U.S. cyber official praises Apple security and suggests Microsoft, Twitter need to step it up

News

Products You May Like

In this article

Jen Easterly, nominee to be the Director of the Homeland Security Cybersecurity and Infrastructure Security Agency, testifies during her confirmation hearing before the Senate Homeland Security and Governmental Affairs Committee on June 10, 2021 in Washington, DC.
Kevin Dietsch | Getty Images

A top U.S. cybersecurity official urged businesses to take on more of the burden of securing their services for customers and suggested that new legislation should hold them accountable for creating and maintaining secure software.

Cybersecurity and Infrastructure Security Agency Director Jen Easterly held up Apple as a positive example of accountability and transparency for its security practices during a speech delivered Monday at Carnegie Mellon University.

She pointed to Apple’s disclosure that 95% of iCloud users enable multifactor authentication, or MFA, a highly recommended security measure that requires a user to input a code sent to a different device or account during sign-in to guard against hackers. Easterly said the high adoption rate is a result of Apple making MFA the default.

In doing so, Easterly said, “Apple is taking ownership for the security outcomes of their users.”

By contrast, Easterly said there are low MFA adoption rates at Microsoft and Twitter. She said the roughly one-quarter of Microsoft enterprise customers who use MFA, and fewer than 3% of Twitter users who use it, is “disappointing.”

Still, she praised the companies for their transparency in disclosing the numbers.

“By providing radical transparency around MFA adoption, these organizations are helping shine a light on the necessity of security by default,” Easterly said, per her prepared remarks. “More should follow their lead— in fact, every organization should demand transparency regarding the practices and controls adopted by technology providers and then demand adoption of such practices as basic criteria for acceptability before procurement or use.”

Easterly suggested that new legislation should “prevent technology manufacturers from disclaiming liability by contract, establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services.”

Microsoft and Twitter did not immediately provide comment.

Subscribe to CNBC on YouTube.

WATCH: Closing keynote: The White House is serious about cybersecurity

Products You May Like

Articles You May Like

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack
Itel Flip One Feature Phone Set to Launch in India in September
PS5 Pro Design, Launch Timeline Leaked; New Console Might Come Without Disc Drive
Oppo Enco Air 4 With Active Noise Cancellation, IP55 Rating Unveiled: Price, Specifications
Apple, Nvidia in Talks to Join OpenAI Funding Round: Reports

Leave a Reply

Your email address will not be published. Required fields are marked *