In the future, computers compromised by malware could be quarantined from the Internet, just as patients infected with contagious diseases are being isolated today.The new security model proposed by Microsoft is designed to keep the Internet healthy, by making sure that the devices connected to the world wide web are healthy.
Scott Charney, Corporate Vice President, Trustworthy Computing argued for the necessity of a Global Collective Defense on the Internet during the International Security Solutions Europe (ISSE) Conference in Berlin, Germany.
In the Collective Defense: Applying Public Health Models to the Internet whitepaper, Charney explains the need for collaboration among a variety of entities including governments, the IT industry, Internet access providers, users, etc. in order to ensure that the Internet is kept healthy.
The new Internet security vision exemplified by the Redmond company, and inspired by globally accepted public health practices, involves the evaluation of consumer devices health ahead of permitting the users to access the Internet or any additional critical resources.
“Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society,” Charney explained.
“In the physical world, international, national, and local health organizations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others.
“Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk,” Charney added.
Fact is that cyber threats present a risk to both Internet users and critical infrastructures, and while much work has already been done, it is simply not enough to ensure that devices or the web are indeed healthy.
Security defenses such as firewalls, antivirus and automatic updates for patches are proving to be mere mitigations which can be bypassed by attackers provided they have sufficient resources and time.
A worldwide Collective Defense to provide Internet security would in in this context make perfect sense, but the various players need to collaborate closely and come to a consensus in terms of how public health principles can be applied to the Internet.
Of course, Collective Defense needs to be a global effort, with the model becoming an worldwide standard.
“Cyber security policy and corresponding legislation is being actively discussed in many nations around the world and there is a huge opportunity to promote this Internet health model,” Charney explained.
“As part of this discussion, it is important to focus on building a socially acceptable model. While the security benefits may be clear, it is important to achieve those benefits in a way that does not erode privacy or otherwise raise concern. “
Charney also notes that device health and Internet security should under no circumstances violate user privacy, although communication will be at the core of Collective Defense.
“Examining health is not the same as examining content; communicating health is not the same as communicating identity; and consumers can be protected in privacy-centric ways that do not adversely impact freedom of expression and freedom of association,” he stated.