As the cybersecurity landscape evolves, the concepts of “cyber security”, secure by default", and "secure by design" are increasingly used interchangeably, creating ambiguity in implementation and policy. This talk aims to clarify these terms and review government approaches and the language changes that are shaping the future of cybersecurity. By shifting liability and responsibility earlier in the supply chain, governments and organisations are working to ensure robust security measures are embedded from the outset.

We will explore how these shifts have been reflected in National Government Strategies, with insights into collaborative statements and road mapping from CISA and other partner countries. The discussion will highlight the importance of embedding security measures in fostering stronger supply chain resilience and outline practical steps for engaging with supply chains on security matters.

Additionally, we will delve into case studies of initiatives that exemplify "secure by design" principles, such as the DSbD/CHERI project and creation of a Root of Trust through a certified Platform Security Architecture. These examples will illustrate the tangible benefits and challenges of implementing secure design practices in real-world scenarios.

Attendees will leave with a comprehensive understanding of the evolving landscape of cybersecurity, the importance of driving for early interventions, and practical insights into fostering secure development practices across supply chains.