Cybersecurity and the overall health of the Internet has become a key concern for governments, enterprises and computer users.
As more people, computers and devices come online (there are approximately 2 billion people using the Internet today), cyber threats have grown more sophisticated and cybercriminals have successfully gathered sensitive data, disrupted critical operations or engaged in other illegal activity such as fraud. Governments around the world have expressed concern that the critical information infrastructures that support their countries could be targeted. In response, many countries have sought to improve critical information infrastructure policy, to build effective information sharing and collaboration capabilities that address threats and vulnerabilities, and to coordinate on responses to increasingly complex cyber incidents.
A year ago, I shared a Rethinking Cyber Threats white paper and recommended a framework for progress within four categories of threat. Since that time, we have witnessed several high profile security and privacy breaches that reinforced the need to develop independent strategic approaches for cybercrime, industrial and military espionage and future cyber conflict. Since that time, and recognizing that we need scalable solutions that work throughout the IT ecosystem, I proposed and continue to evangelize the need for global public-private partnership to ensure a healthy IT environment for Internet citizens around the world.
Today and tomorrow, at the 2nd EastWest Institute Cybersecurity Summit in London, the concept of applying public health models to the Internet will grow beyond the proposal stage in the form of a breakthrough group entitled Collective Action to Improve Global Internet Health. In the session, cyber security policy leaders and security strategists from governments and leading global technology companies will examine the current state of the Internet ecosystem, and collaborate on ways to improve consumer device health and help reduce security risks for all computer users, from individuals, to enterprises (including those managing critical infrastructures), to governments.
More specifically, the group will review the state of current efforts; diagnose major obstacles to applying health models to the Internet; and work together to identify key policy, economic, social and technical milestones necessary to accelerate international progress toward a healthier and safer ecosystem. The EWI breakthrough group expects to publish initial recommendations later this year.
Microsoft is also participating in other breakthrough groups driving progress in other key cyber security areas such as:
· Measuring the Cybersecurity Problem
· Protecting Youth – Building a Global Culture of Digital Citizenship
· Entanglement of Protected Entities in Cyberspace
· Cyber Conflict Policy
· Worldwide Cyber Response Coordination
Also at EWI, I will discuss Cyber Supply Chain Risk Management. As we increasingly rely upon ICT systems for every aspect of daily life, there is increasing concern about the trustworthiness of these systems and whether they are subject to deliberate compromise by those vendors who create and maintain such products. Despite these growing concerns about cyber supply chain risk, there are no commonly agreed upon threat models for vendors and governments to use as a basis for managing such risks. Mindful that the risk cannot be eliminated, governments and industry must collaborate and define what constitutes an appropriate risk management model and create global, transparent supply chain standards for industry to follow.
It is evident that cyber security will remain a top priority for governments, policymakers and citizens around the world, especially as they continue to increase their reliance on information and communications technologies. While comprehensive cyber security legislation has not yet been enacted around the world, policy makers around the world are deepening their commitments to improve cyber security and reduce risk at the national level. For example, governments in the United States, Australia, Brazil, Canada, China, Germany, India, Poland and the United Kingdom have all launched initiatives, offices, and programs to protect cyberspace. In addition, the European Union, G8 and other multi-lateral organizations have driven efforts to expand and enhance international cyber security efforts.
Without international collaboration, the efforts around the world run the risk of developing solutions that are inefficient (since the Internet requires global solutions), inconsistent or, even worse, conflicting. I believe that long-term success depends on thoughtful and active public-private partnerships. With these partnerships, international policy makers and thought leaders can come together, share ideas, and build constructive engagement models that improve cyber security. As cyber security threats continue to evolve, Microsoft values this opportunity to work together with governments and industry around the world to create a safer and more trusted Internet.
I hope to continue this conversation and encourage readers to provide us with comments and feedback on this blog and the linked reference materials.
Blog and Twitter