In his keynote address about “Microsoft’s collective defense vision – a vision for getting security right on the internet”, Charney said that existing technology and organizational policies could be used to implement an aligned device health model that promotes trusted online experiences. “The goal of this model is to raise the basic level of hygiene and build an infrastructure to respond quickly when incidents occur”.
So, how can we adopt a public health model on the internet? “We need to mirror the steps that the health model takes. We educate people about the diseases (threats), we try and detect malware and botnets, we put anti-malware in place, we quarantine the infected, we use post-infection treatment and we track and control spread of malware and botnets”, he explained.
This model adopts a proactive not reactive model. “We will continue to look for the bad stuff, but also focus on finding and implementing goodness and promoting wellness in the health of machines”.
Charney announced that the recent trends in the industry — the increased use of mobile devices and cloud computing, the persistence of botnet threats, increased public awareness of online crimes, and growing public pressure for improved government cyber security policies – make it the right time for “industry and governments to adopt a solution that offers broad societal protections”.
Microsoft’s Charney suggested that far beyond needing a cybersecurity strategy, “we actually need four. The areas needing consideration are cybercrime, economic espionage, military espionage and cyberwarfare – which is the most complicated of all“, he said.
Charney demonstrated how existing technology might be applied to an online service to encourage “device health”. Notifying individuals of security problems or configuration issues in advance, he said, “provides a first step in transforming current computer security posture from reactive to preventative”.
“The world is changing and we need to work out how to adapt.” The next steps, Charney concluded, are “to continue focusing on trusted stacks, deploy robust identity systems and enhance collective defenses by applying the human health model to the internet”.