The turn of the millennium saw significant change in the world of computing, with the adoption of the Internet and growing personal computer use in industry and at home. The changes fueled further adoption of technology, significant innovation and empowerment of literally billions of people around the world. The 10 years after the millennium have been referred to as the "Digital Decade."

The year 2000 welcomed a number of technological innovations that kicked off a decade of increasing capabilities at decreasing costs. Recommended hardware when Windows XP released was 128 MB of memory, at least 1.5 GB of available disk space and a Super VGA adapter that supported at least 800x600 resolution. Smartphones surpassed this specification within the decade.

By 2002, there were more than 500 million PCs in use worldwide, with significant growth in developing nations.

There were many predictions at this time about what the Digital Decade would bring; in an essay from October 2001, Bill Gates stated:

"The innovations of this decade will be more than just a handful of new features. They’ll transform the way the PC fits into our lives, and the way we think about computing. You’ll still have a PC on your desk at work, but it will be at the center of a range of devices that bring the power of the PC to you, wherever you are. You’ll carry a tablet-sized PC to meetings and take notes on it by hand, then search, organize and share those notes electronically. If you’ve missed a meeting, you’ll be able to review what happened and search for the parts that are relevant to you. When you travel, you’ll be as productive as you are in the office, with access to the same information and capabilities as your office PC."

Many predictions about the impact of technology on our everyday lives have come to fruition, especially coupled with the expansion of the Internet and more recently enabled by a range of online services and applications described as cloud computing.

The Internet can trace its origins back to the Defense Advanced Research Projects Agency (DARPA) in the 1960s, commissioned by the United States government in collaboration with academic and private commercial organizations to build fault-tolerant and distributed computer networks.

The development of HTML and Web servers in the 1990s created a new opportunity for organizations to connect with customers. Commercialization of the Internet has resulted in the development of many new technologies and led to significant growth of not only users, but Web servers and new services like online travel, books and banking. The commercial growth of the Internet, often referred to as the dot-com bubble, burst in the early 2000s, leading to the failure of many Internet companies and stock market drops around the world.

Despite slowing economies, the post dot-com era saw people switching to online shopping, banking and gaming due to communications improvements, such as broadband and mobile access that were helping connect people, devices and data together. According to the United Nations, in 2000 an estimated 6.4 percent of the worldwide population was using the Internet.

In the late 1990s, the vast majority of mobile phones had only basic phone features. Many people who wanted mobile email and Internet also carried Wi-Fi-enabled devices such as personal digital assistants (PDAs). The early 2000s saw the launch of many new Internet-enabled, faster smartphones, which coupled with the introduction of 3G wireless technologies, encouraged growth of mobile Internet use.

Web applications continue to become richer in content, graphics and video over time, driving standards innovation such as HTML 4 and third-party tools such as Adobe Flash and Apple QuickTime. This richer online experience in turn drives higher bandwidth requirements, greater storage of data and faster processing of information.

With the proliferation of higher bandwidth availability through more devices, richer Web applications and the growth of e-commerce, the Internet was fast becoming an indispensable part of our everyday lives.

In 2000, members of the Information Technology Industry Council (ITI) accessibility committee collaborated with the United States Government to develop a standard Voluntary Product Accessibility Template (VPAT®). The template helps industry to self-declare how their IT products meet accessibility standards. Accessibility standards help industry focus on creating technologies that are accessible to people around the world of all ages and abilities.

Since its development in 2000, the VPAT has become an increasingly important tool in the U.S. and beyond. The VPAT is used by governments, universities, and private companies around the world interested in procuring accessible technology to inform their market research and learn about accessibility features.

For nearly twenty years, Microsoft has focused on making computers easier to use for individuals with a wide array of difficulties and impairments.

Microsoft conducts and commissions research with a goal to enhance the user experience on computing devices. Research projects focus on how to make computing experiences that are more accessible, and easier to see, hear, and interact with.

Microsoft believes our commitment to accessible products and solutions will allow us to support governments, companies and individuals in making accessible technology choices.

The growth of interconnected computers in the late 1990s pushed security concerns to the forefront of software development and application design. In 2000, Microsoft’s new Secure Windows Initiative (SWI) focused on securing new and legacy code. This initiative became a foundation for many of the security activities that followed the 2002 Bill Gates’ memo.

During late 1999, a small security team was formed within Microsoft to help raise software security awareness across the company. The team started SWI with a focus on making Microsoft products more secure from malicious attacks through education, tools, process improvement and testing. The SWI security team helped product groups design, develop, test and document their products correctly and securely. SWI was part of a broader security initiative that included the Microsoft Security Response Center (MSRC).

With the launch of the TwC initiative in 2002, the secure windows initiative gained increased focus and priority. The SWI and security push efforts across the company initiated a transformation of Microsoft’s engineering culture and priorities from within. The focus on security delayed some major product releases and led directly to the release of Windows XP Service Pack 2 (SP2) in August, 2004, with a significant emphasis on security. SP2 security enhancements centered on preventing the types of threats customers faced like mass mailing worms and worms targeting vulnerabilities in software listening on the network.

Following SWI, there was a SQL Server Security push, an Exchange Security push, and the Office Security push – all focused on making these key products less vulnerable to attackers. In addition, Windows Server 2003 had a reduced functionality browser, no Web server installed by default, and more.

Incorporating industry best practices and lessons learned from SWI and the security efforts that followed, Microsoft developed internal security methods, tools and resources that were implemented in the Security Development Lifecycle (SDL). The SDL was built on the concepts of mitigating classes of potential exploits, rather than specific exploits, and reducing vulnerabilities to help provide protection against unforeseen threats. In 2004, the SDL was instituted as a companywide initiative and mandatory policy, embedding security and privacy into Microsoft software and the company culture.

In response to malicious software such as Blaster, which first came on the scene in August 2003, the Microsoft “Protect Your PC” consumer guidance was launched to provide the general public with straightforward computer security steps. The guidance provided information on avoiding malicious software through keeping computers up-to-date, installing (and turning on) antimalware tools, and utilizing safer computer user practices.

Helping families enjoy a safe online experience, keeping computers clean of malicious software and protecting information are all critical tenants of online safety, especially as technology continued to become an integral and indispensable part of society.

As the security threats have evolved, so have the tools, practices and collaboration of those working toward building a safer Internet. Recent research has validated that much of the malicious software that infects computers today can be avoided through practicing basic computer hygene. This includes keeping your computer up-to-date and using the latest versions of software such as antimalware tools and Web browsers. the “Protect Your PC” advice is just as relevant today as it was when the guidance was originally released.

Across the world, individuals, organizations and governments are collaborating on providing clear, timely and consistent guidance. This collaboration has given rise to new tools, standards and regulations to help deal with threats from viruses and other malicious attacks. The guidance on the Microsoft Safety and Security Center now covers Computer Security, Digital Privacy and Online Safety and is a central repository for guidance on a range of threats seen today.

In October 2003, Microsoft transitioned from a weekly to Monthly update cycle to address software vulnerabilities. Updates before this date, were frequently released as soon as they had been tested and approved, leading to requests from customers to introduce a more predictable schedule. The Microsoft Security Response Center (MSRC) coordinates the release of the security updates.

The monthly update cycle is widely regarded as the industry standard in releasing security updates. Using the automated Windows Update or Microsoft Update solutions, hundreds of millions of computers around the world automatically download and install security updates every month.

Since 2003, Microsoft has continued to introduce a wide array of services and tools to help customers better prioritize and deploy security updates. In November 2004, Microsoft debuted the security bulletin Advance Notification Service (ANS). ANS shares important information about upcoming bulletin releases so that customers can plan for and prioritize deployment. These notifications outline the number of new security bulletins being released, the products affected, the aggregate maximum severity, and information about detection tools relevant to the update.

In response to customer requests for more guidance on how to prioritize security update deployments, Microsoft introduced the Microsoft Exploitability Index in October 2008. The Exploitability Index uses a three-level scoring system to rate the likelihood of functioning exploit code being developed for each vulnerability published in security bulletins. This measurement helps customers better understand their risk in not updating.

Microsoft also publishes a Microsoft Security Center (MSRC) blog post describing the security updates released each month, which is often complemented by a Security Research & Defense blog post providing more technical details about the vulnerabilities addressed by the security updates. Additionally, awebcast is held each month for IT professionals to ask questions about the updates.

In January 2005, Microsoft developed the Software Update Validation Program (SUVP) to enable testing of application compatibility, stability and reliability of upcoming software updates in simulated production environments. The program provided a small number of dedicated, external participants with limited and very controlled access to security updates.

Microsoft provides support for business and developer products for 10 years after product release, and consumer, hardware and multimedia products for five years after product release. Implied in this support commitment is Microsoft’s assurance that security updates work with products that are supported at the time the security update is released.

Accomplishing such an engineering feat requires extensive testing that can involve numerous product versions in many languages, as well their service packs. In addition, Microsoft conducts application compatibility testing involving thousands of the world’s most popular third-party software products. Microsoft typically includes up to 3,000 of the most commonly deployed applications in these test matrices to help minimize disruption to customers.

Participants of the SUVP program receive the security updates for testing before their release through a private, secure distribution channel. Participants then test these updates under a test plan that is jointly agreed on by Microsoft and the participant. Participants are restricted to deploying the updates only in test environments. In addition, participants must commit to using dedicated teams to provide ongoing feedback to Microsoft.

Microsoft instituted the SUVP based on customer feedback and our strong commitment to help produce higher quality security updates for customers. Through the SUVP, Microsoft has been able to collect real customer feedback on update quality to incorporate into the development of the final security updates. That feedback has led to significantly increased quality and better customer experiences in deployment.

In 2005, the Microsoft Malware Protection Center (MMPC) was established to consolidate Microsoft’s antimalware research and response expertise into one single organization. The MMPC delivers global malware research, response and protection capabilities to help protect customers worldwide from emerging and existing threats. The team includes some of the most experienced and well respected antimalware researchers from across the industry.

Given the volume of malicious software such as viruses, worms, Trojans at that time, and customer need for a more effective global response to these threats, Microsoft consolidated its antimalware efforts. It was very important to be able to respond through a worldwide team and collaborate with researchers, software vendors and law enforcement organizations around the globe to stay ahead of these threats and help protect customers.

Research and development work at the Microsoft Malware Protection Center (MMPC) supports a wide range of Microsoft products and services. By receiving telemetry from hundreds of millions of computers and operating a global network of research and response labs, the MMPC can often identify and mitigate new threats within hours of their discovery.

The MMPC team works closely with product teams at Microsoft to help ensure that products have the latest antimalware definitions and can provide accurate and actionable telemetry that can be used for further research.

In addition, the MMPC engages widely within the antimalware industry. It collaborates with researchers, partners, competitors and independent software vendors (ISVs) worldwide. It also works with law enforcement organizations that seek to apprehend criminals.

In 2005, Microsoft Update was introduced, unifying the Windows Update and Office Update Web sites, to give users a single update mechanism that made it easier for people to keep their Operating systems and Applications up to date. The initial release in June 2005 provided support for Microsoft Office 2003, Exchange 2003, and SQL Server 2000, running on Windows 2000, XP, and Server 2003.

Previously there were several processes and tools people needed to use to keep their software fully up to date. The Windows Update web site was launched with Windows 95 (August 1995) and included a link on the Windows 95 Start menu. Later, shortly after the launch of Windows 98, a new tool called the “Critical Update Notification Tool” was installed. The tool ran in the background periodically checking for updates and notifying users to visit the Windows Update site.

Automatic updates were introduced with Windows Millenium Edition in 2000. Unlike the Critical Update Notification Tool, the Automatic Update tool was built into the operating system and had the ability to automatically download and install updates.

Until Microsoft update was introduced in 2005, users still needed to download and install updates for software such as Microsoft Office, Microsoft Exchange, and SQL Server seperately. Over time, the list of software supported by Microsoft Update has expanded to include other Microsoft products, such as Windows Live, Windows Defender, Visual Studio, Zune Software, Virtual PC and Virtual Server, CAPICOM, Microsoft Lync, and other server products. It also offers driver updates, Internet Explorer, Silverlight and Windows Media Player as optional downloads if applicable to the operating system.

When first introduced, Microsoft Update was an opt-in. The first time Windows Update was enabled by default came with the release of Windows 7.

In the most recent Security Intellegence Report, many of the computers infected with malicious software were due to unpatched vulnerabilities. More than ever, it is important to test and deploy security updates from all software vendors as quickly as possible. See the Microsoft Security Update Guide, available from the Microsoft Download Center, for guidance and recommendations.

Microsoft has created two accessibility frameworks: Microsoft Active Accessibility and User Interface Automation (UIA). These frameworks provide a consistent way for programmers to exchange information about an application’s user interface (UI) and specialized assistive technologies used by a person with a disability. For example, UI Automation allows a screen reader to use text to speech to speak the menu options in a window and describe its contents to a person who is blind.

The most recent framework introduced in November 2005, UIA, provides a consistent way for assistive technology products to provide information about the UI to end users and to interact with that application by means other than a keyboard (for example, using speech recognition software to dictate an email with your voice).

In addition to the development of UIA, Microsoft has created internal accessibility standards to provide guidance for engineering teams creating accessible products, services and communications for customers and partners.

Building accessibility into products and services from the beginning by leveraging frameworks such as UIA reduces the cost and complexity of development — enabling the software industry to create applications and devices that are more accessible for everyone.

In August 2006, the first Security Intelligence Report (SIR) provided Microsoft customers and partners with highly relevant and accurate security data about malware trends and exploits. The report focused on the first half of 2006 and was designed to be the first of a series published every six months. The first SIR was based on a white paper titled "MSRT: Progress Made, Lessons Learned."

The SIR provides data from a variety of antimalware tools and online services.

Highlights from this report include these:

• Social engineering continues to be a popular means of spreading malware, especially when sent over email and peer-to-peer (P2P) networks.
• Backdoor Trojans and bots continue to comprise a significant percentage of the malicious software detected by Microsoft antimalware offerings and therefore serve as a top threat to consumers and businesses alike.

To learn more about the Security Intelligence Report, please visit www.microsoft.com/sir.

In 2007, Microsoft released the first operating system (Microsoft Windows Vista) and office suite (Microsoft Office 2007) to have fully implemented the Security Development Lifecycle (SDL) process. Both of these products resulted in significant security improvements.

Windows Vista - After the first year of release, Windows Vista had 45 percent fewer vulnerabilities than Windows XP in the same time period. In a comparison of security vulnerabilities, Windows Vista also fared better than competing operating systems. Windows Vista featured Security Science defensive technologies such as Address Space Layout Randomization (ASLR) and User Access Control (UAC). ASLR randomly arranges the position of key data areas making it more difficult for an attacker to predict target addresses. UAC makes it possible for users to run with lower access rights, but be able to confirm privileged actions such as systemwide configuration changes.

Office 2007 – By August 2009 (nearly three years after release), the 2007 Office system had experienced only three public security vulnerabilities reported against the new file formats. During the same period, 59 security vulnerabilities were reported against the legacy file formats that older versions of the Microsoft Office System were using. New security features in Office 2007 system, such as the Microsoft Office Open XML (OOXML) file format, helped to reduce security vulnerabilities. Office 2007 also opened documents in a sandbox which helps prevent the spread of malware to other programs and data on the computer. Office 2007 also introduced Macro protections and the Trust center.

For more information on how the Microsoft SDL has helped build more secure software for Microsoft products, visit our website here.

In 2007, customers and people in the privacy community were becoming increasingly interested in the privacy implications of online advertising, behavioral targeting, and the personalization of online services.

Based on interest from customers, partners, educators, and advocates and regulators, Microsoft had in February 2007,previously publicly released its Privacy Guidelines for Developing Software Products and Services and layered privacy notices. The public guidelines were drawn from the company’s experience incorporating privacy into the development process and reflect customer expectations and global privacy laws.

In July 2007, Microsoft introduced an enhanced set of privacy principles for Live Search and online advertising data collection, use and protection. The enhanced set of privacy principles for Live Search and online advertising outline how data is collected, used and protected. The principles outlined enhanced steps to help protect the privacy of Windows Live users, including making search query data anonymous after 18 months by permanently removing cookie IDs, the entire IP address and other identifiers from search terms. Microsoft also works to give customers more control over what information it uses to personalize their online search experience.

The Microsoft privacy principles for Live Search and online ad targeting included the following:

• User Notice
• User Control
• Search Data Anonymization
• Minimizing Privacy Impact and Data Protection
• Legal Requirements and Industry Best Practices

As part of its Trustworthy Computing efforts, Microsoft has maintained a strong commitment to helping protect the security and privacy of its customers. The enhanced privacy principles build upon the company’s work over the past several years to advocate for comprehensive federal privacy legislation in the United States and more consistent public policy worldwide to help protect consumers. The principles provide customers with guidance and technology to help provide for a safer online experience, and build privacy into the company’s software development process.

In August 2008, Microsoft introduced the Microsoft Active Protections Program (MAPP) to help protect computer users from criminals attempting to exploit software vulnerabilities. MAPP members comprise more than 80 security software providers worldwide who receive early access to Microsoft’s security vulnerability information.  By obtaining this information early, partners gain additional time to build security software protections, which are often released at the same time Microsoft releases its updates.and typically release their own security software protections when Microsoft releases its security updates.

Before MAPP, security software providers received vulnerability information at the same time as exploit code writers when information was released publicly. As it takes time for customers to deploy security updates, the release marks the start of a race between individuals with malicious intent and security software providers, where one side develops attacks while the other side tries to provide interim customer protections until security updates can be applied.

With advance access to vulnerability information through MAPP, partners report that the protective process takes less time and that their developers only have to write the detection code because everything else is provided. The result is that protections are typically released hours ahead of any exploit code, which means that customers are better protected hours ahead of even the most focused attackers.

Given the evolving threat landscape, the solution to a security problem is often not found in one company, individual or technology. In 2010, Microsoft and Adobe Systems Inc. began collaborating on an initiative to distribute detailed vulnerability information for Adobe software to the MAPP partners. This has given security vendors an opportunity to provide quicker and more effective protections to their customers before Adobe deploys its security updates, just as MAPP has done for Microsoft software.

In 2008, Microsoft had fully integrated SDL into software development processes and had begun sharing the methods, best practices, tools and resources externally. In 2010, Microsoft made its Simplified SDL available to everyone for free under a Creative Commons License in an effort to help industry build more secure applications and services.

Industry Collaboration – Microsoft worked with leading organizations like Defense Information System Agency (DISA), the National Institute of Standards and Technology (NIST) and BITS to develop guidelines for security development best practices. Microsoft, through its membership in the Software Assurance Forum for Excellence in Code (SAFECode), also provides guidance and best practices for third party software developers.

Tools & Resources – Microsoft has developed a number of tools and resources to assist organizations in the implementation of the SDL. The SDL Implementation and Process Guidance documents are designed to help organizations start practicing a security development lifecycle process. Free SDL Tools such as the Threat Modeling Tool and the Attack Surface Analyzer help automate and enhance the SDL process. Microsoft also provides a number of white papers, case studies, books and analyst reports to help understand the business value of implementing an SDL process.

Implementation Support – Microsoft introduced the SDL Pro Network, which initially included nine organizations, who consulted customers on how to implement their own SDL processes. This resulted in third party software developers, vendors and companies having better trained engineering personnel and the development of more secure software. Microsoft Services also provides assistance to companies in developing SDL practices and tools to advance their own software development processes.

In October 2010, Microsoft joined a large coalition of government agencies, businesses and nonprofit organizations behind the slogan Stop. Think. Connect, which is the first unified public awareness message focused on online safety.

Coalition members included companies such  as Microsoft, Facebook, Google and Intel. It was led by organizations such as the Anti-Phishing Working Group, the National Cyber Security Alliance  and government agencies such as the U.S. Department of Commerce, the Department of Homeland Security and the Federal Bureau of Investigation.

The campaign includes a series of online safety tips for consumers. The coalition based its work on extensive research about consumers’ knowledge of and attitude toward online safety. The guidance in summary includes:

STOP. THINK. CONNECT.

When you cross the street, you look both ways to make sure it’s safe. Staying safe on the Internet is similar. It takes some common sense steps — Stop. Think. Connect.

Stop: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.

Think: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family’s.

Connect: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.

STOP. THINK. CONNECT. Protect yourself and help keep the Web a safer place for everyone.

Internet-connected devices and applications are a part of many of our lives today, from smartphones and tablets using cellular networks to Wi-Fi availability throughout the world. These devices run applications that have become important from social networks to location-aware mapping and more.

Over the past few decades, the PC became the primary tool used by office workers to get their work done. Those PCs were purchased, configured, managed and maintained by the IT department. People used separate technology at home and at work. Personal lives generally were left outside of work, and work activities generally were restricted to working hours. However, as a rapidly evolving technology landscape changes, so has how people use technology and where. We have more of everything — devices, applications, choice — and we’re now connected to the Internet and each other all the time.

The always-connected nature of today’s technology has made it possible to work from anywhere and to bring our personal lives into the workplace. The boundaries between work and home are blurring. People expect more choice in the technology they use for work. They want to use the same tools at work as they do at home. This has led to new technology trends in the workplace: employees using their own home PCs for work and formal “bring your own PC” programs; the increasing use of other devices for work including smartphones, slates and tablet PCs; and the growing popularity of social networking and cloud applications in the workplace.

This proliferation trend is expected to continue and presents increasing challenges of maintaining security, privacy and reliability of the products, services and devices we use today and in the future.

Targeted Attacks (attempts by Determined Adversaries to compromise specific individuals or organizations), once considered by industry experts the province of military and state espionage (spying), have become more visible in the commercial and private communities in recent years. Sophisticated tools, techniques and technologies have begun to shift in use from the espionage arena to the private sector for criminal purposes.

During the past five years, one specific category of threat has become much more widely discussed in IT security circles. At times referred to as Advanced Persistent Threats, a differentiation between the Determined Adversaries behind the threat, and the Targeted Attacks that are deployed against the victim organization or individual, provides a more useful way to assess the landscape and consider protective steps.

Although the Determined Adversaries tend to be operationally sophisticated, the Targeted Attacks are usually technologically opportunistic, almost always involve some element of social engineering, and frequently attempt to exploit well known software vulnerabilities even after the vulnerability has been addressed by the software vendor. Targeted Attacks are differentiated from mass malware attacks as the attacker typically devotes significant time and resources to reconnoitering the intended victim, and then carrying out the attack. Once the victim has been compromised, the attacker seeks out additional vulnerabilities to exploit.

Many security experts believe that a well-resourced determined adversary will eventually be able to compromise even the most secure networks. There are steps that organizations can take to help protect against these attacks: identify and secure high value assets; and create a risk management and response strategy to cover issues of protection, detection, containment and recovery.

The foundations of modern society are becoming digital. The world is starting to see an unprecedented growth in Internet users and devices which is generating massive amounts of data. “Big Data” refers to very large data sets and it is believed to be the next frontier for innovation, competition, and productivity. Our data rich world presents both individuals and society with benefits and risks.

Our data rich world presents benefits and risks. Data, combined with other data, may enable startling and much-needed breakthroughs that benefit both an individual and society as a whole. Governments have become increasingly attentive to protecting the rights of Internet users (e.g., privacy, security, freedom of speech and association), as well as protecting the Internet itself. Governments are looking at options such as passing regulations to protect security, privacy, and/or reliability, and using law enforcement and military responses to more effectively deter harmful conduct online. Such law enforcement and military responses are hampered by the difficulty in reliably and definitively tracing a malicious attack back to its source.

There are three ways to think about data use: Uses that are (1) broadly acceptable, and sometimes legally authorized or required; (2) prohibited; and (3) subject to individual sentiment (e.g. usage may be acceptable to some but reasonably objected to by others such that a blanket rule is inappropriate). It must also be recognized that while society or an individual may designate a use as acceptable or unacceptable, this view may change over time and it may be difficult to enforce a new usage rule on data that already exists (e.g., if a person makes information publicly available but later has remorse after posting, it may be impossible to exert meaningful control over the data after it’s released). Still, by thinking of usage in this way, society can decide how to create frameworks that permit the right uses to be placed in the right categories and, thereafter, how to craft appropriate “obligations” associated with particular uses.

As more people, computers and devices come online, cyberthreats grow more sophisticated in their abilities to gather sensitive data, disrupt critical operations and conduct fraud. Cybersecurity remains a top priority for governments, policymakers and citizens around the world. Cybersecurity and the overall health of the Internet will continue to be a key element in national, economic and civil society.

The Internet now reaches a worldwide population of more than 2 billion people, and the foundations of modern society are becoming digital. Governments around the world have expressed concern that the critical information infrastructures that support their countries could be targeted.

In the shared and integrated domain of the Internet, organizations, governments and consumers face a myriad of threats. These threats are anything but static and are often characterized as technically advanced, persistent, well-funded, and motivated by profit or strategic advantage. In response, many countries have sought to improve critical information infrastructure policy, to build effective information sharing and collaboration capabilities that addresses threats and vulnerabilities, and to coordinate on responses to increasingly complex cyberincidents.

There is a growing awareness and support for increased international collaboration on cybersecurity. Recently many governments around the world have launched initiatives, offices and programs to help protect cyberspace. Many industries and corporations, including Microsoft, are investing in such efforts to help governments, industry and individuals better reduce and manage risks that result from the uncertainty of the rapidly changing threat landscape.

Collective Defense: Applying Public Health Models to the Internet.