This week, the House Cyber Security Task Force, chaired by Rep. Thornberry, released its recommendations and report to help guide legislative action on cybersecurity. The Task Force recommendations represent another key milestone in our combined private and public sector efforts to address the cybersecurity challenges of the Information Age. The Task Force has recommended a general framework to use in addressing four issue areas within cybersecurity as follows:
1) Critical Infrastructure and Incentives
2) Information Sharing and Public-Private Partnerships
3) Updating Existing Cybersecurity Laws
4) Legal Authorities
I had the privilege to meet with the Task Force recently to discuss the cybersecurity challenges facing the United States. I would like to thank them for their thoughtfulness and diligence in listening to the many stakeholders’ input and articulating a clear and constructive set of recommendations to enhance cybersecurity and a framework for legislative action. At Microsoft, we work every day to improve the technologies, processes and procedures used to protect our customers, our assets and the entire computing ecosystem. Although our company, other IT companies, and the individuals, enterprises, and governments that rely on cyberspace have made demonstrable improvements in cybersecurity, these efforts are constantly challenged by an increasing number and sophistication of cyber attacks.
Microsoft focuses on a range of security issues that impact all our customers, small and large, and we believe the Task Force recommendations can help incent and drive security improvements more broadly across the ecosystem and can increase collaboration to more rapidly address threats and incidents. With those outcomes in mind, I was particularly encouraged to see that the Task Force recommendations consider the complex interplay of voluntary incentives, market forces and other measures to address the range of risks facing our infrastructure, and the need to ensure that companies who are doing the right things and actively managing risks in accordance with generally accepted standards and practices are protected from liability.
The Task Force recommendations regarding information sharing also reflect an understanding that we need to remove legal barriers and disincentives to enable sharing of timely and actionable threat information with parties who are best positioned to act and reduce risk. Microsoft looks forward to continuing to work with the Task Force, the committees of jurisdiction in the House and with members on both sides of the aisle to strengthen our cybersecurity.
In the last few years, I have met with members and staff in both chambers and from both parties to discuss cyber risks and how to maximize government action and industry expertise in addressing those risks. Thoughtful and informed proposals have been advanced in both the Senate and the House and from the Administration because these policy makers recognize the national security and economic implications of inaction. I would like to encourage continued bipartisan engagement and legislative action to better secure sensitive networks and the nation’s critical infrastructure, and broader, more national dialogue on how to secure the computing ecosystem.