Microsoft Approves Cybersecurity Plan, PC Health Certificate Plan Gains Support

Scott Charney, Corporate Vice President of Microsoft's Trustworthy Computing, approved Obama's cybersecurity plan. Charney's proposal to require certificates of good health for all devices connected to the Internet moved closer to reality as a global Internet health cybersecurity group was formed.

Scott Charney, Corporate Vice President of Microsoft's Trustworthy Computing, has been exceedingly busy. His growing positions of power may eventually make his plan for required "good health certificates" mandatory for all computers or any devices connected to the Internet to have unrestricted access.

Recently the Obama administration appointed Microsoft's Charney to the President's National Security Telecommunications Advisory (NSTAC). Charney wrote, "I look forward to working with the other members of the committee to address the challenges of security and reliability in communications, in turn fostering a more resilient national security and emergency preparedness posture."

Recall the Internet 'kill switch' bill? It underwent revisions including the removal of giving the president or anyone "the authority to shut down the Internet," and then was reintroduced as the Cybersecurity and Internet Freedom Act of 2011. Microsoft's Charney endorsed the bill which gives Homeland Security the power to tell some privately owned computer systems what they must do if the president were to declare a "national cyber emergency."

Although the U.S. Chamber of Commerce called the cybersecurity proposal "regulatory overreach," Charney officially approved of it - although perhaps not 100%. According to WSJ, he said that "critics of the White House proposal have legitimate concerns about what constitutes critical infrastructure, and what happens if the DHS and its industry partners disagree about whether security measures suggested by the private sector go far enough in securing those assets."

We do know, however, what Charney believes is the right direction for cybersecurity via his proposal for a healthy Internet ecosystem. Since October 2010, Charney has been calling for an Internet Health Model as a collective cybersecurity defense. In such a public health model, if a computer or other device has an infection, or doesn't have updated anti-virus or anti-malware protection, such devices would not get a certificate of good health and would be quarantined until cleaned; unhealthy devices would therefore not be allowed to freely surf the web until issues were resolved. Charney has said with over 2 billion people surfing cyberspace, cybersecurity and the "overall health of the Internet is a concern for governments, enterprises and computer users."

Charney's vision of maintaining a healthy Internet ecosystem took a giant leap forward at the EastWest Institute (EWI) Worldwide Cybersecurity Summit in London when an Internet health cybersecurity group was formed. The group is called the "Collective Action to Improve Global Internet Health." Charney wrote, "I proposed and continue to evangelize the need for global public-private partnership to ensure a healthy IT environment for Internet citizens around the world." This new cybersecurity group will "diagnose major obstacles to applying health models to the Internet, and work together to identify key policy, economic, social and technical milestones necessary to accelerate international progress toward a healthier and safer ecosystem."

Charney mentioned other areas where Microsoft is working in other cybersecurity "breakthough groups" dealing with measuring the cybersecurity problem, protecting youth by building a global culture of digital citizenship, working on the entanglement of protected entities in cyberspace, studying cyber conflict policy, and researching worldwide cyber response coordination.

The Internet Health Cybersecurity Group will study the current state of the "Internet ecosystem, and collaborate on ways to improve consumer device health and help reduce security risks for all computer users, from individuals, to enterprises (including those managing critical infrastructures), to governments."

In light of the many cyberattacks and cyber threats which have resulted in high profile security and privacy breaches, it appears as if Charney's vision to certify the good health of any device connected to the web and to ensure cybersecurity may become a reality for all of us.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2011 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!