Critical Connections – Protecting the Infrastructures that Unite Us
By Paul Nicholas, Microsoft’s Critical Infrastructure Protection
Paul Nicholas with Microsoft’s Critical Infrastructure Protection team here…
At noon today I will be participating in a dialogue on the initial findings and lessons learned from Cyber Storm II. (If you happen to be reading this from the conference, come and join us for this RSA Town Hall Meeting lead by Homeland Security Assistant Secretary Greg Garcia!) When preparing for the discussion, I started to think about the dramatic advances in technology we’ve seen over the last 30 years.
The development of the microprocessor, the rise of the personal computer, the emergence of the Internet all have revolutionized the way information is created, stored, shared and used. Today, as technology continues to advance and improve, new breakthroughs are transforming the world once again. This remarkable transformation is founded upon an increasing number of ever more powerful and diverse devices, the growing ubiquity of broadband networks and increasing services delivered from immense data centers. This resulting connectivity — the linking together of individuals, businesses and nations through software and services — is a key driver of the modern global economy.
In particular, connectivity enables the reliable functioning of today’s critical infrastructures, those vital services and essential functions - from energy and communications to banking and transportation, that underpin everyday life. Because computing is integrated into critical infrastructures and commerce, the threats to them have become increasingly sophisticated and driven by malicious intent. Where publicity once motivated many digital attacks, criminal financial gain is behind most attacks today. So, in addition to viruses and worms that shut down systems, we must contend with spyware that steals personal information, targeted attacks that infiltrate data, worms and viruses that hijack computers and install “backdoor trojans” or “bots,” and automated social engineering threats where attackers try to trick people into divulging personal data or install software unknowingly.
Because of the complexity and global interconnectedness of these critical infrastructures, their protection is an important national and international policy concern. Securing and maintaining critical infrastructure requires close collaboration between infrastructure owners and operators, technology vendors, and governments. Achieving this protection is a continuous process and one that draws upon the shared expertise of all of these stakeholders.
At Microsoft, providing secure, private and reliable computing experiences across the information technology ecosystem is central to our vision for software and services. Our commitment to Trustworthy Computing extends beyond the desktop to that broad cyber ecosystem on which we all depend. As a result, we are organizing our critical infrastructure protection program to drive strategic change - both within Microsoft and externally - that advances critical infrastructure security and resiliency and builds trust with governments and critical infrastructure providers.
Microsoft is committed to partnering with governments and institutions from around the world to reduce the risks to critical infrastructures and advance the security and integrity of the software and services that support them.
However, real change and real security will only come through collaboration and partnership. Governments, infrastructure owners and operators, and technology vendors must work together to understand and mitigate emergent risks to critical infrastructures.
Paul Nicholas, Microsoft’s Critical Infrastructure Protection
