Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Today, I would like to call your attention to a new paper from Microsoft Corporate Vice President for Trustworthy Computing Scott Charney called “Rethinking the Cyber Threat – A Framework and Path Forward.”
In my own opinion, this is a very important paper for industry and government, because the deconstruction helps define a common language and set of terms to enable discussions – and – can help us plan and make progress on the categories independently from one another. For example, internationally, countries may be able to move forward rather quickly (in agreement) on the area of cyber crime, while more extended conversations take place to define norms on areas like cyber espionage.
There are three areas from the paper that I think represent key progress in terms of enabling us to separate issues that are too often conflated:
Note that all four categories depend strongly on developing better attribution so that it is even possible to identify the appropriate category so the right parties can be involved. Another area emphasized in the paper is the need to figure out where action can be taken even when attribution is not 100%. For example, if you detect someone attempting to change grades at the local high school, you may be able to categorize this to a high degree of probability without knowing the attacker’s identity.
Download and read: Rethinking the Cyber Threat – A Framework and Path Forward.
Scott’s blog post on the “On the Issues” blog: The Cyber Threat - Deconstructing the Problem to Promote Comprehensive Dialogue and Action
I’d love to hear your thoughts on this paper and discuss with you, either here on the blog or on twitter @securityjones.
Best regards ~ Jeff