Vulnerabilities / Threats

11/8/2018
05:00 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft President: Governments Must Cooperate on Cybersecurity

Microsoft's Brad Smith calls on nations and businesses to work toward "digital peace" and acknowledge the effects of cybercrime.

It's an exciting time to be in technology, according to Microsoft president Brad Smith. It's also a dangerous time.

Smith took the stage at this year's Web Summit, a tech conference held in Lisbon, Portugal, to emphasize the need for global cooperation on cybersecurity as technology continues to evolve. The benefits that technology has created are as dangerous as they are awe-inspiring, he said.

"It's an exciting time to be at a place like this," he said. "But that's not the only thing that's happening. We also live in a time when new threats are emerging … new threats that involve technology itself" and culminate in attacks on electrical grids and elections alike.

Addressing an audience of tech professionals, Smith explained: "The tools that we've created — the tools, oftentimes, that you've created — have been turned by others into weapons." It's something Microsoft sees in 6.5 trillion signals and data points it receives daily, he added.

Smith said often when he speaks to people in government about these attacks, they sometimes say "we don't really need to worry" because cyberattacks involve machines targeting machines, not machines targeting people. He disagrees.

"That is a problem. Because people are being victimized by these attacks," he explained. He called 2017 "a wake-up call" in terms of the way people in nation-states and governments are using technological tools as weapons. WannaCry and NotPetya were the prime examples.

We can't expect people to recognize the problems of cybercrime if we don't recognize how people are suffering. Hospitals were paralyzed when WannaCry hit the UK. At England's National Health Service, 19,000 appointments were canceled. Surgeries didn't happen. Shortly after WannaCry hit 300,000 machines in 150 countries, he added, NotPetya struck.

"What NotPetya represents is not just the evolution of the attack in terms of methodologies involved, but also the evolution of intent," said Smith. Last year, almost 1 billion people were victims of a cyberattack. "These issues and these threats are going to continue to grow … because everything is connected," he warned. It's time to have a conversation around security.

"In a world where everything is connected, everything can be disrupted," he continued.

Governments around the world must play a role in protecting civilians and civilian infrastructure, he said, and protect people while they're using devices on which their lives exist. However, governments can't do this alone, and so he also called on businesses to step up.

"Businesses need to do better as well, and there is no part of the business community, across Europe or in the US or around the world, that has a higher responsibility than one part of the business community — and that is the tech sector," Smith noted. IT has the greatest responsibility to be "first responders" in keeping people safe when there are cyberattacks.

The same week he gave this talk at Web Summit, Smith explained in an interview with CNBC how Microsoft wants to connect with Congress and work together to create cybersecurity guidelines for civilians. Key issues range from threats on democracy to artificial intelligence in the workplace.

We have reached a point at which people are enthusiastic about the evolution of technology; however, their eagerness is matched with growing worry about what this technology can do.

"The big shift has been [that] the era where everyone was just excited about technology has become an era where people are excited and concerned at the same time — and that's not unreasonable," he explained in a conversation with CNBC.

Smith says Microsoft wants to work with President Trump, as it worked with President Obama, to address the risk of technology. The concern isn't only for America, but for all countries.

Related Content:

 

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cheeseman
50%
50%
Cheeseman,
User Rank: Apprentice
11/12/2018 | 9:43:10 AM
Strange
Somewhat disappointing as it appears Microsoft is asking for a government subsidy in effect to make up for deficiencies in their software. Anyone who has worked with government knows they are always slow to respond and build new solutions. The governments only role, and I cringe to say it, is to legislate what companies must do to protect their customers. The proof is out there that companies have been failing at this for some time. This is why much of the legislation comes about. There is little or no legislation related to the makers of operating systems and software. Why not vet code better especially when libraries are used by thousands of applications? The volume of Microsoft patches in the past two years is alarming, we should be better at testing and vetting code for problems. My 2 cents worth.
tcritchley07
50%
50%
tcritchley07,
User Rank: Moderator
11/9/2018 | 1:39:18 PM
Brad Smith on Cybersecurity
I hope Brad reads this response. I've writtne to him twice with researched ideas on tackling this issue to no avail. It reminds me of Mark Twain's 'Everybody is talking about the weather, nobody is doing anyhting about it'.

tcritchley07 at gmail dot com
taylor03
50%
50%
taylor03,
User Rank: Apprentice
11/9/2018 | 8:41:50 AM
Taylor
I think this is a good step to overcome cybercrimes.
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6345
PUBLISHED: 2019-01-15
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all s...
CVE-2018-7603
PUBLISHED: 2019-01-15
In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered t...
CVE-2019-3554
PUBLISHED: 2019-01-15
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00
CVE-2019-3557
PUBLISHED: 2019-01-15
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were...
CVE-2019-0030
PUBLISHED: 2019-01-15
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.