LONDON — May 31, 2011— In the shared and integrated domain of the Internet, organizations, governments and consumers face a myriad of threats that are technically advanced, persistent, well-funded and motivated by profit or strategic advantage. Many industries and corporations, including Microsoft, are investing in international collaborative efforts to help protect all users from the rapidly-changing threat landscape.
The EastWest Institute (EWI) Worldwide Cybersecurity Summit brings together government and business leaders from around the world to discuss emerging issues. Agenda items for the two-day summit that begins today include addressing cross-border cybersecurity challenges, setting new models for private-public-sector leadership in addressing high-priority security threats and vulnerabilities, and collaborating on the most pressing issues in global management of critical information infrastructure.
Scott Charney, corporate vice president, Microsoft Trustworthy Computing Group
Collective Action to Improve Global Internet Health
Scott Charney, corporate vice president of Trustworthy Computing, spearheads the discussion for Microsoft across a range of critical areas including cyberthreats, adoption of a public health model for Internet security, and broad-based efforts to promote or use collective defense to help protect consumers. In the white paper, Collective Defense: Applying Public Health Models to the Internet, released in October 2010, Charney discussed these subjects and the importance of Microsoft taking a leadership role in collaboration with the public-private sector to create a safer Internet.
“A public health model can empower consumers and improve Internet security,” Charney said. “Microsoft is collaborating with industry and governments around the world to take action now by adopting a public health model for the Internet to protect users from threats worldwide.”
Discussion of Microsoft’s vision for an Internet Health model comes at a pivotal time. There is currently no global, coordinated approach to protecting people from the potential dangers of the Internet. The growing dependence on the Internet — with users numbering 2 billion globally — makes reliability of the infrastructure more important than ever. In response, many countries have sought to improve public education and awareness of cyber-risks, to build effective collaboration that addresses threats, and to coordinate responses to increasing complex cyberincidents.
Cybersecurity Breakthrough Groups
At the Cybersecurity Summit, the concept of Internet Health will grow beyond the proposal stage in the form of an EWI breakthrough group co-chaired by Charney, titled “Collective Action to Improve Global Internet Health.”
“Microsoft’s work with the EastWest Institute and our multinational teams shows not only the company’s truly global character, but also demonstrates that our information and network security can only come from new international measures,” EWI Vice President Greg Austin said.
In the working sessions, cybersecurity policy leaders and security strategists from governments and leading global technology companies will examine the current state of the Internet ecosystem and collaborate on ways to improve consumer device health and help reduce security risks for users, vendors, service providers, governments and critical infrastructures. The group will focus on Internet Health challenges, review the state of current efforts, diagnose major obstacles and work together to identify key political, economic, social and technical milestones necessary to accelerate international progress toward a healthier and safer ecosystem. A list of recommendations from the group is expected to be published later in the year.
Cybersecurity has become a top priority for governments and policymakers around the world. Internationally, governments in Australia, Brazil, Canada, China, Germany, India and the U.K. all have launched initiatives and programs to protect cyberspace. Several countries have proposed cybersecurity legislation aimed at protecting citizens and critical infrastructure. In the U.S., seven cybersecurity bills were introduced in Congress including domestic and international proposals introduced by the Obama administration last month. This growing cybersecurity policy focus validates the need for stakeholders in both government and industry to cooperate on a global cybersecurity framework.
“As cybersecurity threats continue to evolve, it is imperative that governments and industry around the world work together to create a safer and more trusted Internet. The EastWest Institute breakthrough group provides an opportunity for leaders to convene with global industry and government counterparts and drive collective action on important cybersecurity issues like Internet Health,” Charney said.
In addition to the work on Internet Health, senior experts from Microsoft are participating in cybersecurity breakthrough groups driving progress in other key areas:
Measuring the cybersecurity problem
Protecting youth — building a global culture of digital citizenship
Entanglement of protected entities in cyberspace
Worldwide cyber-response coordination
Developing supply chain integrity
Despite growing concerns about cybersupply chain risk management, there are no commonly agreed upon threat models for vendors and governments to use as a basis for managing risks.
Trusted Supply Chain
On Thursday at EWI, Charney will speak on global concerns around supply-chain integrity and outline a proposal for a common, risk-based model outlined in a new Microsoft white paper, “Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust,” to be published later this month. Governments, businesses and individuals increasingly rely on information and communication technology systems, and with that comes the importance of governments, businesses and individuals evaluating the trustworthiness of the infrastructure and how components are built and delivered.
Mindful that the risk cannot be eliminated, governments and industry must nevertheless collaborate and define what constitutes an appropriate risk management model and create global, transparent supply chain standards for industry to follow, Charney said. The white paper concludes that the industry needs to work cooperatively to create a consistent, transparent and stable approach across borders in an effort to preserve the benefits of open and free global trade.
“The diversity of suppliers and the complexity of many products make managing cybersupply chain risk particularly challenging, but not insurmountable. Governments need to re-examine their understanding of cybersupply chain risk, recognize it as a shared problem that all countries must now confront, and seek solutions that build bridges rather than exclusionary trade walls,” Charney said.
Managing supply chain risk is a shared challenge that all nations must confront.
EWI, sponsor of this week’s Cybersecurity Summit, began in the early 1980s as a global think tank focused on geopolitical security issues like U.S.-Soviet relations during the Cold War. After achieving many successes on the geopolitical front, the organization recently turned its attention toward other major security issues and identified cybersecurity as a pressing global concern. The decision to focus on cybersecurity represented the first time that EWI has worked with the business community to solve a security issue, and the focus has continually grown among public and private sectors. In an opinion article in Politico earlier this year, U.S. Sen. Susan Collins, R-Maine, argued that amid the increased threats on the Internet, it is “crucial that we build a strong public-private partnership to protect cyberspace,” calling the Internet “a vital engine of our economy, our government, our country and our future.”
Microsoft values this opportunity to work together with governments and industry at EWI to develop a collective approach to cybersecurity that can lead to helping Internet citizens protect themselves from threats and experience a safer, more trusted Internet, Charney said.