#RSAC: New Decisions Needed Over Nation State Attacks, says Microsoft President

#RSAC: New Decisions Needed Over Nation State Attacks, says Microsoft President

Speaking at RSA Conference 2017 this morning Brad Smith, president and chief legal officer at Microsoft, said that we now live in a world of constant and turbulent change. When we think about cybersecurity, we are clearly dealing with a growing problem in need of new decisions.

That problem has been evident in changes in cyber-attacks over the last few years, he argued, and it’s something that has made the cybersecurity effort even more challenging—the entry of more nation state attacks. 

“Think about the decade we are traversing—we’ve seen nation state attacks burst into the news in terms of geopolitical controversies, we’ve seen them become even more pronounced.”

Smith pointed to the Sony Pictures hack as a significant turning point here, as it was a nation state attack not related to espionage or to the military, but an attack on a private company for engaging in freedom of expression, and it got our attention as it directly affected innocent civilians.

“Cyber space is the new battlefield. The world of potential war has migrated from land to air and now cyber space—but cyber space is a new kind of space. Cyberspace is us, it’s owned and operated by the private sector, and that puts us in a different position. When it comes to these attacks in cyber space, we are the world’s first responders.”

This is not the world that the internet’s inventors envisaged, he added, but it’s the world that we inhabit today.

“Above all else, nation state attacks call on us as employees, as an industry, as private citizens, to ask ourselves one fundamental question: what are we going to do."

For Smith, there are three key things that we need to consider to tackle this problem:

1.    Recognize the opportunity each of us has to do make a difference ourselves, and realize we have to do more: “We are far away from declaring victory,” he said. “We are going to need to do more if we are going to address this problem effectively.”

2.    We need to call on the world’s governments to come together to protect civilians in times of peace: “We need a convention that will call on the world’s governments to pledge they will not engage in cyber-attacks on the private sector, that they will not target civilian infrastructure, and work with the private sector to respond to vulnerabilities.”

3.    We need to act more collectively—we need to come together and sign our own pledge in conjunction with the world’s states. “We need to pledge that we will protect customers and we will focus on defense; to be concrete in pledging how we will collaborate together to respond to attacks, to provide patches to customers everywhere and to do our part to address the world’s needs.”

To conclude, Smith quipped: “The world needs to retain its trust in technology, and we need to retain the world’s trust,” by ensuring our industry is focused on protecting everyone, everywhere, and is not involved in attacking or assisting to attack anyone, anywhere, at any time.

Source: Information Security Magazine