The director of the cybersecurity and infrastructure security agency, Jen Easterly, cited Apple as a good illustration of responsibility and transparency for its security policies at a speech given on Monday at Carnegie Mellon University.
The senior U.S. cybersecurity official urged companies to shoulder greater responsibility for protecting their services for clients and suggested that new legislation hold them responsible for developing and maintaining safe software.
She cited Apple's admission that 95% of iCloud customers have multifactor authentication enabled, or MFA, which is a highly advised security solution that requires a user to enter a code delivered to a different device or account during sign-in to ward against hackers.
Apple making MFA the default is the reason for the high adoption rate, according to Easterly.
As a result, Easterly said, “Apple is taking ownership for the security outcomes of their users.”
The use of MFA is low at Twitter and Microsoft, in contrast, according to Easterly.
It is "disappointing," according to her, that less than 3% of Twitter users and about one-fourth of Microsoft commercial customers use MFA.
She did commend the businesses, though, for being open about their financial information.
“By providing radical transparency around MFA adoption, these organizations are helping shine a light on the necessity of security by default,” Easterly said, per her prepared remarks.
“More should follow their lead— in fact, every organization should demand transparency regarding the practices and controls adopted by technology providers and then demand adoption of such practices as basic criteria for acceptability before procurement or use.”
Easterly suggested that new legislation should “prevent technology manufacturers from disclaiming liability by contract, establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services.”
Microsoft and Twitter did not immediately provide comment.
0 Comment(s)