Microsoft: Use Public Health Strategies to Fight Cyber-attacks

At a Berlin security conference, Microsoft executive Scott Charney suggested a "Collective Defensive" strategy for the Internet modeled after public health policies.

Scott Charney, Microsoft's corporate vice president of trustworthy computing, is advocating that governments enact legislation that would isolate computers from the public Internet if they aren't adequately protected by the latest security technology.

Speaking at the International Security Solutions Europe (ISSE) Conference, in Berlin, Charney said governments should establish computer security policies modeled after public health measures that isolate people who are exposed to infectious diseases. His keynote at the conference was based on his paper "Collective Defense: Applying Public Health Models to the Internet."

The ISSE is the largest independent IT security and identity conference in Europe, according to the organization's Web site.

Charney wrote that collective cyber defenses are often unsuccessful because consumers' machines are not checked often enough for infections. "Whereas enterprises typically have a CIO and CSO to help them manage the threats they face, there is no equivalent for consumers worldwide, or even at the national level for most countries," Charney said in his keynote address.

To address cyber threats and botnets and tighten Internet security, Charney recommends that governments adopt legislation and policies based on this public health model. Like requiring students to get vaccinations before being admitted into universities and ordering food service workers to wash their hands before preparing meals in restaurants, similar steps should be taken by the government, IT industry and ISPs to ensure that consumer devices are bug-free before connecting to a network.

Consumer devices need to be isolated just as they would be under the firewall of a corporate network. "Just as when an individual who is not vaccinated puts others' health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society," Charney wrote in an Oct. 5 blog post.

"For a society to be healthy, its members must be aware of basic health risks and be educated on how to avoid them," he explained.