Download our in-depth report: The Ultimate Guide to IT Security Vendors
Scott Charney is on a mission.
The corporate vice president of Microsoft's (NASDAQ: MSFT) Trustworthy Computing group is aiming to map out a plan for how businesses, governments, and individuals need to look at and deal with international cybercrime.
Charney voiced his views and his concerns with cybersecurity's present shortcomings this week in a blog post, in a white paper, and in a presentation at the EastWest Institute's Worldwide Cybersecurity Summit in Dallas.
"Although many organizations have invested significantly in information assurance, it appears to many people that neither governments nor industry are well-positioned to respond to this highly complicated threat," Charney said in his post on the Microsoft On the Issues blog Monday. "As global connectivity has grown, so has the cyber threat."
Not the usual suspectshttps://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
His presentation came just days after Microsoft released its latest Security Intelligence Report, which found that the numbers of PCs worldwide that are infected with malware continues to climb.
Charney has divided the types of cyber attacks into four categories: cybercrime, military espionage, economic espionage, and cyber warfare. But for victimized users, businesses and governments, even the simple act of figuring out which of these types of criminal is at work -- and how to respond accordingly -- has thus far been a major problem.
One of the chief difficulties is that of "attribution" -- how you identify who or what organization committed a cyber attack. That's one of the first obstacles in a world where attacks can be routed through any number of unknowing middlemen while hackers' bases of operation can be falsified with relative ease. At best, the problem makes tracking down evildoers difficult; at worst, it can lead to accusations levied wrongfully against innocent organizations and foreign governments.
"The starting point for any new strategy must focus on attribution because, even though the open and unauthenticated nature of the Internet makes attribution difficult, having some idea of who the bad actor might be is certainly helpful," Charney's white paper said.
For instance, attribution proved to be one of the initial problems in pursuing whoever carried out the cyber attacks on Google earlier this year, he noted.
"The breadth of criminal activity, the number of actors and motives, and the lack of reliable attribution have all served to make crafting responses to attacks difficult," Charney said in his blog post.
To help solve some of the myriad problems regarding cyber threats, Charney proposes a framework that recognizes clear needs and prioritizes where industry and government need to throw resources.
"There must be innovation related to attribution. This includes both technological innovation (to permit sources to be found technically) and legal/diplomatic innovation (to allow the data to be shared quickly, even across borders)," the white paper said.
International cyber cooperation
His proposed framework for dealing with cyber attacks also requires that nations need to adopt laws regarding the use, and protection, of cyberspace, including talks to establish protocols for international cooperation.
"To address economic espionage and other areas of philosophical disagreement, there must be international discussions leading to the establishment of norms that are then enforced through national policies and international organizations," Charney's white paper said.
That won't be easy -- but it's necessary, he added.
"Creating these norms will be as difficult as it sounds, but it is still both necessary and, ultimately, unavoidable," Charney wrote. "Absent such an agreement, unilateral and potentially unprincipled actions will lead to consequences that will be unacceptable and regrettable."