In a recent post to his own blog, Scott Charney, Microsoft's Corporate Vice President for Trustworthy Computing, outlined his proposal for addressing botnets and other malware threats with the potential to impact consumer machines.  Mr. Charney first outlined his proposal in a speech he made during the International Security Solutions Europe (ISSE) Conference in Berlin, Germany.  Since then, the blogosphere has exploded with criticism and support of Charney's proposal, which is based largely on the public health model of threat preparedness.  Shortly after his speech, Mr. Charney's proposal was published by Microsoft in a position paper, which is now publicly available. 

***

"This approach involves implementing a global collective defense of Internet health much like what we see in place today in the world of public health."  

***

Mr. Charney continues in his post to say that "commonly available cyber defenses such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they're not enough.  Despite out best efforts, many consumer computers are host to malware or are part of a botnet.  'Bots' . . . can provide criminals with relatively easy means to commit identity theft and also lead to much more devastating consequences if used for an attack on critical government infrastructure or financial systems."

Mr. Charney lists several principles which are "intended to help guide stakeholder's efforts, promote action, address challenges, and influence future initiatives."  Those principles are:

• The risk that botnets present to Internet users and critical infrastructure must be addressed. 
• Collective defense can and should be used to help improve the security of consumer devices and protect against such cyber threats. 
• A public health model can empower consumers and improve Internet security. 
• Voluntary behavior and market forces are the preferred means to drive action but if those means fail, then government should ensure these concepts are advanced. 
• Privacy concerns must be carefully considered in any effort to promote Internet security by focusing on device health.  In that regard, examining health is not the same as examining content; communicating health is not the same as communicating identity; and consumers can be protected in privacy-centric ways that do not adversely impact freedom[s of expression and association.]

 ****

 The full text of Scott Charney's post can be found at the link above, or here.  Mr. Charney's position paper can be found at the link above, or here. 

 It's worth noting that both Mr. Charney and the Pentagon are considering the potential benefits of pursuing a public health model for cybersecurity. 

In a recent post to his own blog, Scott Charney, Microsoft's Corporate Vice President for Trustworthy Computing, outlined his proposal for addressing botnets and other malware threats with the potential to impact consumer machines.  Mr. Charney first outlined his proposal in a speech he made during the International Security Solutions Europe (ISSE) Conference in Berlin, Germany.  Since then, the blogosphere has exploded with criticism and support of Charney's proposal, which is based largely on the public health model of threat preparedness.  Shortly after his speech, Mr. Charney's proposal was published by Microsoft in a position paper, which is now publicly available. 

***

"This approach involves implementing a global collective defense of Internet health much like what we see in place today in the world of public health."  

***

Mr. Charney continues in his post to say that "commonly available cyber defenses such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they're not enough.  Despite out best efforts, many consumer computers are host to malware or are part of a botnet.  'Bots' . . . can provide criminals with relatively easy means to commit identity theft and also lead to much more devastating consequences if used for an attack on critical government infrastructure or financial systems."

Mr. Charney lists several principles which are "intended to help guide stakeholder's efforts, promote action, address challenges, and influence future initiatives."  Those principles are:

• The risk that botnets present to Internet users and critical infrastructure must be addressed. 
• Collective defense can and should be used to help improve the security of consumer devices and protect against such cyber threats. 
• A public health model can empower consumers and improve Internet security. 
• Voluntary behavior and market forces are the preferred means to drive action but if those means fail, then government should ensure these concepts are advanced. 
• Privacy concerns must be carefully considered in any effort to promote Internet security by focusing on device health.  In that regard, examining health is not the same as examining content; communicating health is not the same as communicating identity; and consumers can be protected in privacy-centric ways that do not adversely impact freedom[s of expression and association.]

 ****

 The full text of Scott Charney's post can be found at the link above, or here.  Mr. Charney's position paper can be found at the link above, or here. 

 It's worth noting that both Mr. Charney and the Pentagon are considering the potential benefits of pursuing a public health model for cybersecurity. 

In a recent post to his own blog, Scott Charney, Microsoft's Corporate Vice President for Trustworthy Computing, outlined his proposal for addressing botnets and other malware threats with the potential to impact consumer machines.  Mr. Charney first outlined his proposal in a speech he made during the International Security Solutions Europe (ISSE) Conference in Berlin, Germany.  Since then, the blogosphere has exploded with criticism and support of Charney's proposal, which is based largely on the public health model of threat preparedness.  Shortly after his speech, Mr. Charney's proposal was published by Microsoft in a position paper, which is now publicly available. 

***

"This approach involves implementing a global collective defense of Internet health much like what we see in place today in the world of public health."  

***

Mr. Charney continues in his post to say that "commonly available cyber defenses such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they're not enough.  Despite out best efforts, many consumer computers are host to malware or are part of a botnet.  'Bots' . . . can provide criminals with relatively easy means to commit identity theft and also lead to much more devastating consequences if used for an attack on critical government infrastructure or financial systems."

Mr. Charney lists several principles which are "intended to help guide stakeholder's efforts, promote action, address challenges, and influence future initiatives."  Those principles are:

• The risk that botnets present to Internet users and critical infrastructure must be addressed. 
• Collective defense can and should be used to help improve the security of consumer devices and protect against such cyber threats. 
• A public health model can empower consumers and improve Internet security. 
• Voluntary behavior and market forces are the preferred means to drive action but if those means fail, then government should ensure these concepts are advanced. 
• Privacy concerns must be carefully considered in any effort to promote Internet security by focusing on device health.  In that regard, examining health is not the same as examining content; communicating health is not the same as communicating identity; and consumers can be protected in privacy-centric ways that do not adversely impact freedom[s of expression and association.]

 ****

 The full text of Scott Charney's post can be found at the link above, or here.  Mr. Charney's position paper can be found at the link above, or here. 

 It's worth noting that both Mr. Charney and the Pentagon are considering the potential benefits of pursuing a public health model for cybersecurity.