60 seconds with Ed Gibson

Former special agent Ed Gibson gave up fighting cyber terrorism for the US government to become Microsoft UK's security chief. In this exclusive interview, he explains how the firm is working to make the online world safer.

Ed Gibson brings an unusual perspective to his job. While most of his fellow Microsoft chief security advisers around the world are technical experts, his background is law and law enforcement.

Before joining Microsoft, he was the US government's number-one man on cyber crime in the UK, managing all Federal Bureau of Investigation (FBI) investigations into cyber crime and money laundering in Britain from his post at the US Embassy.

His role as UK chief security adviser gives him a roaming brief across Microsoft in Britain to encourage focus on security and to represent the concerns of customers. Many of the issues he advises on directly affect National Health Service (NHS) staff, such as secure, smartcard access to applications.

Phishing, bots and other cyber threats

One way or another, Mr Gibson's aim is to make people safer within the online world, what he calls `the environment' - and he knows that world contains organised crime, state-sponsored cyber attacks and cyber terrorism.

"My goal is to make the internet safer for all computer users," he says. "I want people to understand what the problems are, and also how relatively easy it is for them to protect themselves."

He identifies a host of threats, from bots to phishing attacks, to identity theft, Trojans and viruses (see glossary, below). "

"Security is now designed into new software from the very start of its development."

However, he says the principles of online security remain simple and boil down to taking a few basic precautions. These centre on using firewalls and anti-virus/anti-phishing software - and, importantly, ensuring that software is up-to-date. "You regularly service your car and wear a seat-belt because you want to be safe; it's just the same online," he says. "Taking reasonable precautions is the key to good online safety."

Security in the NHS

"The same applies to the NHS," he adds. "The risk of a compromise of security can never be totally eliminated, but the benefits of a digital NHS are too big to ignore. So the issue is how to manage threats effectively. "One has to be focused and constantly aware of what is going on, and then take simple steps such as keeping anti-virus software updated," he says. "

"I want people to understand what the problems are, and also how relatively easy it is for them to protect themselves."

Microsoft and Safer Computing

At the same time, Mr Gibson acknowledges that Microsoft should ensure that its products are as safe and secure as possible in the interests of its customers, who will benefit from a safer online experience. Indeed, this has been the company's focus for the past few years. Under the Security Development Lifecycle approach, security is now designed into new software from the very start of its development.

The first products designed in this way are Vista, Microsoft's new operating system, and Office 2007, its new suite of desktop applications.

The Microsoft Genuine Advantage programme also allows users to update legitimate copies of its software for free.

Another development is the Microsoft Trustworthy Computing initiative, which focuses on educating home and business users about the need for secure computing.

The basic tenets of Microsoft's security ethos are simple, Mr Gibson says: "When you engage with Microsoft you are engaging with products that have a baseline of security built into them." 

Glossary

A bot is a piece of malware (malicious software) that allows an attacker to take control of a computer and use it for phishing, or to send viruses or spam email. A computer infected by a bot is known as a `zombie'. Identity theft occurs when somebody steals your personal details and uses them to impersonate you - usually to commit fraud.

Phishing is a generic term for several methods that are used to gather personal and confidential details. Common scams include creating false websites, web pages and emails to gather names, passwords and other information that customers need to access secure websites, such as online banks.

A Trojan horse is a program that pretends to have a set of useful or desirable features, but actually hides a damaging piece of software. Unlike viruses, Trojan horses do not replicate.

A virus is a computer program written by a malicious author, which spreads by copying itself and transferring to other computers. There are around 53,000 computer viruses in existence, with a new one detected every 18 seconds.

A worm is a type of virus that spreads by replicating itself on linked drives, networks and systems - such as email or instant messaging.

About the interviewee: Ed Gibson is the chief security adviser for Microsoft UK.

He practised corporate law for five years before being appointed, in 1985, as a special agent with the US Federal Bureau of Investigation (FBI).

During his US postings, he specialised in complex, multi-national health care fraud, money laundering, intellectual property rights, espionage, and asset confiscation.

From 2000 to 2005, he was an assistant legal attaché at the FBI's office in the US Embassy in London. There, he was responsible for all FBI cyber, hi-tech, cyber terrorism and infrastructure investigations in the UK. He pioneered methods of tackling cyber crime now used by the FBI around the world.

While at the US Embassy, he also qualified as a solicitor and did a two-year computing course at Oxford University. He is also a member of the board of the John Grieve Centre for Policing and Community Safety, in England.