Microsoft Proposes Cybersecurity Norms, Attribution Process Work
Microsoft proposed three sets of cybersecurity norms Thursday in a white paper aimed at government and industry. The three sets of proposed standards include offensive rules aimed at nation-states, industry-focused tenets and defensive customs aimed at both governments and the…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
private sector. The proposed principles include ones addressing nonproliferation of cyber vulnerabilities, coordination on vulnerability disclosure practices and mitigation of government-initiated cyberattacks. “Norms should advance common objectives where possible, regardless of whether the norms are focused on offense, defense or industry,” said Microsoft Vice President-Trustworthy Computing Scott Charney in a blog post. “While there is a strong complementary structure for nation-state norms and industry norms, they vary in two important instances: nation-states possess the ability to create mass effects through offensive cyber activities; and the global ICT industry has the ability to patch all customers, even during conflicts between and among governments.” Microsoft’s white paper also proposes a public-private forum for addressing the need for attribution of severe cyberattacks, saying further development of attribution processes is needed to make the company’s proposed cybersecurity "rules of the road" effective. “As governments commit increasing resources into offensive cyber capabilities, the global ICT industry must strengthen its resolve, and take active steps to prevent user exploitation through adherence to industry norms,” Charney said. “We must continue to raise the bar in our defensive capabilities to deter nation-states from targeting technology users.”