Skip to content

Microsoft Secure

Filling the gaps in international law is essential to making cyberspace a safer place

A month ago, on the sidelines of the Munich Security Conference, Microsoft organized an expert workshop to discuss gaps in international law as it applies to cyberspace. We were fortunate enough to bring together twenty leading stakeholders, including international legal experts, United Nations Group of Governmental Experts on Developments in the Field of Information and...

Read more

The role that regions can and should play in critical infrastructure protection

Today’s report, Critical Infrastructure Protection in Latin America and the Caribbean 2018, developed in partnership between Microsoft and the Organization of American States (OAS), demonstrates the value of regional cooperation in global efforts to increase the security of the online environment where it matters most. It acknowledges that rather than focusing on “all politics is...

Read more

EMS_industry scenario 2

How a national cybersecurity agency can help avoid a national cybersecurity quagmire

This last October we saw more countries than ever participate in initiatives to raise cybersecurity awareness. What was once largely a US approach has evolved into events and initiatives around the world by governments, civil society groups, and private sector partners. This increased breadth and depth of activity reflects governments’ increased understanding of the importance...

Read more

IGF proves the value of bottom-up, multi-stakeholder model in cyberspace policy-making

In December, the Internet Governance Forum (IGF) brought the world together to talk about the internet. I tend to take a definite interest in cybersecurity, but there were many more important topics discussed. They ranged from diversity in the technology sector through to philosophy in the digital age. Cybersecurity was, nonetheless, a major theme. My...

Read more

Latin America is stepping up to the plate in cybersecurity policy

A year ago Inter-American Development Bank (IDB) and the Organization of American States (OAS) asked themselves a question about cybersecurity: “Are We Ready in Latin America and the Caribbean?”. The conclusion of their 200 page report was essentially “No”, raising an alarm about Latin America’s critical situation in the cybersecurity arena. The report showed that...

Read more

What are Confidence building measures (CBMs) and how can they improve cybersecurity?

Cyberspace security is too often viewed through a prism of technological terms and concepts. In my experience, even supposedly non-technical discussions of cyberspace quickly devolve into heated debates about “vulnerability coordination”, “the latest malware”, “the best analytical tools”, “threat information sharing”, and so on. While these are interesting and important topics, it is ultimately people...

Read more

Cross-border cooperation: The road to a more stable and secure Internet

Australia and China have recently agreed to strengthen their bilateral cooperation in cybersecurity. Cooperation between states on cybersecurity is essential in order to combat cross-border cybercrime and to reduce the risks of inter-state cyberwar. Bilateral cybersecurity agreements between states can help build that cooperation. The real goal, however, should be to achieve multi-lateral consensus and...

Read more

NIST Cybersecurity Framework: Building on a foundation everyone should learn from

On May 16-17, Microsoft participated in a workshop organized by the National Institute of Standards and Technology (NIST) on its recently released Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework”) Draft Version 1.1. It was a useful discussion, not least because it showed NIST’s continuing commitment to engage in genuine multi-stakeholder dialogue in the development...

Read more

More than just an ocean separates American and European approaches to cybersecurity

The recent revision of the National Standards and Technology Institute’s (NIST) Cybersecurity Framework and the publication of European Network and Security Agency’s (ENISA) proposals on implementation of the Network and Information Security (NIS) Directive have made me pause and ponder the progress made (or indeed not) in securing our critical infrastructures since they were both...

Read more