Article Details
Scrape Timestamp (UTC): 2024-10-29 08:31:16.236
Source: https://www.theregister.com/2024/10/29/five_eyes_secure_innovation_campaign/
Original Article Text
Click to Toggle View
Five Eyes nations tell tech startups to take infosec seriously. Again. Only took 'em a year to dish up some scary travel advice, and a Secure Innovation … Placemat?. Cyber security agencies from the Five Eyes nations have delivered on a promise to offer tech startups more guidance on how to stay secure. The Five Eyes nations – Australia, Canada, New Zealand, the UK and US – are best known for their unusually close intelligence-sharing arrangements and joint commitments to defend each other's interests. But in October 2023 the group participated in a summit at which they outlined the extent of the threat posed by Chinese IP theft and delivered five principles to "better inform innovators around the types of threats we face and what they can do about it." Those principles were not rocket science: More than a year later, member nations' infosec agencies have expanded on the principles with a joint campaign that offers advice on how to put the principles into action. In the UK, startups can reference a three-page infographic [PDF] or video. Canada has delivered a guide for tech investors. New Zealand has done rather better with a 33-page advisory [PDF] that offers basic procedures for improving security and responding to incidents. The United States delivered five documents, including one that outlines risks that are prevalent during travel abroad. That document recommends ensuring phones can be remotely wiped, employing on-device encryption, and considering only carrying essential data while travelling. Australia has served up a Secure Innovation Placemat [PDF]. The wide variance in the documents is by design: each Five Eyes nation chose its own approach, although the campaign is a coordinated effort that is billed as "consistent and consolidated advice reflecting both the globalized and interconnected tech startup ecosystem as well as the global nature of the security threats startups face." And everybody uses placemats. Whether this advice will break through the "move fast and break things" culture that many startups nurture is anyone's guess. The Register has reported on security and resilience troubles in the early years at Uber and Lyft, GitLab, and at OpenAI. It might take more than PDF checklists to prevent similar issues in future.
Daily Brief Summary
The Five Eyes intelligence coalition, comprising Australia, Canada, New Zealand, the UK, and the US, has issued new cybersecurity guidance for tech startups.
This guidance focuses on combatting threats such as IP theft, particularly from China, as highlighted in a recent summit.
Each participating country has developed unique materials to help startups implement better security practices; these range from infographics and videos to detailed advisory documents.
The United States has released documents which include advice on managing cyber risks while traveling, such as using remote wipe capabilities and on-device encryption.
New Zealand's contribution includes a comprehensive 33-page advisory that outlines basic security improvements and incident response procedures.
Australia introduced a "Secure Innovation Placemat" as part of its approach to offer straightforward, easily accessible advice.
Despite this coordinated effort, it remains uncertain if these resources will effectively change the prevailing "move fast and break things" culture in many startups.
Historical examples of security issues faced by companies like Uber, Lyft, GitLab, and OpenAI underscore the ongoing challenge of ensuring startups prioritize robust security measures.