Microsoft suggests cybersecurity norms for nation-states and the ICT industry

Following up on its previous research work, Microsoft has published a white paper about cybersecurity norms for nation-states and the global ICT industry. Understanding that the misuse of software and hardware vulnerabilities by nation-states can cause mass effects, the paper proposes a set of offensive, defensive and industry norms for both governments and the ICT industry to follow: on one hand, the governments should restrain from purchasing and utilising vulnerabilities to perform attacks and strengthen their cyber-weapons and should work with industry in mitigating the risks, while the industry should not enable states to impact security of products, and should coordinate disclosure practices and issue patches to protect users, among other. The paper provides a link with the norms proposed by the UN GGE. Microsoft also looks into challenges related to the attribution of cyberattacks, and proposes a public-private forum consisted of experts that would address attribution in severe cases of cyberattacks around the world.