For more than two decades, people have struggled to understand the cyber threat, evaluate the risks to individuals and organizations (including nation-states), and craft appropriate responses. Although many organizations have invested significantly in information assurance, most computer security experts believe that a well-resourced and persistent adversary will more often than not be successful in attacking systems, especially if raising defenses is the only response to an attack. For this reason, increasing attention is being paid to deterring such attacks in the first instance, especially by governments that have the power to investigate criminal activity and use a wide range of tools to respond to other public safety and national security concerns. Notwithstanding this emerging discussion, it appears to many people that neither governments nor industry are well-positioned to respond to this highly complex threat and that, from a policy and tactical perspective, there is considerable paralysis. The purpose of this document is to better explain the cyber threat, identify the reasons why cyber attacks often confound those responsible for crafting responses, and suggest a new framework for creating more effective cyber attack responses.
For more information and to download the document Rethinking the Cyber Threat, please visit [http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=062754cc-be0e-4bab-a181-077447f66877]