for software in certain critical infrastructure entities, and ensures that software is developed and maintained securely.” “We need to prevent the development of a safe harbor framework to protect companies from liability.” products and services. “
Microsoft and Twitter did not immediately provide comment.
Watch: Closing Keynote: White House Takes Cybersecurity Seriously