In the wake of President Obama’s recent moves to push issues of cyber-security far more broadly and visibly across the U.S. federal sector, Microsoft, arguably the most influential technology company in the nation, and even around the globe, is upping its own profile in the aerospace and defense market, which is sure to see a decent amount of the money and attention that the commander in chief’s actions will generate.
But lest one think that this is some ultra-nationalist response to the challenge of improving cyber-security in the government arena, Microsoft announced this week that it is joining the Transglobal Secure Collaboration Program (TSCP), which, as its’ name reflects, actually represents the interests of aerospace and defense contractors, and government agencies, worldwide.
Among some of the more high-profile participants in the organization, which will officially be joined by Microsoft’s U.S. Federal business unit, which provides “mission-critical” software to federal agencies, are the U.S. Department of Defense (DoD), U.S. General Services Administration (GSA), U.K. Ministry of Defence (MoD), Netherlands MoD, BAE Systems, Boeing, EADS/AIRBUS, Lockheed Martin, Northrop Grumman, Raytheon, Rolls-Royce and Finmeccanica.
Through its participation, Microsoft said that it will aid these partners, some of whom, it noted, are also often competitors, in speeding adoption of industry standards for secure information sharing, identity management and document management with federated identity capabilities.
Essentially the notion is that since so many of these companies and agencies are connecting their information systems to partner on projects and share designs, they need a far more advanced method of ensuring that their communications are ultra-secure, for obvious reasons. Several other efforts along these lines have been launched before, but TSCP, initiated in 2002, is by far the most formal partnership to address the issue so far.
The need for such an effort was painfully highlighted in April when the Wall Street Journal issued a report claiming that plans for the next-generation Joint Strike Fighter had been accessed by hackers in both Russia and China. The story was based on information garnered from unnamed government officials and arrived only days after the paper had broken the news that the U.S. electrical grid had also been infiltrated by hackers, possibly from China.
Microsoft said that initial its role in TSCP will be to will be to help forward the group’s reference implementation of its secure collaboration specification, which aims to help aerospace and defense contractors develop more secure commercial-off-the-shelf (COTS) solutions.
TSCP leaders maintain that by getting all the involved parties at the same table to establish security standards for issues such as e-mail encryption, the governments and contractors will save vast amounts of time and money that may have otherwise been spent working on proprietary systems.
Obviously Microsoft will also seek to cash in on demand for those solutions itself, but that’s really the whole idea. Company officials said that the Redmond, Wash. firm “hopes to benefit from participation with the TSCP enterprise architect working group to understand the group’s goals and objectives to evaluate future product direction with those goals in mind.”
Having Microsoft contribute to the program is obviously a significant boost to its goals, and the company has already been heading in the right direction with the security of its own products, despite the litany of vulnerabilities reported in many of them each month, as in this week’s Patch Tuesday bulletin.
“Microsoft is ahead of the curve in ensuring its products will meet the needs of defense agencies and partners,” Keith Ward, TSCP chairman, said in a statement. “With Microsoft on board, we’re one step closer to widespread adoption of industry standards that reduce the risk associated with large-scale, collaborative programs that span national jurisdictions.”
TSCP has delivered already published several specifications and guidance documents on securing aerospace and defense supply chain data, such as to foster secure inter-organization e-mail.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.