I just came across this white paper on cyber security and the threats that are out there which was written by Scott Charney the Corporate Vice President for the Trustworthy Computing Group at Microsoft.
It is not a lengthy drawn out paper and is only 13 pages long. It does a great job of spelling out the threat and the action steps needed to combat it as we move forward.
For more than two decades, people have struggled to understand the cyber threat, evaluate the risks to individuals and organizations (including nation-states), and craft appropriate responses. Although many organizations have invested significantly in information assurance, most computer security experts believe that a well-resourced and persistent adversary will more often than not be successful in attacking systems, especially if raising defenses is the only response to an attack. For this reason, increasing attention is being paid to deterring such attacks in the first instance, especially by governments that have the power to investigate criminal activity and use a wide range of tools to respond to other public safety and national security concerns. Notwithstanding this emerging discussion, it appears to many people that neither governments nor industry are well-positioned to respond to this highly complex threat and that, from a policy and tactical perspective, there is considerable paralysis. The purpose of this document is to better explain the cyber threat, identify the reasons why cyber attacks often confound those responsible for crafting responses, and suggest a new framework for creating more effective cyber attack responses.
What do you think of the ideas raised by Scott?