“Quagmire” of laws
Paul Nicholas, Microsoft’s Senior Director of Trustworthy Computing, called for the U.S. and other nations to form a “single national cybersecurity agency” in a company blog post this week. He revealed that Microsoft has been conducting internal research into how this could be operated, intending to identify the responsibilities an agency would have.
Microsoft has discovered that over half of the world’s countries currently have some form of national cybersecurity initiative. However, the company suggested these don’t go far enough towards solving the problem.
READ NEXT: Millions of dollars in Ethereum could be stolen by attackers
It noted that the rapid development of cyberattacks challenges traditional government processes. Nations could end up creating “a quagmire” of ineffective laws, processes and advisory bodies if they try to tackle the issue within existing structures.
“Despite the fact that many countries have already taken steps to establish or strengthen their own cybersecurity bodies; no single, optimum model can be pointed to,” said Microsoft. “The reasons are many, from different governance set ups, to varying levels of investment and expertise available, to the fact that dealing with cybersecurity is a relatively new endeavour for governments.”
“Harmonising” cybersecurity
In its whitepaper, Microsoft recommends that countries move to establish dedicated agencies for dealing with cybersecurity concerns. The company said a single national agency would help to “prioritise and harmonise” cybersecurity policies. For this to be effective, the agency needs to be granted appropriate statutory powers that enable it to operate without internal friction.
National cybersecurity agencies should operate around flexible processes that are engineered to evolve. To keep pace with new cyberattacks, defence agencies have to be able to adapt their operations to the threat landscape. Existing government departments can find it difficult to react to new technologies, which limits their ability to efficiently maintain cyber defences.
READ NEXT: Tesla servers hijacked by cryptocurrency miners
The recommendations come amid an uptick in demand for national security initiatives. The U.S. investigation into allegations of Russian election hacking has prompted concern amongst governments, lawmakers and activists that not enough is being done to ensure cybersecurity.
The U.S. currently has several distinct cybersecurity task forces at the departmental level but no overarching body. This has led to a lack of cohesion where departments overlap each other and insights don’t get shared. Microsoft said cooperation is the “underpinning” of successful cybersecurity strategies, claiming a national agency would enable the most effective long-term responses.
