Readout: Director Easterly Visits Carnegie Mellon University, Calls for “Radical Change” for Technology Product Safety in Major Address
PITTSBURGH – This morning, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly traveled to Carnegie Mellon University (CMU)—home to one of the nation’s top undergraduate computer science programs and top engineering programs—to deliver a speech that called on technology providers to do more to prioritize security. The speech, introduced by CMU President Farnam Jahanian and titled Unsafe at Any CPU Speed: The Designed-in Dangers of Technology and What We Can Do About It, highlighted the great programs at CMU that are helping to educate our next generation of cybersecurity experts, and also discussed the need for radical changes to the technology industry so that tech products are both secure-by-design and secure-by-default.
Following her speech, Director Easterly participated in a fireside chat with CMU Vice President for Research Theresa Mayer where they discussed the current cyber threat landscape and how universities can do more to incentivize product safety.
In addition to her speech and fireside chat, Director Easterly participated in several other engagements on campus, including a “Women in Cyber Security” roundtable discussion with CMU students where they discussed the gender gap in cybersecurity and the need to create more pipelines for women to pursue careers in cyber. She also took a tour of CMU’s Cylab and Robotics Lab to see how cutting-edge research in cybersecurity and robotics is fueling new technologies and shaping public policy. And she participated in a briefing at the Software Engineering Institute—the first federal lab dedicated to software engineering, well known for its contributions to critical national security challenges in the software and cybersecurity space.
Read Director Easterly’s remarks as prepared here.
- “As we’ve integrated technology into nearly every facet of our lives, we’ve unwittingly come to accept as normal that such technology is dangerous-by-design.”
- “This situation is not sustainable. We need a new model. A model in which we can place implicit trust in the safety and integrity of the technology products that we use every hour of every day, technology which underpins our most critical functions and services. A model in which responsibility for technology safety is shared based upon an organization’s ability to bear the burden and where problems are fixed at the earliest possible stage—that is, when the technology is designed rather than when it is being used. A model that emphasizes collaboration as a prerequisite to self-preservation and a recognition that a cyber threat to one organization is a safety threat to all organizations.”
- “In short, strong security should be a standard feature of virtually every technology product, and especially those that support the critical infrastructure that Americans rely on daily.”
- “Achieving this outcome will require a significant shift in how technology is produced, including the code used to develop software, but ultimately, such a transition to secure-by-default and secure-by-design products will help both organizations and technology providers: it will mean less time fixing problems, more time focusing on innovation and growth, and importantly, it will make life much harder for our adversaries.”
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.