Artificial intelligence and cybersecurity: The future is here

Although we’re a very long way from putting artificial intelligence (AI) in charge of national defense, the use of AI in cybersecurity isn’t science fiction. The ability of machines to rapidly analyze and respond to the unprecedented quantities of data is becoming indispensable as cyberattacks’ frequency, scale and sophistication all continue to increase. The research being done today shows that automated cybersecurity systems can do many things with only limited … Read more »

Cybersecurity and cyber-resilience – Equally important but different

The  October Mirai-based IoT attack demonstrated an important and often neglected consequence of technology’s expansion into every aspect of our daily lives, as well as into the systems that underpin our economies and societies. We have never been as exposed to cyberattacks and because technology’s pervasiveness in our lives the possible consequences of attacks, such as the one that occurred last month, are going to be more widespread and troublesome … Read more »

FedRAMP High: Trust is cloud security validated

The latest Government Office of Accountability report dealing with the security of high impact information technology (IT) systems continues to point out opportunities for improvement in cybersecurity across the US Federal Government. While improvements have been made, the persistence of the challenge is disquieting.  Particularly troubling is that many of the concerns result from long-standing and well known inefficiencies in the government’s current IT environment, such as low asset utilization, … Read more »

Microsoft’s Perspective on the Benefits, Challenges, and Potential Roles for Government in Fostering the Advancement of the Internet of Things (IoT)

Microsoft recently filed comments with the U.S. Department of Commerce and the National Telecommunications and Information Administration (NTIA) on the benefits, challenges, and potential roles for the government in fostering the advancement of IoT, which can be read here. In addition to commending NTIA for undertaking this timely public consultation and for providing comments received for public review, I wanted to summarize Microsoft’s policy perspectives and recommendations. Microsoft’s comments encourage … Read more »

Survival of the most (cyber) resilient

By 2045, more than 70% of the world’s population will live in urban areas, giving cities a level of power and importance unrivaled in all of human history. But its leaders must also face new challenges that once were just the domain of the nation state, including unemployment and gentrification, climate change, terrorism, and the impact of rapid digitization. Because cities wish to thrive, rather than merely survive, many are … Read more »

Cyber Resilience: rethinking risk management

The rapid pace of technological evolution and dramatic increases in connectivity are sparking discussion about what systemic cyber risks what might look like and how best manage them. In late April, Microsoft partnered with the World Economic Forum Council on Risk and Resilience on a workshop addressing the topics of systemic cyber risk and possible approaches to avert the dangers it poses. The interactive workshop focused on the financial services, … Read more »

Global cybersecurity policy: Finding a balance between security and competitiveness

Over the past decade, billions around the world have benefited from the exponential growth of the online environment and associated economic opportunities. However, this pervasive use of computing has also given rise to the more nefarious elements of the criminal underworld. As a result, cybersecurity is now a major concern for organizations and the global cybersecurity market is forecast to be worth US$170 billion by 2020, growing in step with … Read more »

A call to raise awareness and adoption of vulnerability disclosure and handling best practices

Over the past few years, technology companies have increasingly moved toward partnering with security researchers to better protect their products, services, and customers. Recognizing that vulnerability research is a valuable part of securing the online environment, they have matured programs to work together with researchers in receiving, triaging, and responding to reports. Microsoft’s focus on coordinating with researchers has developed over time. As we launched our first BlueHat Briefing in … Read more »

Working to increase the cyber resilience of cities around the globe

A year ago, Microsoft and the Rockefeller Foundation announced that we will be partnering on their 100 Resilient Cities challenge, in an effort to help cities address emerging cyber resilience needs. Our particular objective for joining the effort has been to help cities improve their digital resilience, and ensure that they are better able to withstand and recover from the shocks and stresses that are a growing part of life … Read more »

Cybersecurity norms: From concept to implementation

Last year Microsoft put forward six cybersecurity norms with the aim of reducing conflict in cyberspace and protecting global trust in technology. They offer considerations for limiting nation-state activity against commercial, mass-market ICT; responsible handling of ICT vulnerabilities and cyber weapons; appropriate conduct of offensive operations in cyberspace; and support for private sector management of cyber events. However, while we remain the only industry player to offer a proposal in … Read more »