Proposed Cybersecurity Norms to Reduce Conflict in an Internet-dependent World

The Internet has by and large been a cause for good, driving economic growth across developed and emerging economies, connecting individuals and communities to previously unattainable services, and propelling innovation online, as well as offline. Today, all over the world public utilities, banks, and governments use the Internet, cloud services, and mobile technology to enhance their productivity. Unfortunately, the benefits of greater connectivity have also brought about increased information security … Read more »

What will cybersecurity look like in 2025?, Part 1: The catalysts that will shape the future

Cybersecurity challenges are emerging not just from the commonly recognized sources – criminals, malware, or even targeted cyber-attacks – they can grow from public policies as well.  A research report we released last month, Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain, seeks to look over the horizon and beyond technical trends to anticipate future catalysts for change as well as equip policy makers for tomorrow’s digital landscape. Read more

The Role of Big Data in Increasing Security and Resilience to Catastrophic Events

Technology is changing the world around us, and creating new opportunities to solve old problems. The number of Internet users, and the devices they connect to the Internet, will continue to grow rapidly in the next decade.  The Internet of Things will take root in our everyday lives, and create new and powerful data streams. This “big data” has the potential to be of tremendous value in many aspects of … Read more »

At Globsec 2014, Cybersecurity takes its place on the international stage

Yesterday, I participated in the opening remarks at this year’s GLOBSEC Bratislava Global Security Forum, one of the largest foreign policy and security conferences in Europe.  In my remarks I noted that at this year’s conference, much of the online world was included in traditional security topics such as global power shifts, military capabilities, and economic concerns. The increased focus on cybersecurity is not a surprise, as countries today are … Read more »

Updated Cybersecurity Papers on Supply Chain Security and Critical Infrastructure Protection

Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing Today we’re releasing updated versions of two popular white papers on software supply chain security and critical infrastructure protection.  These papers draw on our policies and practices that involve regular assessments of the security challenges facing our customers and our operations, as well as ongoing learnings gained through our experiences defending more than one billion users from cyber-threats.  We are pleased … Read more »

The NIST Cybersecurity Framework: A Significant Milestone towards Critical Infrastructure Resiliency

Posted by Matt Thomlinson, Vice President, Microsoft Security Yesterday, the Administration released the much anticipated Cybersecurity Framework.  What does the Framework mean for the critical infrastructures, both in the United States and beyond?  The Framework, developed over the past year by the National Institute of Standards and Technology (NIST), is a significant milestone in an ongoing and successful collaboration among a broad range of industry and government organizations concerned with … Read more »

Microsoft Offers U.S. Department of Defense Recommendations on the Role of International Standards in Software Assurance

Last week, Microsoft filed comments with the U.S. Department of Defense in response to a Request for Information regarding software assurance (SwA) practices and the governance of SwA programs. We were pleased to have the opportunity to provide input and share our experiences building a robust SwA program.   Read more

The Cybersecurity Risk Paradox: Measuring the Impact of Social, Economic, and Technological Factors on Cybersecurity

Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing This morning we released a new special edition of the Microsoft Security Intelligence Report entitled The Cybersecurity Risk Paradox: Impact of Social, Economic, and Technological Factors on Rates of Malware.  Last year, we released a special edition to the Microsoft Security Intelligence Report titled Linking Cybersecurity Outcomes and Policies, which described specific ways that social and economic factors affect cybersecurity development worldwide. Today … Read more »

Microsoft’s Perspective on the NIST Preliminary Cybersecurity Framework: Four Recommendations for the Final Stages of Development

Last week, Microsoft filed comments with the National Institute of Standards and Technology (NIST) on the Preliminary Cybersecurity Framework, which can be read here.  I wanted to share a summary of our perspective on the Framework, as well as our recommendations to NIST as they continue development for final publication in February 2014.  These comments are a continuation of our efforts to encourage thoughtful consideration of the Framework through convening events at … Read more »

Maslow and Malware: Developing a Hierarchy of Needs for Cybersecurity

Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing The pervasive use of computing and the Internet means that cybersecurity is now a major concern for organizations around the world. In response, decision makers are developing plans that seek to ensure key assets, systems and networks remain protected in this new environment, while preserving the benefits that come with broad connectivity. However, these approaches vary considerably, according to the different needs … Read more »