House Task Force Provides Framework for Legislative Action on Cyber Security

This week, the House Cyber Security Task Force, chaired by Rep. Thornberry, released its recommendations and report to help guide legislative action on cybersecurity. The Task Force recommendations represent another key milestone in our combined private and public sector efforts to address the cybersecurity challenges of the Information Age. The Task Force has recommended a general framework to use in addressing four issue areas within cybersecurity as follows:

1) Critical Infrastructure and Incentives

2) Information Sharing and Public-Private Partnerships

3) Updating Existing Cybersecurity Laws

4) Legal Authorities

I had the privilege to meet with the Task Force recently to discuss the cybersecurity challenges facing the United States. I would like to thank them for their thoughtfulness and diligence in listening to the many stakeholders’ input and articulating a clear and constructive set of recommendations to enhance cybersecurity and a framework for legislative action. At Microsoft, we work every day to improve the technologies, processes and procedures used to protect our customers, our assets and the entire computing ecosystem. Although our company, other IT companies, and the individuals, enterprises, and governments that rely on cyberspace have made demonstrable improvements in cybersecurity, these efforts are constantly challenged by an increasing number and sophistication of cyber attacks.

Microsoft focuses on a range of security issues that impact all our customers, small and large, and we believe the Task Force recommendations can help incent and drive security improvements more broadly across the ecosystem and can increase collaboration to more rapidly address threats and incidents. With those outcomes in mind, I was particularly encouraged to see that the Task Force recommendations consider the complex interplay of voluntary incentives, market forces and other measures to address the range of risks facing our infrastructure, and the need to ensure that companies who are doing the right things and actively managing risks in accordance with generally accepted standards and practices are protected from liability.

The Task Force recommendations regarding information sharing also reflect an understanding that we need to remove legal barriers and disincentives to enable sharing of timely and actionable threat information with parties who are best positioned to act and reduce risk. Microsoft looks forward to continuing to work with the Task Force, the committees of jurisdiction in the House and with members on both sides of the aisle to strengthen our cybersecurity.

In the last few years, I have met with members and staff in both chambers and from both parties to discuss cyber risks and how to maximize government action and industry expertise in addressing those risks. Thoughtful and informed proposals have been advanced in both the Senate and the House and from the Administration because these policy makers recognize the national security and economic implications of inaction. I would like to encourage continued bipartisan engagement and legislative action to better secure sensitive networks and the nation’s critical infrastructure, and broader, more national dialogue on how to secure the computing ecosystem.

About the Author

Corporate Vice President, Trustworthy Computing, Microsoft

Scott Charney is Corporate Vice President for Microsoft’s Trustworthy Computing Group. Mr. Charney is responsible for a range of corporate programs that influence the security, privacy and reliability of Microsoft’s products, services and internal networks. He also manages the Engineering Excellence Team, a group focused on promoting best-of-breed engineering practices and ensuring compliance with Microsoft’s mandatory engineering policies. Prior to joining Microsoft, Mr. Charney served as a Principal at PricewaterhouseCoopers, where he led the firm’s Digital Risk Management and Forensics Practice. Before that, Mr. Charney served as Chief of the Computer Crime and Intellectual Property Section (CCIPS) where he was responsible for implementing the Justice Department's computer crime and intellectual property initiatives. Prior to leading CCIPS, Mr. Charney served as an Assistant United States Attorney responsible for the investigation and prosecution of complex cases involving organized crime and as an Assistant District Attorney in Bronx County, New York, where he was responsible for prosecuting persistent violent felony offenders. He also served as Deputy Chief of the Investigations Bureau.