The need for a Digital Geneva Convention

This year’s RSA Conference in San Francisco brings the world’s security professionals together to discuss cybersecurity at a critical time.  The past year has witnessed not just the growth of cybercrime, but a proliferation in cyberattacks that is both new and disconcerting.  This has included not only cyber-attacks mounted for financial gain, but new nation-state attacks as well.  As engineers and other employees across the tech sector meet in San … Read more »

Staying civil online

On the occasion of Safer Internet Day 2017, Microsoft has published its first Digital Civility Index showing people’s perceptions of online behaviors and interactions in 14 different countries. The results demonstrate an urgent need to reinforce a culture of digital civility and promote effective public policies that protect people online, and we are encouraging people to take Microsoft’s “Digital Civility Challenge”. It’s no coincidence that the same adjective that relates … Read more »

A lack of cybernorms threatens Western democracies

Election season has upended cybernorms. It all started before the 2016 U.S. presidential election when U.S. officials alleged that Russia had hacked the Democratic National Committee and orchestrated cyberattacks to influence the electoral outcome. “The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations,” read a joint statement from the U.S. Department of … Read more »

Building a cloud for global good

Today Satya Nadella and I are in Dublin. It’s the first stop on a trip that will also take us to Paris and Berlin, with Satya also visiting London. We’re spending this week meeting with customers, partners, developers and government leaders. We’ll talk about how the Microsoft Cloud is driving the transformation of businesses and industries across Europe and around the world. We’ll talk about how our customers have harnessed … Read more »

Pardon the “intrusion”: advancing the dialogue on export controls and “intrusion software”

Since I wrote about Microsoft’s comments on the Proposed Rule under the Wassenaar Arrangement, Microsoft has been continuing to work with the Wassenaar member states and the security community to find a balance between the needs of security researchers and regulators. Today, Microsoft is furthering the conversation by publishing a whitepaper entitled “Rethinking Intrusion Software: Ideas for a more sustainable approach”. In 2013, members of an export control regime known … Read more »

The role of cybernorms in preventing digital warfare

Today, leaders from NATO countries and partners are meeting in Warsaw for a landmark Summit. Cybersecurity will figure prominently on the agenda. Today’s security landscape has evolved since the first NATO summit held almost 60 decades ago. With threats becoming more hybrid in nature, the role of “cyber” has increased significantly; a state of affairs which the Summit is likely to recognize in designating cyber as the “fifth domain of … Read more »

Do you have a license for cybersecurity?

Cyber threats move at Internet speed and so must cyber responders, to protect networks and data both in Europe and across the globe. Imagine the impact on cybersecurity if responders, innovators, and developers were told to pause and apply for an export license before responding to a threat. That’s what will happen under a new and overbroad cybersecurity regulation aimed at “intrusion software.” Recently, the Coalition for Responsible Cybersecurity and … Read more »

Survival of the most (cyber) resilient

By 2045, more than 70% of the world’s population will live in urban areas, giving cities a level of power and importance unrivaled in all of human history. But its leaders must also face new challenges that once were just the domain of the nation state, including unemployment and gentrification, climate change, terrorism, and the impact of rapid digitization. Because cities wish to thrive, rather than merely survive, many are … Read more »

In it together – Developing cybernorms is a shared responsibility

Cybersecurity norms development remains an increasingly important international security imperative. In the past year, governments – either through the work done by the United Nations Group of Governmental Experts on Information Security, or by the Group of Twenty’s international forum of 20 governments and central banks from major economies– have elevated their commitment to cybersecurity by proposing norms to address security challenges caused by the exploitation of information and communications … Read more »

What’s Next for EU Cybersecurity after the NIS Agreement?

After three years of intense negotiations, the EU finally reached agreement on the Network and Information Security (NIS) Directive this past December. Politically, all that remains to be done is for the text to be formally approved by the European Parliament and the Council of the EU in the coming months. Then Member States will have 21 months to implement this landmark legislation. At a technical level, however, there’s still … Read more »