Skip to content

Microsoft Secure

How a national cybersecurity agency can help avoid a national cybersecurity quagmire

This last October we saw more countries than ever participate in initiatives to raise cybersecurity awareness. What was once largely a US approach has evolved into events and initiatives around the world by governments, civil society groups, and private sector partners. This increased breadth and depth of activity reflects governments’ increased understanding of the importance...

Read more

IGF proves the value of bottom-up, multi-stakeholder model in cyberspace policy-making

In December, the Internet Governance Forum (IGF) brought the world together to talk about the internet. I tend to take a definite interest in cybersecurity, but there were many more important topics discussed. They ranged from diversity in the technology sector through to philosophy in the digital age. Cybersecurity was, nonetheless, a major theme. My...

Read more

Latin America is stepping up to the plate in cybersecurity policy

A year ago Inter-American Development Bank (IDB) and the Organization of American States (OAS) asked themselves a question about cybersecurity: “Are We Ready in Latin America and the Caribbean?”. The conclusion of their 200 page report was essentially “No”, raising an alarm about Latin America’s critical situation in the cybersecurity arena. The report showed that...

Read more

What are Confidence building measures (CBMs) and how can they improve cybersecurity?

Cyberspace security is too often viewed through a prism of technological terms and concepts. In my experience, even supposedly non-technical discussions of cyberspace quickly devolve into heated debates about “vulnerability coordination”, “the latest malware”, “the best analytical tools”, “threat information sharing”, and so on. While these are interesting and important topics, it is ultimately people...

Read more

Cross-border cooperation: The road to a more stable and secure Internet

Australia and China have recently agreed to strengthen their bilateral cooperation in cybersecurity. Cooperation between states on cybersecurity is essential in order to combat cross-border cybercrime and to reduce the risks of inter-state cyberwar. Bilateral cybersecurity agreements between states can help build that cooperation. The real goal, however, should be to achieve multi-lateral consensus and...

Read more

NIST Cybersecurity Framework: Building on a foundation everyone should learn from

On May 16-17, Microsoft participated in a workshop organized by the National Institute of Standards and Technology (NIST) on its recently released Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework”) Draft Version 1.1. It was a useful discussion, not least because it showed NIST’s continuing commitment to engage in genuine multi-stakeholder dialogue in the development...

Read more

More than just an ocean separates American and European approaches to cybersecurity

The recent revision of the National Standards and Technology Institute’s (NIST) Cybersecurity Framework and the publication of European Network and Security Agency’s (ENISA) proposals on implementation of the Network and Information Security (NIS) Directive have made me pause and ponder the progress made (or indeed not) in securing our critical infrastructures since they were both...

Read more

Singapore: Realizing that for the future to be smart, it needs to be secure

In 2005, just over a decade ago, the majority of large internet user populations, certainly as a percentage of their total national population, were still to be found in North America and Europe. In 2025, less than a decade from now, many of the largest internet user populations will be in Asia. Asia will be...

Read more

Mind the air gap: Network separation’s cost, productivity, and security drawbacks

In some of my recent discussions with policy-makers, network separation, e.g. the physical isolation of sensitive networks from the Internet, has been floated as an essential cybersecurity tool. Why? It promises the holy grail of security, i.e. 100% protection, because cyberattacks can’t cross the “air gap” to reach their target. In my experience, however, network...

Read more

Supply chain security demands closer attention

Often in dangerous situations we initially look outwards and upwards for the greatest threats. Sometimes we should instead be looking inwards and downwards. Supply chain security in information and communication technology (ICT) is exactly one of those situations where detailed introspection could be of benefit to all concerned. The smallest security breach can have disastrous...

Read more