Microsoft has opened its Security Cooperation Program (SCP), claimed to be a way for governments to coordinate the sharing of critical security information.
Announced by chairman Bill Gates at the company's Government Leaders' Forum in Prague, countries involved so far are the US, Canada, Chile, and Norway. A number of US local authorities are also part of it.
Described by the software giant as dealing with "computer incident response, attack mitigation and citizen outreach", the program will allow security agencies within these countries to exchange information on publicly known vulnerabilities in Microsoft software, share data on software updates, and co-ordinate a collective response to critical security issues, presumably in real time.
It is not clear whether other countries will join the SCP program in the future.
"The digital age creates some unique challenges for governments to help secure their computing environments," said Gerri Elliott, Microsoft’s public sector vice president said. "By taking a collaborative approach with global governments, we can bring to bear the combined expertise from public and private sectors and enable governments to better prepare, manage and mitigate the impact of security incidents."
What is uncertain is the extent to which governments will be able to call on Microsoft to help them with problems that are not related to Microsoft’s own software systems. Although these could not be said to be Microsoft’s direct responsibility, in complex government networks security systems are bound to overlap.
When contacted to comment on this issue, the company was unable to shed much light. "Building on the success of the Microsoft Government Security Program (GSP) and the Security Mobilisation Initiative (SMI), the program provides a structured way for government agencies to collaborate with Microsoft on IT issues that are essential to the integrity of their critical IT environments," was the robotic response of a Microsoft spokesperson.
Microsoft could also not specify how many of its staff would be scheduled to work on what is bound by its nature to be a resource-consuming program. It is believed staff as security agencies will have access to Microsoft’s “incident response center”.
The software giant has become addicted to launching important-sounding programs in recent years, under the aegis of its trusted computing philosophy, part of its effort to reinforce its credibility and influence with national governments after a period of persistent security issues. Examples include the Microsoft Government Security Program (GSP) and the Security Mobilization Initiative (SMI). It remains to be seen whether this latest announcement is another example of clever marketing or has more substance.
It should be assumed, however, that the SCP is more accurately described as a program to allow governments to coordinate software security with Microsoft regarding its own systems. That is comforting for the bureaucracies that run government security systems but is only a tiny step in actually securing those systems in the real world.