[ISN] Microsoft seeks security cooperation

InfoSec News isn at c4i.org
Thu Feb 3 01:11:20 EST 2005


By Brian Robinson 
Feb. 2, 2005

Microsoft officials have launched a program to create a community of
governments at all levels worldwide to share information and conduct
joint projects on network and information technology security. The
program's goal is to more effectively handle viruses, worms and other

Initial members of the Security Cooperation Program (SCP), announced
by Bill Gates at Microsoft's Government Leaders' Forum in Prague,
Czechoslovakia, are the governments of Canada, Chile, Norway and the
United States, along with various state and local entities.

The first challenge will be to obtain the trust relationships
necessary for sharing information across national and governmental
boundaries, said Stuart McKee, Microsoft's national technology
officer, in an interview with Federal Computer Week.

"The ability to share critical information is pretty low right now,"  
he said. "Trusted relations [with another entity] is critical to both
running and improving the security infrastructure."

SCP members will have immediate access to Microsoft's incident
response center, McKee said. During an incident, they will have
real-time contact with Microsoft engineers and incident response

Following an event, a feedback loop will be established to evaluate
what happened, how effective the response was and what can be done to
make it better the next time, McKee said.

SCP participants will use all means of communication, including
phones, e-mail, fax, text-messaging and collaboration tools such as
Microsoft's SharePoint so they can do such things as post documents
securely, he said.

Delaware is one of the early state participants. The program could be
a major boost to the state officials' attempts to handle their
security problems, said Tom Jarrett, Delaware's chief information

Delaware is a heavy user of Microsoft products, he said. The state has
its own security experts, but they don't have the specific expertise
that Microsoft officials can offer.

"We want to move out of a reactive environment" to security incidents,
Jarrett said. ""So anything that helps us to affect things on a more
proactive basis is very good for us."

Based on discussions he's had with Microsoft officials about SCP,
Jarrett said Delaware should quickly reap some benefits, particularly
concerning core security issues, through access to Microsoft's
security experts.

"Traditionally we haven't had that level of access," he said.

At least at the beginning, SCP outreach will be a major activity,
McKee said.

"The most important thing we can do is increase awareness about the
need to focus on security as a critical business and government
issue," he said. "Also to stress the fact that people also need to
focus on it when they are not in the middle of an incident."

If SCP membership balloons, there could be management problems, McKee
said. But he said Microsoft officials would be ecstatic if such a
large community evolved.

"It will be a great problem to have," he said.

Robinson is a freelance journalist based in Portland, Ore. He can be
reached at hullite at mindspring.com

More information about the ISN mailing list