Events , Governance & Risk Management , Infosecurity Europe Conference
The Future of Digital Security by Design
Professor John Goodacre on Cybersecurity by Design vs. Cybersecurity by DefaultTwo key concepts are shaping how organizations protect their digital assets: cybersecurity by default and cybersecurity by design. John Goodacre, professor at The University of Manchester and director of Digital Security by Design at UK Research and Innovation, stressed the importance of designing technology that "in its architecture and construction" protects against vulnerabilities - a shift from traditional methods that manage risk after deployment.
See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical
The Digital Security by Design program, a U.K. government initiative, has proven the efficacy of this proactive approach. While cybersecurity by default involves implementing security measures that minimize the attack surface and vulnerabilities from the outset, cybersecurity by design integrates security features into the construction of its systems, ensuring that security is inherent in the system's operation, he said.
"We've got the ecosystem. We had businesses that were going commercial and bringing this technology to market," Goodacre said. "Initially, it's going to be in deeply embedded systems, but the idea is that the hardware of a computer can protect the software against its vulnerabilities, so it cannot be exploited as easily."
In this video interview with Information Security Media Group at Infosecurity Europe 2024, Goodacre discussed:
- How integrating memory-safe hardware into digital systems reduces the risk of common vulnerabilities;
- The shift from IT operational expenses to capital investments for long-term security;
- The role of compartmentalization in minimizing exploitation risks.
Goodacre's research interests include new processing paradigms, web-scale servers, exascale-efficient systems, and secure and ubiquitous computing. He spent 17 years as director of technology and systems at Arm, where he defined and introduced the first multicore processors and other widely deployed technologies.