Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Explore

SECTIONS

MORE

search button

Quad nations establish new secure-by-design principles to be followed by government

The Quad nations have established a new set of secure-by-design principles that will be applied to government and government contractors, in an effort to reduce the frequency of software vulnerabilities and lower the impact of them being abused by threat actors.

user icon Daniel Croft
Tue, 23 May 2023 Government
Quad nations establish new secure-by-design principles to be followed by government
expand image

Following a meeting in Hiroshima during the G7 summit, the Quad partners, made up of Australia, India, Japan and the US, have published the Quad Cybersecurity Partnership: Joint Principles for Secure Software.

The document names a number of guidelines that government agencies and contractors will be required to meet as part of its move to ensure “high-level secure software development practices”.

“The Quad Senior Cyber Group reaffirms our commitment to collectively improve software security by establishing minimum cyber security guidelines for governments to guide their development, procurement, and use of software,” it said.

============
============

“The Quad intends to pursue the following high-level secure software development practices and to adopt them into existing government policy, acquire software that meets these practices, and encourage software developers/suppliers to implement them.”

The Quad nations stated that the following practices would be put into place:

  1. “Prepare the organisation: Ensure that people are adequately trained, processes are defined, and technology solutions are in place to perform secure software development.
  2. “Protect the software and software development environment: Ensure appropriate controls to protect all components of software from tampering and unauthorised access, archive and protect each software release, and maintain adequate records of the details (e.g., Software Bill of Materials) and supply chain relationships of the various components used in each release.
  3. “Produce well-secured software: Produce well-secured and tested software with minimal security vulnerabilities in its releases.
  4. “Respond to vulnerabilities: Identify vulnerabilities in software releases and respond appropriately to continuously address those vulnerabilities and prevent similar ones from occurring in the future.”

The document said that each member nation of the Quad would build its own frameworks in line with international and domestic laws and regulations.

While the guidelines are currently only aimed at those interacting with the government, Home Affairs Secretary Mike Pezzullo said that banks and telcos could follow.

“Whether by principle or by direction, they’ll probably impose [the guidelines] on banks and telcos etc.,” he told Senate estimates on Monday (22 May).

Cyber Daily logo
VIEW ALL

Pezzullo’s comments at the Senate estimates come off the back of similar suggestions from the shadow minister for cyber security James Paterson, who raised the idea that the government crackdown on Chinese software and hardware, such as cameras, could be applied to non-government entities, specifically critical infrastructure operators.

During his talk at the Senate estimates, Pezzullo also revealed that the Home Affairs department had placed a block on ChatGPT use by public servants, citing a lack of “proprietary engagement” as the reason.

The block, while not permanent, would prevent the artificial intelligence (AI) tool from being used at an individual level and require those looking to use it to gain special approval.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

Copyright © 2007-2024 MOMENTUMMEDIA
Copyright & DisclaimersPrivacy PolicyTerms & Conditions
momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA