“A moment of reckoning: the need for a strong and global cybersecurity response”
Microsoft on the Issues, December 17, 2020
By Brad Smith, President, Microsoft
The final weeks of a challenging year have proven even more difficult with the recent exposure of the world’s latest serious nation-state cyberattack. This latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms. It illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous. As much as anything, this attack provides a moment of reckoning. It requires that we look with clear eyes at the growing threats we face and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cybersecurity response.
The evolving threats
The past 12 months have produced a watershed year with evolving cybersecurity threats on three eye-opening fronts.
The first is the continuing rise in the determination and sophistication of nation-state attacks.
All this is changing because of a second evolving threat, namely the growing privatization of cybersecurity attacks through a new generation of private companies, akin to 21st-century mercenaries.
There is a third and final sobering development worth noting from what has obviously been a challenging year. This comes from the intersection between cyberattacks and COVID-19 itself.
A more effective strategy as we enter a new year
Put simply, we need a more effective national and global strategy to protect against cyberattacks. It will need multiple parts, but perhaps most important, it must start with the recognition that governments and the tech sector will need to act together.
To be successful, this coalition will need to do three things more effectively in the future:
First, we need to take a major step forward in the sharing and analysis of threat intelligence.
Second, we need to strengthen international rules to put reckless nation-state behavior out of bounds and ensure that domestic laws thwart the rise of the cyberattack ecosystem.
Finally, we need stronger steps to hold nation-states accountable for cyberattacks.
The coming months will present a critical test, not only for the United States but for other leading democracies and technology companies. The weeks ahead will provide mounting and we believe indisputable evidence about the source of these recent attacks. It will become even clearer that they reflect not just the latest technology applied to traditional espionage, but a reckless and broad endangerment of the digital supply chain and our most important economic, civic and political institutions. It is the type of international assault that requires the type of collective response that shows that serious violations have consequences.
If there is a common lesson from the past few years, it’s the importance of combining ongoing learning with new innovations, greater collaboration, and constant courage. For four centuries, the people of the world have relied on governments to protect them from foreign threats. But digital technology has created a world where governments cannot take effective action alone. The defense of democracy requires that governments and technology companies work together in new and important ways – to share information, strengthen defenses and respond to attacks. As we put 2020 behind us, the new year provides a new opportunity to move forward on all these fronts.
About the Author:
Brad Smith is President of Microsoft.