Public Health Serves as Cybersec Model

Reasons Behind Anti-Smoking Bans Applicable in Cyberworld
The same approach governments and businesses employ to protect individuals from the dangers of secondhand smoke could be applied to safeguard cyberspace, says Scott Charney, Microsoft's vice president of trustworthy computing, engineering excellence and environmental sustainability.Initial anti-smoking efforts focused on educating smokers of tobacco's health dangers, but avoided outright banning of smoking in public places because the risks were seen to harm only the smoker. But as scientific evidence proved secondhand smoke could endanger nonsmokers, society imposed stricter limits where smokers could light up.

Charney, in an interview with Information Security Media Group's GovInfoSecurity.com, sees a parallel between smoking bans and restrictions to be placed on individual computer users. For years, experts have advised users to engage in basic computing hygiene: turning on firewalls, patching software flaws, running anti-virus and anti-malware programs and backing up data. "We used to say, 'If a user chooses not to patch and chooses not to run anti-malware products, they're putting themselves at risk, but that's their choice,'" he says.

But like smoking, the computing environment has changed, and as cybercriminals seize individuals' PCs to use them botnets, those individual computer users aren't the only victim. "It means that your failure to do basic hygiene didn't just impact you, but now impacts those around you and impacted the ecosystem. so, like smoking, the failure to engage is safe behavior was no longer not just an issue for you, it's an issue for everyone," Charney says.

"We started thinking if that's true, how do we raise the level of security for the ecosystem at large?" he asked. "We started thinking about what we've done in public health, which is have systems in place, so when bad things are happening, they're identified quickly and can be remediated quickly."

In the interview, Charney also discusses the

  • Performance of the Obama administration in tackling the nation's IT security needs.
  • Challenges attribution - the ability to identify those who access networks and systems - presents user organizations.
  • Evolving definition of trustworthy computing, which is part of his title.

Charney oversees Microsoft's trustworthy computing team that works with business groups throughout the company to ensure its products and services adhere to Microsoft's security and privacy policies. He also engages with governments, industry partners and computer users on important security and privacy issues such as critical infrastructure protection, software assurance, and identity management.

Presidential Appointment

In late May, President Obama named Charney to the National Security Telecommunications Advisory Committee. Charney served as one of the co-chairs of the Commission on Cybersecurity for the 44th Presidency, which submitted to the new president in 2008 a blueprint for the nation's cybersecurity.

Before joining Microsoft in 2002, Charney was a principal for the professional services organization PricewaterhouseCoopers, where led the firm's Cybercrime Prevention and Response Practice.

Earlier in his career, Charney served as chief of the Computer Crime and Intellectual Property Section in the Criminal Division of the Justice Department. As the leading federal prosecutor for computer crimes from 1991 to 1999, he helped prosecute major hacker cases and co-authored numerous documents, including the Federal Guidelines for Searching and Seizing Computers, the National Information Infrastructure Protection Act of 1996, the federal computer crime sentencing guidelines, and the Criminal Division's policy on appropriate computer use and workplace monitoring.

A former Bronx, N.Y., district attorney, Charney holds a law degree with honors from Syracuse University and bachelor degrees in history and English from the State University of New York in Binghamton.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.