Jen Easterly, nominee to be the Director of the Homeland Security Cybersecurity and Infrastructure Security Agency, testifies throughout her affirmation listening to earlier than the Senate Homeland Security and Governmental Affairs Committee on June 10, 2021 in Washington, DC.
Kevin Dietsch | Getty Images
A prime U.S. cybersecurity official urged companies to tackle extra of the burden of securing their providers for patrons and instructed that new laws ought to maintain them accountable for creating and sustaining safe software program.
Cybersecurity and Infrastructure Security Agency Director Jen Easterly held up Apple as a optimistic instance of accountability and transparency for its safety practices throughout a speech delivered Monday at Carnegie Mellon University.
She pointed to Apple’s disclosure that 95% of iCloud customers allow multifactor authentication, or MFA, a extremely advisable safety measure that requires a person to enter a code despatched to a unique machine or account throughout sign-in to protect towards hackers. Easterly mentioned the excessive adoption charge is a results of Apple making MFA the default.
In doing so, Easterly mentioned, “Apple is taking ownership for the security outcomes of their users.”
By distinction, Easterly mentioned there are low MFA adoption charges at Microsoft and Twitter. She mentioned the roughly one-quarter of Microsoft enterprise clients who use MFA, and fewer than 3% of Twitter customers who use it, is “disappointing.”
Still, she praised the businesses for his or her transparency in disclosing the numbers.
“By providing radical transparency around MFA adoption, these organizations are helping shine a light on the necessity of security by default,” Easterly mentioned, per her ready remarks. “More should follow their lead— in fact, every organization should demand transparency regarding the practices and controls adopted by technology providers and then demand adoption of such practices as basic criteria for acceptability before procurement or use.”
Easterly instructed that new laws ought to “prevent technology manufacturers from disclaiming liability by contract, establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services.”
Microsoft and Twitter didn’t instantly present remark.
Subscribe to CNBC on YouTube.
WATCH: Closing keynote: The White House is severe about cybersecurity
Source: www.cnbc.com