I have always wanted to say that. I am here at the AusCERT 2010 conference in the beautiful Gold coast, Australia. I am here with my fellow ecostrat colleague Karl Hanmore presenting our talk on “Engagement between National/Government CERTs and the vendor community; benefits and challenges”. This talk is going to highlight some of our experiences engaging and collaborating on multiple levels with governments around the globe. We are also going to talk about some key ideas and frameworks that can make the collaboration process between government and vendors more effective. We are also announcing some pilot programs for governments that we hope will help push the collaboration efforts to the next level with regards to shared information levels.
In dealing with governments around the world, the same questions seem to come out in conversations:
We here at Microsoft understand that most governments are placed in unique positions when it comes to dealing with vulnerabilities within technologies. On one hand, governments have the responsibility to protect their critical infrastructure and government assets from vulnerability attacks. Some of these critical infrastructures are so important to people's lives that any disruption would cause a negative impact that would be felt widely. On the other hand, governments serve as the entity to coordinate defensive actions between both private and public sectors to ensure that their constituents are protected as much as possible from computer based attacks. In order to do both of these roles effectively, they need access to critical information as early as possible to assess, plan and execute actions to protect people.
Looking at past internet based attacks, the trends are pointing to an increase in complex multi-dimensional computer attacks. We believe that governments will see increased demands for swifter responses to vulnerabilities that threaten public assets. The need for information to aid in quicker and thorough risk assessments will be paramount. However, the need to provide this information in a structured, repeatable and secure manner will be the key for success. So we are looking to use some of our well established government focused programs such as the Security Cooperation Program (SCP) to aid in providing two new pilot programs aimed to help governments. Microsoft is moving ahead with the offering of 2 programs aimed at sharing key technical information on Microsoft vulnerabilities and strategies to aid in securing critical infrastructure:
In the long run, Microsoft hopes that through these pilot programs we can gain valuable insight on ways to improve our collaboration efforts to aid in protecting the greater ecosystem at large.
That’s all from “down under”
*Postings are provided "AS IS" with no warranties, and confers no rights.*