Microsoft joins the Trump administration's cybersecurity program
Back in the spring of 2016, the Obama administration appointed several respected civilians to the then new Commission on Enhancing National Cybersecurity. The panel, which was established as part of Obama's $19 billion proposal to sure up American defenses against cyberthreats, was looking for the top industry experts outside of the intelligence community for their cybersecurity recommendations and solutions to problems affecting both the public and private sectors.
Among the individuals assigned to that commission were General Keith Alexander, USA (Ret) of cybersecurity firm IronNet, Professor and Chair of the School of Interactive Computing at the Georgia Institute of Technology Annie I. Antón, President and CEO of Mastercard Ajay Banga and Microsoft’s Peter Lee.
Ultimately, the commission’s final report made sixteen major recommendations grouped under six specific areas:
- Protecting the information and digital infrastructure.
- Investing in the secure growth of information and digital infrastructure
- Consumer information access
- Building the cybersecurity workforce
- Building a secure governmental cybersecurity framework
- Keeping interconnectivity open, fair, competitive, and secure
Also recommended were the creation of a new civilian component agency, forming a national public-private initiative to improve digital identity management, launching a new cybersecurity awareness and engagement campaigns to help consumers better protect themselves and starting a new workforce program to train up to 100,000 new cybersecurity personnel.
Other suggested remedies included focusing on areas such as critical infrastructure, IoT, cybersecurity innovations, public awareness and education, state and local issues and the role and vulnerabilities of small and medium-sized businesses.
But what was the ultimate effect of this commission? In the time since it reported its findings, we have seen a phishing campaign led by Russian-affiliated hackers targeting conservative politicians and think tanks. In addition, ahead of the recent midterm elections, we also saw the continuation of disinformation campaigns carried out by foreign agents on social media platforms with the intention of swaying public opinion and of course, the WannaCry attack that resonated globally.
To its credit, the Republican-led Congress has moved aggressively on the issue, designating a new agency within the Department of Homeland Security (DHS) as the government’s primary oversight arm.
The new entity, the Cybersecurity and Infrastructure Security Agency (CISA) was approved by congress on October 3, 2018. This department will be responsible for elevating and executing the National Protection and Programs Directorate (NPPD) under director Chris Krebs, who is the former NPPD undersecretary.
Part of CISA’s role will be the protection of other federal agencies and America’s most critical infrastructure from cyberthreats. The agency will also assist the private sector in matters related to cybersecurity.
And that’s where cooperation between Microsoft and the Trump administration’s come into play.
The hope for increased unity between government and the private sector has increased as Microsoft recently made their intention to work with Congress to establish cybersecurity measures for civilians clearly known.
At the 2018 Web Summit in Lisbon, Portugal last week, Microsoft President Brad Smith told CNBC "Most technology issues so far have not been partisan issues."
"There are important things we need to address, we need to skill the population to be prepared for a new generation of work, we need to bring broadband to every corner of not just the United States, but every country."
The involvement of the company responsible for the active operating system on 87.3% of all PCs globally is key for the protection, education and vigilance of online users, both in the private and public sectors. With such a reach, the looming proliferation of some of the most popular and destructive malware, such as TeslaCrypt ransomware and similar threats that specifically target computers running Windows may reach a pinnacle. As a result, properly educating users is paramount and must be a priority for the current administration to tackle now rather than later.
Microsoft has also highlighted their support of the idea that privacy should be considered a human right. While praising Europe's new General Data Protection Regulation (GDPR) that creates new, stricter privacy standards for any company conducting business in the EU, Microsoft CEO Satya Nadella told the Microsoft Future Decoded conference in London, "We need to use our collective prowess and power to protect these most vulnerable of populations, and it requires not just our industry but also nation states to be part of that."
A safer online future is dependent on cooperation and data sharing between technology leaders and nation-states. Hopefully, the U.S., along with companies like Microsoft, can set a safer standard in the ever-changing digital landscape.