Information technology (IT) exists in almost all of the products that we use. IT products help us run our homes, businesses, and cities and help us to stay in touch with loved ones around the world. As we embrace new technologies, we must acknowledge the security challenges and potential threats that inadvertently accompany them. An entire industry has been developed to help secure these products, including anti-virus software and malware detectors, security services firms, and offices dedicated to protecting information technology.
As software becomes more complex, discovering vulnerabilities within these systems also becomes more difficult. For example, the recent Heartbleed vulnerability existed within popular encryption software for two years before it was discovered.
Not every household or company is able to ‘employ’ cyber professionals to ensure that their IT products are secure. Therefore, during National Cyber Security Awareness Month, we are looking at the importance of securely developing IT products to decrease the number of vulnerabilities in software as it is built. This involves following a software development lifecycle and adding security features, like encrypting information and requiring strong passwords. Building software so that it is secure from the beginning helps us all.
Government and industry groups must work together in this endeavor, setting and maintaining high cybersecurity standards across all critical infrastructure industries. In this spirit, the Department of Homeland Security (DHS) developed the Software Assurance Program, which seeks to reduce software vulnerabilities, minimize exploitation, and address ways to improve the routine development and deployment of trustworthy software products. Through a public-private partnership, the Software Assurance Program is designed to spearhead the development of practical guidance and tools and to promote research and development investment in cybersecurity.
Regardless of how secure our IT products are, everyone has a role to play in protecting our cybersecurity. Individual users can and should take a few steps to improve their cybersecurity. For instance, when purchasing software or hardware, consumers should:
- Install and maintain vendor-distributed patches or updates
- Ensure they are using the latest operating systems on their computers and mobile devices
- Use strong passwords
To learn more about software and applications, visit the US-CERT tips and advice page.
Secure IT products also do not excuse people from practicing unsafe online behavior. I encourage everyone to stop and think about the choices they make when online, and to connect with care and caution. For general online safety tips and resources, visit the Stop.Think.Connect.™ campaign resource guide.
I also encourage people to consider a career in cybersecurity. The country is in need of a strong cybersecurity workforce to help build the secure IT products of the future. Learn more about cyber careers at www.dhs.gov/join-dhs-cybersecurity.
To learn more about National Cyber Security Awareness Month 2014, visit www.dhs.gov/national-cyber-security-awareness-month-2014.