Microsoft seeks security cooperation

The software vendor wants to create a community of governments to share information and conduct joint projects on security.

Microsoft officials have launched a program to create a community of governments at all levels worldwide to share information and conduct joint projects on network and information technology security. The program's goal is to more effectively handle viruses, worms and other incidents.

Initial members of the Security Cooperation Program (SCP), announced by Bill Gates at Microsoft's Government Leaders' Forum in Prague, the Czech Republic, are the governments of Canada, Chile, Norway and the United States, along with various state and local entities.

The first challenge will be to obtain the trust relationships necessary for sharing information across national and governmental boundaries, said Stuart McKee, Microsoft's national technology officer, in an interview with Federal Computer Week.

"The ability to share critical information is pretty low right now," he said. "Trusted relations [with another entity] is critical to both running and improving the security infrastructure."

SCP members will have immediate access to Microsoft's incident response center, McKee said. During an incident, they will have real-time contact with Microsoft engineers and incident response engineers.

Following an event, a feedback loop will be established to evaluate what happened, how effective the response was and what can be done to make it better the next time, McKee said.

SCP participants will use all means of communication, including phones, e-mail, fax, text-messaging and collaboration tools such as Microsoft's SharePoint so they can do such things as post documents securely, he said.

Delaware is one of the early state participants. The program could be a major boost to the state officials' attempts to handle their security problems, said Tom Jarrett, Delaware's chief information officer.

Delaware is a heavy user of Microsoft products, he said. The state has its own security experts, but they don't have the specific expertise that Microsoft officials can offer.

"We want to move out of a reactive environment" to security incidents, Jarrett said. ""So anything that helps us to affect things on a more proactive basis is very good for us."

Based on discussions he's had with Microsoft officials about SCP, Jarrett said Delaware should quickly reap some benefits, particularly concerning core security issues, through access to Microsoft's security experts.

"Traditionally we haven't had that level of access," he said.

At least at the beginning, SCP outreach will be a major activity, McKee said.

"The most important thing we can do is increase awareness about the need to focus on security as a critical business and government issue," he said. "Also to stress the fact that people also need to focus on it when they are not in the middle of an incident."

If SCP membership balloons, there could be management problems, McKee said. But he said Microsoft officials would be ecstatic if such a large community evolved.

"It will be a great problem to have," he said.

Robinson is a freelance journalist based in Portland, Ore. He can be reached at hullite@mindspring.com.