Infosecurity Europe Conference , Video , Vulnerability Assessment & Penetration Testing (VA/PT)

The Future of Digital Security by Design

Professor John Goodacre on Cybersecurity by Design vs. Cybersecurity by Default
John Goodacre, professor, The University of Manchester, and director, Digital Security by Design, UKRI

Two key concepts are shaping how organizations protect their digital assets: cybersecurity by default and cybersecurity by design. John Goodacre, professor at The University of Manchester and director of Digital Security by Design at UK Research and Innovation, stressed the importance of designing technology that "in its architecture and construction" protects against vulnerabilities - a shift from traditional methods that manage risk after deployment.

See Also: Expel: Firms Still Threatened by Old Vulnerabilities

The Digital Security by Design program, a U.K. government initiative, has proven the efficacy of this proactive approach. While cybersecurity by default involves implementing security measures that minimize the attack surface and vulnerabilities from the outset, cybersecurity by design integrates security features into the construction of its systems, ensuring that security is inherent in the system's operation, he said.

"We've got the ecosystem. We had businesses that were going commercial and bringing this technology to market," Goodacre said. "Initially, it's going to be in deeply embedded systems, but the idea is that the hardware of a computer can protect the software against its vulnerabilities, so it cannot be exploited as easily."

In this video interview with Information Security Media Group at Infosecurity Europe 2024, Goodacre discussed:

  • How integrating memory-safe hardware into digital systems reduces the risk of common vulnerabilities;
  • The shift from IT operational expenses to capital investments for long-term security;
  • The role of compartmentalization in minimizing exploitation risks.

Goodacre's research interests include new processing paradigms, web-scale servers, exascale-efficient systems, and secure and ubiquitous computing. He spent 17 years as director of technology and systems at Arm, where he defined and introduced the first multicore processors and other widely deployed technologies.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.