Microsoft Proposes Cybersecurity ‘Rules’ To Guide Nation-States

microsoft

With the emergence of cyber as the new battlefield of choice for global conflicts, Microsoft has proposed what it calls “cybersecurity norms for nation-states and the global information and communications technology (ICT) industry.”

The tech company published a white paper addressing this very topic, titled, From Articulation to Implementation: Enabling Progress on Cybersecurity Norms.

According to Microsoft, the white paper is reflection of their ongoing efforts to advance trust in the global ICT ecosystem through development of “rules of the road” for nation-states engaged in cyber operations, as well as industry actors impacted by these activities.

Microsoft says it wants to contribute to the development of frameworks and practices that protect people and companies from the effects of state-sponsored cyber operations.

In the paper, Microsoft proposed what they called a “three-part organizing framework for the current cybersecurity norms dialogue: offensive norms, defensive norms and industry norms.”

The company described offensive norms as the province of nation-states, “as these norms concern self-restraint in the conduct of cyber operations.”

Defensive norms are relevant to both governmental and non-governmental actors because these norms address defensive measures against nation-state activities in cyberspace, said Microsoft.

Industry norms are also important to both governments and the private sector, but are focused on addressing industry’s role in mitigating the risks facing technology users from nation-state activity in cyberspace, the company said.

The paper outlines the current challenges surrounding attribution of cyber attacks, and Microsoft proposed a public-private forum to address attribution of severe cyber attacks that would involve a globally-diverse group of technical experts, subject to peer review.