Skip to content

Microsoft Secure

Almost exactly one year ago, I attended the EastWest Institute’s Worldwide Cybersecurity Summit in London and in a working group of industry leaders, distinguished scientists and key government officials we met to discuss collective ways  to improve global internet health.

The group started by looking at the opportunities and limitations the public health model offered as a potential solution or inspiration to a solution for this problem. We then spent the remainder of the afternoon breaking this complicated problem into its component parts and examining how well current efforts were working. It soon became clear that with such a large set of issues on the table, the group would need to continue collaborating after the event to fully understand the breadth of the issues and to formulate a plan of action. We concluded the meeting with a commitment to keep the group together to generate breakthrough ideas that may contribute to technology and policy decision makers around the world. Since that time, the group has met regularly to develop a framework, inspired by the public health model, for collectively addressing cybersecurity issues.

Today, we are pleased to announce that the group has released its first report entitled The Internet Health Model for Cybersecurity. In the report, we look at how the public health model may apply to cybersecurity and offer seven principles to guide any efforts to do so. We realize that the public health analogy is not perfect but conclude that it does offer a useful framework for organizing ideas and actions. Already we can see how the public health functions including epidemiology and immunization map neatly to the challenges in cybersecurity.
We also proposed these five areas of future research that we expect to advance the Internet health model:

1. Examine and address consumer expectations about security, privacy, and user control to enhance consumer participation in Internet security.

2. Determine how to embed targeted education and awareness opportunities into scam-resistant communications between service providers and consumers.

3. Further explore the necessary roles and responsibilities between ecosystem entities to determine which are best suited to provide specific Internet health functions.

4. Establish effective metrics, measurement, and information sharing schemes.

5. Explore the attributes of good health on the Internet, how that is measured, and who sets these standards.

We recognize that in some of these areas, there is amazing work already happening while in others we are just getting started. Our goal with this paper is to accelerate the adoption of the good work already underway and to prompt new investments where needed. Finally, I want to acknowledge all of the contributors to this report. Each of you had a part in shaping the ideas represented in this paper that will help define how we collaborate on Internet health in the future. 

Kevin Sullivan
Senior Security Strategist
Trustworthy Computing