REDMOND, Wash., Feb. 3, 2005 — Microsoft Chairman and Chief Software Architect Bill Gates has announced the Security Cooperation Program, a global initiative that provides a structured way for governments and Microsoft to engage in cooperative security activities related to computer incident response, attack mitigation, and citizen outreach.
Thomas Jarrett, Secretary, Department of Technology and Information, State of Delaware
Gates said Microsoft developed the Security Cooperation Program, which he announced this week at the companys 2005 European Government Leaders Forum in Prague, Czech Republic, in response to requests from its government customers for increased project collaboration and information sharing. This new initiative builds on Microsofts ongoing commitment to provide targeted IT security solutions that meet the unique needs of national, state, provincial and local government organizations worldwide.
Microsoft launched the new initiative with global support, which includes commitments from several national and state governments. In the U.S., Delaware was the first state to sign up for the Security Cooperation Program. To learn more about this new initiative, and how it will benefit the State of Delaware and other governments in the United States and around the world, PressPass spoke with the Thomas Jarrett , Secretary of the Delaware Department of Technology and Information, and Gerri Elliott , corporate vice president for Worldwide Public Sector at Microsoft.
PressPass: What is the new Security Cooperation Program (SCP), and how does it fit with Microsofts other government security initiatives, like the Government Security Program (GSP) and the security mobilization effort?
Elliott: These initiatives are part of Microsofts broader security efforts, which are designed to help safeguard our customers security and privacy. In terms of these government security initiatives, its important to understand what each one accomplishes, and how they all work together.
The Government Security Program provides national governments with access to Windows and Office source code, and addresses issues related to the security of Microsoft products. Microsoft is currently working with 35 national government representatives who are responsible for establishing IT policies and standards in their countries, and who make IT purchasing decisions.
Both the security mobilization effort and the new Security Cooperation Program are open to a broader range of government representatives, including those from states, provinces and local governments. The security mobilization effort focuses on the secure deployment of Microsoft products, and it involves proactive and cooperative engagement between Microsoft and IT professionals and developers in government agencies that manage and maintain their own IT infrastructure.
Building on the success of the Government Security Program and the security mobilization effort, the Security Cooperation Program focuses on creating mutually beneficial relationships and cooperative security activities in the areas of computer incident response, attack mitigation, and citizen outreach. The goal of the Security Cooperation Program is to help governments address threats to national security, economic strength, and public safety more efficiently and effectively through cooperative projects and information sharing. Membership may include any government agency involved in incident response or public outreach for the protection of critical infrastructures, whether they reside in the government itself or in the country, state, or other government service area as a whole.
PressPass: Why are security programs and initiatives like these important to governments?
Jarrett: In todays security-sensitive times, it is vital to get and share information as quickly as possible when we are faced with threats to our state network security. In this environment, minutes are everything, so collaborating with a large software firm like Microsoft, whose software our state deploys, just makes good common sense.
Elliott: Secretary Jarrett makes an excellent point; governments worldwide face an increasingly complex set of security challenges with widespread implications. Microsoft developed these security initiatives in direct response to requests from our government customers. We understand that in matters of security, economic strength and public safety, governments have a unique need for information concerning the security of their IT environments. Through the project collaboration and information sharing in the Security Cooperation Program, government agencies will be better able to anticipate, help prevent, respond to, and mitigate the effects of IT security attacks.
PressPass: What unique security needs do governments have as opposed to companies and organizations in the private sector?
Jarrett: Many private sector companies and organizations provide important information to the public, but do not necessarily conduct everyday business online.
State governments, on the other hand, are charged with providing public-access technology that permits and even encourages our residents to do much of their government business online. At any given moment, thousands of people are accessing our portal and our agency Web sites, and conducting daily business utilizing the states network.
Another feature, perhaps unique to Delaware, is that our state network also includes all 19 school districts. When you add thousands of students accessing the network from libraries, computer labs and classrooms, you open up a whole new set of security concerns.
PressPass: How do private sector organizations like Microsoft help governments assure the reliability of their critical IT systems?
Elliott: Under the Security Cooperation Program, Microsoft creates proactive relationships with governments to address risk assessment and to help governments reconfigure their IT infrastructure to mitigate the impact of security attacks. This includes assistance with deploying patch management and anti-virus systems, and developing collaborations to share information and resources.
Jarrett: The proactive relationship that Ms. Elliott is talking about is one of the most significant values that Microsoft brings to the table. Governments need resources and expertise, because in many cases we dont have a large pool of people within our organizations with a deep understanding of security issues. By combining our understanding of our own networks with the expertise of a vendor like Microsoft, we are able to strengthen our security systems to ensure that the information we are charged to protect for every citizen is kept secure.
Elliott: Being proactive to help Delaware and other governments strengthen their IT security is part of our ongoing security effort. The SCP complements and enhances our other activities in this critical area.
PressPass: Why did Delaware decide to sign up for the Security Cooperation Program?
Jarrett: Delawares motto is Its Good Being First, and were delighted to be the first state in the country to join the Security Cooperation Program.
Thankfully, there was no incident or security attack that led us to join this program. Delaware is very active in NASCIO (the National Association of State Chief Information Officers), and it is my good fortune to serve as NASCIOs current president. At one of the NASCIO meetings, I had the pleasure of talking with Stuart McKee, U.S. National Technology Officer for Microsoft, and he shared with me the potential opportunity of this program. After reviewing the program and its benefits, we decided to join.
PressPass: How will Delaware and other governments benefit from participation in the Microsoft Security Cooperation Program?
Jarrett: As governments everywhere look to cut costs and provide more services through e-government, it is very important that people feel comfortable going online to use our technology.
Were all facing increased incidents of identify theft, spoofing and phishing, and cooperatively sharing information with Microsoft and the other members of Microsofts Security Cooperation Program allows us to have the most up-to-date and accurate methods available to mitigate security attacks and risks. Having more direct access to information about upcoming and released software updates will help us with resource planning and deployment.
I also believe that governments play the key role in informing citizens about emergencies, whether they are physical or cyber in nature. Our role is to have technology solutions available that will give citizens nearly immediate access to crucial information they will require if an emergency occurs. Having the ability to share resources and expertise with Microsoft and other members of the SCP will help us achieve that goal.
Elliott: Secretary Jarrett has just highlighted some of the major reasons why Microsoft developed the Security Cooperation Program and our other government security initiatives. We recognize that governments have unique needs and are concerned about the safety of their citizens, as well as the economic and educational opportunities that governments provide. Thats why we have made a long-term commitment to assist and support governments in their efforts to provide ongoing security, safety and opportunity for the people they serve.
We are working with governments to help them develop strong, sustainable IT infrastructures that are easy to use and provide value through innovative technology, a clear roadmap for future development, and access to source code to improve IT security and implementation.
Microsoft enjoys a strong relationship with the State of Delaware and other governments, and we look forward to helping them address their IT needs in a way that delivers value to the governments and their citizens.