ewi-2011Last year, as part of my work here at Microsoft in Trustworthy Computing,  I attended a new conference - the first EastWest Institute Cybersecurity Summit.  For those of you that – like me - have been in security for a while, this was a different type of conference than something the RSA Conference or Black Hat, and it has become one of the events I’ve looked most forward to this year.  With that in mind, I thought it might be interesting to share a bit more background.

The second worldwide summit is being held this year in London (at the Queen Elizabeth II Conference Center) and I believe they plan to move the location each year – part of emphasizing that this is an event with international participation. 

[ As a side note, I lived in England for 3 years in the late nineties and am very much looking forward to renewing my infrequent relationship with Crispy Aromatic Duck and Les Misérables, so I’m staying a few days extra if you want to join me.]

Why EastWest Institute?

The EastWest Institute (EWI) is a global think-tank (think-and-do tank, in their words) that was founded in 1980 with the intent of bridging the divide of the Iron Curtain during the Cold War years.  EWI has earned a reputation as a trusted convener with a proven record of establishing and maintaining communication across divides even when official channels fail to do so.  For example, EWI hosted the first military discussions between NATO and Warsaw Pact countries in 1984.  If you visit their web site, you’ll find testimonials from people like Former Czhechslovakian President Vaclav Havel, Former US President George H. W. Bush, Secretary General of the UN Ban Ki-Moon, Former President Martti Ahtisaari of Finland and many others.

A few years ago, EWI turned their attention to Cybersecurity.  In the words (from EWI Worldwide Cybersecurity Initiative) of John Edwidn Mroz, the CEO and President of EastWest Institute:

In 2007, the EastWest Institute’s Strategic Dialogue team from the
United States led by General (ret.) James Jones and me, challenged senior
Chinese and Russian leaders in discreet talks to break the deadlock in
international cooperation in meeting cybersecurity challenges. Intense
Track 2 discussions followed at high levels. All three governments confi
rmed the concerns each holds for the intentions and actions of the
others. It also showed a deep-seated common concern over the growing
capacity of non-state actors to wreak havoc upon global economic
stability – as well as begin to pose serious security challenges. Each of
the big three already had changed their estimates of cybersecurity – the
U.S. raising it to the same level as nuclear security

Cybersecurity Summit 2011

Cybersecurity has changed dramatically just in the past year. A short year ago at EWI, Microsoft Scott Charney spoke to industry on the need to Rethink Cyber Threat and offered a framework for progress - separating cyber threat into Cyber Crime, Cyber War, Economic Espionage and Military Espionage. Since then, the world has come face to face with the distinct and separate reality of all of these categories of threat. The past 12 months have seen high profile examples like Stuxnet, has seen networks go offline in Egypt, attacks against the ATM network in South Korea and sophisticated cyber attacks against companies like Sony, RSA and Commodo.

With this new threat landscape the, government and industry are being challenged with developing a stronger security ecosystem to combat against these threats. Microsoft is among many who are investing in international collaborative efforts that will bring us closer to protecting our Governments, customers and consumers from the ever changing threat landscape. 

Speakers and Participants

Take a look at the summit program for some of the issues being discussed and a sense of the international participation.  Here are a small selection of the many distinguished speakers and participants at this years’ summit:

Cybersecurity Breakthrough Groups

The only problem I can find with the breakthrough groups is that several of the ones I want to participate in are running in parallel and I’ll have to choose to focus on only one or two.  This is not a comprehensive list, but again, some of the ones I find most interesting.

  • New Non-State Actor Power in Cyberspace
  • Collective Action to Improve Global Internet Health [Co-Chair: Scott Charney – this is one I’m participating in.]
  • Measuring the Cybersecurity Problem [for you metrics enthusiasts]
  • Cyber Babel – Building a Cybersecurity Glossary and Taxonomy
  • Protecting Youth – Building a Global Culture of Digital Citizenship
  • Countering Cyber Crime through International Law
  • Assessing the Entanglement of Protected Entities in Cyberspace
  • Cyber Crime – Operational Case Studies from National Jurisdictions
  • Rules of Engagement – Treaty Options or just Confidence Building
  • Developing Supply Chain Integrity Principles [Also one I may participate in, but if not, Microsoft will.]
  • Fighting SPAM – Best Practices Implementation

As I read through the breakthrough groups, it reminds me how much job security we all have in the security industry and that - no matter how much we progress - there is always more areas that need attention.


[One of the great things about this conference is that I'm pretty sure I won't be seeing many product pitches Winking smile ]

One final thing – if you are going to be in London around June 1-2 or just live there, drop me a line.  I’ll be busy for a couple of days, but there is always time to touch base and say hi.

Best regards, Jeff